18: Web meeting vendors need to deliver secure video conferencing software with privacy

Updated: May 30


Secure video conferencing software

Some leading video conference tools have been shown to be deficient in enabling attendee privacy protection. We offer a requirements list for secure video conferencing software that would put attendee privacy interests first.


Web meeting best practices not enough


In our previous blog post, Best practices for secure video conferencing, we listed best practices for maximizing privacy and security in conducting a video conference. However, we observed that some leading video conference tools, and notably Zoom in recent weeks, have come short in their protection of attendee privacy, even if meeting hosts follow all of the best practices listed in our prior post (see, for example, Zoom faces a privacy and security backlash as it surges in popularity published in The Verge or CNN’s Zoom, the video conferencing app everyone is using, faces questions over privacy).


As we checked out the leading web meeting platforms, it appears to us that they are all far from ideal when it comes to putting privacy rights first. We believe that rich-feature video conferencing platforms that do not address privacy and security seriously should be pressured to do so by customers or else users should seek video conferencing solutions that come closer.


Web meeting requirements list for privacy


The following is a requirements list of privacy features that we urge all video conferencing tools to adopt, and on which users should insist, not in any particular order:


  1. Unique link: Force meetings to be reached via a unique, unpredictable link, with strong authentication and authorization to attend a given meeting.

  2. Strong authentication: By default, meetings should require an attendee to login and use a strong password for authentication, and only be allowed in if explicitly invited to a given meeting.

  3. Two-factor authentication (2FA): Allow organizer/host/meeting owner to force 2FA (the default setting) when an attendee tries to enter (2FA requires two modes of authentication, such as a password + a code sent via text message to your phone).

  4. Invitees only: The tool should allow setting up a meeting with attendee lists and pre-configured groups. No one other than the authorized members of that group should be able to join.

  5. Meeting start: By default, do not allow meeting participants to enter and interact prior to the host starting of the meeting.

  6. Control over entrance : Provide a tool to allow the meeting host to monitor and/or explicitly allow users to enter the conference.

  7. Eject disruptive attendees: The platform needs a tool to allow the organizer to kick a disruptive or abusive or unauthorized attendee out without the ability to rejoin.

  8. Prevent late attendees: In addition, by default, have the ability to lock out entrances 5 or 10 minutes after the meeting starts.

  9. True end-to-end encryption: Video conferences are to use true end-to-end encryption, meaning that there is strong encryption not only when audio/video (and other content such as chat or notes) is transmitted, but also when audio/video is “at rest” residing on the vendor’s server. Amazingly, this requirement alone would be failed by several leading vendors. A hacker should not be able to view any content, even if he or she cracks into their server. In addition, we believe that the vendor should not have the decryption keys to the encrypted content; only the session owner/host should have access to and decryption of the stored content. (We recognize that the latter point is controversial with some that argue that law-enforcement needs all tools to fight crime even if it tramples on innocents' privacy, but we believe that the right to private conversations outweighs government access to meeting contents, with the slippery slope of potential abuse of broad surveillance).

  10. Screen sharing default to host only: By default, only the host should be able to share his or her screen, but should be able to delegate screen sharing to a trusted attendee.

  11. Screen shots with consent: Come up with a way to enforce consent before attendees’ faces, names, and/or shared screens are captured via attendee screen shots. Anyone who does not want his or her photo captured and sent around the Internet should be able to block it. The default should be "block screen captures."

  12. Respectful privacy policy: The vendor itself should not be collecting, let alone selling, any personal data to third parties, including information about an attendee's device used, IP address, location, date/time attended, name of the attendee, whether the conference window is in the background (to snoop as to who is focusing on the meeting), attendee chats, collaboration notes, etc. The vendor should instead reconsider its business model and provide web meeting service for a fee without monetizing personal and private data. Users should demand this or else move elsewhere.

  13. Zero-knowledge: More generally, vendors should have “zero knowledge” of and no access to any personal data of attendees or organizers or of their content.

  14. Session recording non-default and consent: No session recording by default. If the host wants to record a session, there should be a means for attaining explicit consent by each attendee. Session recordings, if stored on the vendor’s server, should be password-protected and truly end-to-end encrypted, with the decryption keys known only to the meeting owner, not the vendor. This is a critical requirement, in our view, to protect and reassure attendees that what is said at meetings is truly kept confidential, and cannot be leaked or handed over to governments.

  15. Mute by default: Mute all attendees except the host by default. Provide a feature allowing attendees to have audio control only when they are recognized.

  16. Signal upon entrance/exit: Provide a feature signaling via audio chime or other means when a new person enters or exits the meeting.

  17. File sharing default off: By default, file sharing should be turned off, as there is a security risk of malware; if file sharing is turned on, then only the host should be able to share files and have the files run through an industrial-strength malware checker; the host should be able to delegate the file sharing right to another trusted attendee.

  18. Privacy by design and default: In general, by design and by default, options should be pre-set to maximize privacy. Many users never change defaults. That is why we indicated, for example, that by default, session recording be turned off, while the muted state and screen shot prevention should be on.

  19. Download updates: The vendor should provide automatic downloads of software updates as a user option defaulting to “yes,” particularly for fixes of vulnerabilities.

  20. Transparency: Clear disclosure in privacy policies as to what data are collected, who can access the data, and how it is used. Ideally, nothing is collected (see “zero knowledge”). Also “open source software” is a good indication that the vendor has nothing to hide and is willing to be scrutinized by security and privacy experts.

Secure video conferencing software


No vendor we have examined meets even 90% of these criteria well. There are larger vendors that do a better job at privacy features than others, but they may have an onerous privacy policy that enables them to collect and resell personal data. There are actually some lesser-known, small vendor tools (such as Jami, Jitsi, Whereby, WickR, and others) that do an excellent job in privacy and do not resell personal data. See VPNOverview's Secure video conferencing software: how to ensure your privacy or Thexyz.com’s Zoom alternatives for video conferencing without security and privacy concerns for more about such “privacy first” vendors. For many of these vendors, privacy was achieved by design, not as an after-thought. Most of these smaller, privacy-first vendors, however, are not as advanced in other realms, such as not having robust video conferencing functionality, allowing a very limited number of maximum attendees in a meeting, lacking ease-of-use, and/or not having strong financial backing.


Therefore, in our view, the larger vendors, such as Zoom, LogMeIn’s GoToMeeting, Microsoft Team, Cisco’s WebEx, Google Hangouts Meet, and others, probably have the resources to deliver strong privacy solutions while maintaining ease-of-use, functionality robustness, and scale. They just need the will to rise to the occasion.


Take-Away

Vendors of web meeting software should take this requirements list to heart and deliver solutions that address privacy concerns, or else they will lose market share to those who do. Companies or organizations using web-conferencing tools, in turn, should demand privacy-first solutions from their vendors or else switch providers.

Get email alerts for new posts

*We do not share your email with any third party.  See Privacy Policy.

Use of this blog site constitutes acceptance of its Terms of Use. Note that the terms are written in plain English for clarity and transparency.  Similarly, see also our Privacy Policy.

Brand names mentioned are trademarked or are the trade names of their respective owners.

Other than the logo, photos or illustrations are stock photos licensed from iStockPhoto.com

Books on privacy
Disclosure: As an Amazon Associate we earn from qualifying purchases.

Book-NoneOfYourDamnBusiness-jPI6L.jpg
Book-Privacy-as-Trust-514NGo-f+PL.jpg
Book-Habeus-Data-41sUXvG+rhL.jpg
Book-Privacy-Blueprint-51hP6UPkeKL.jpg
Book-The-Unknown-Citizen-41zSpHvCAaL.jpg

This site is owned and operated by Adept Advice LLC.

Copyright (c) 2020 by Adept Advice LLC. All rights reserved.