Mozilla explores security of video conferencing applications

This week, as part of the project *Privacy Not Included, Mozilla engineers explores 15 platforms and applications for organizing video conferencing and video calls.

In the context of the current COVID-19 pandemic, due to which many are forced to work from home, video conferencing and video calls have become an important means of maintaining communication between people, helping to establish joint work and increase its effectiveness. Because of this, interest in the market of video communication platforms and applications multiplied, and Mozilla experts decided that now it is the time to create a guide, which would help users to understand which products are the most reliable and safe.

“Analysts studied 15 popular video communications solutions and concluded that 12 out of 15 products met the organization’s minimum security standards. These are Zoom, Google Hangouts, Apple FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting and Cisco WebEx”, — Said Mozilla representatives.

However, Mozilla engineers note that this does not mean that these solutions are completely safe and their use does not carry any risks.

Compliance with the minimum security standards means that applications use encryption, have an automatic update system, use strong passwords, have their own bug bounty program, you can easily contact their developers and report a problem, and the privacy policy is available without question.

Only three of the applications studied were found to be non-compliant with Mozilla standards, these are Houseparty, Discord and Doxy.me. The problem with Houseparty and Discord was that they allowed users to use frankly bad passwords such as “12345” or “111111”, thereby endangering their accounts. After the publication of the report, Discord developers hastily corrected this shortcoming, and now the application also complies with all standards.

“The telemedicine application Doxy.me, in turn, has far more problems. So, it also does not require strong passwords when setting up an account, and also does not support two-factor authentication. Worse, patients, in fact, don’t need to prove at all that they are exactly who they say they are”, – said the researchers.

Recall that during the pandemic, the popularity of the Zoom application increased several times, which led to a number of scandals with the safety of its users, as a result of which employees of Google, as well as SpaceX and NASA, were forbidden to use the application. Soon after that governments of Australia, Taiwan and India banned using Zoom.

However, there are good news. For example, all applications reviewed by experts warn users if recording is in progress. Most applications also provide hosts with the ability to set rules. All applications use some form of encryption, although it is not always about end-to-end.

“It is unclear whether Facebook Messenger uses metadata (such as who you are talking to) for targeted advertising. House parties generally seems like a vacuum cleaner for personal data (although it’s great that their privacy policy clearly alerts users to this). And Discord collects information about your contacts if you connect your social media accounts with it”, — the authors of the report write.

So, absolutely perfect software does not exist, and Mozilla research will definitely help users and organizations to choose, because for someone security and privacy are at the forefront, and for others, a wider range of functions may be more important.