Security and Privacy Safeguards Regarding Videoconferencing with Zoom Follow

Several security and privacy related issues came to light in the spring of 2020, regarding Zoom. Pathable relies on Zoom's infrastructure for its webinar and two-way video features, so here's a summary of what has been done to ensure that these issues do not impact Pathable clients or their attendees.

The most glaring issue is "Zoombombing": people have found a way to pop into other people Zoom meetings, uninvited. The method behind this is simple: a typical Zoom meeting has a 9 digit number identifying it. If someone has their computer try random nine digit numbers long enough, they'll hit a live meeting and can join it. This is called "war dialing". 

To address this, Pathable requires a 12 digit alphanumeric password to enter any of Zoom-created meetings. This takes the number of possible combinations required to Zoombomb a meeting outside the bounds of modern computing to hack. 

A second issue concerned Zoom's iOS app, which shared data to Facebook. Zoom has since addressed this issue, but in any case, this wasn't relevant to Pathable platform, which doesn't make direct use of Zoom's iOS app.

Another issue related to information users could get about other users who Zoom perceived to be part of the same "organization". Pathable does not share user's email addresses with Zoom at all (we use "dummy" addresses), so our users are not exposed to this potential data leak.

Finally, many have noted that the Zoom video calls are not encrypted "end-to-end". Zoom uses "transport encryption", meaning that the calls are encrypted "in transit" as they are passed from the client to the server and back down to the clients. Like Skype and other major videoconferencing services, this does mean it is possible to decrypt the video stream at the server. None of this information passes through Pathable's servers, however.