To help individuals and organizations choose video call apps that suit their needs and their risk appetite, Mozilla has released a new “Privacy Not Included” report that focuses on video call apps.
The report includes the following popular offerings:
- Zoom’s Zoom app
- Google’s Duo, Hangouts, and Meet
- Apple’s FaceTime
- Microsoft’s Skype and Teams
- Facebook’s Messenger, Messenger Kids, and WhatsApp
- Epic Games’ Houseparty
- Discord’s Discord app
- 8×8’s Jitsi Meet
- Signal Technology Foundation’s Signal
- Verizon’s BlueJeans
- LogMeIn’s GoToMeeting
- Cisco’s WebEx
- Doxy.me’s Doxy.me telemedicine app
Report findings
The report is based on Mozilla’s researchers reviewing the app’s privacy policies and specifications, which user controls it offers, etc.
Each app is given an overall security rating, based on five things:
- Whether it has a clear privacy policy
- Whether it uses encryption (and what kind of encryption)
- Whether it requires the use of strong passwords
- Whether it provides automatic security updates
- Whether the developers manage security vulnerabilities using tools like bug bounty programs and clear points of contact for reporting vulnerabilities.
Three of the evaluated apps have failed to meet Mozilla’s Minimum Security Standards, but that doesn’t mean that they should not be used. Different users have different needs and wants, and that includes those related to security and privacy.
For example: Discord collects information on the user’s contacts if they link their social media accounts, and that’s something that might not bother some users. Another example: Houseparty collects a lot of personal data and its privacy policy clearly explains that. Again, some users might be ok with that.
Mozilla noted that many of the apps provide admirable privacy and security features and that all apps use some form of encryption (though not all encryption is end-to-end).
Making a choice
Consumers and organizations should review Mozilla’s findings and decide for themselves which solution is right for them. I would also advise checking similar research reports and mentions, which may include additional offerings and point out other qualities that one may search for in a solution (e.g., whether it supports self-hosting) or traits one may avoid.
Mozilla’s researchers also pointed out that different apps have very different set of video chat features, making some more fitting for enterprise use and other a more natural choice for consumers. Business users who want a fuller set of features and a higher level of security and have money to pay should look to business-focused apps, they noted.
Ashley Boyd, Mozilla’s Vice President, Advocacy, pointed out that, with a record number of people using video call apps to conduct business, teach classes, and catch up with friends, it’s more important than ever that this technology be trustworthy.
We have witnessed how Zoom moved to quickly patch security flaws reported by researchers and how the addition of new, helpful features has been copied by competitors (e.g., Zoom and Google Hangouts offered one-click links to get into meetings, and Skype recently followed suit).
“The good news is that the boom in usage has put pressure on these companies to improve their privacy and security for all users, which should be a wake-up call for the rest of the tech industry,” Boyd concluded.
from Help Net Security https://ift.tt/2y7vxuT
0 comments:
Post a Comment