Zoom: Thousands of calls found via web search, thanks to default file naming scheme after users saved them in unprotected spaces like open AWS S3 buckets

Originally published at: https://boingboing.net/2020/04/03/zoom-thousands-of-calls-found.html


I’m having trouble understanding what Zoom did wrong here:

People used a tool, hit record. Record puts the word “record” on the screen for every participant to see.

Then they saved the files on the open web.

How is this different from making a video of your Thanksgiving dinner and posting it to Vimeo? That’s not the camcorder company’s fault, is it?

I think Zoom bashing might be overdone at this point. Zoom is holding up beautifully under a 20x increase in traffic–hard to imagine any other institution doing that, particularly since most people aren’t even paying for it.

The real headline should be:

People using Zoom without thinking.

It’s a powerful tool. That’s a good thing.


I agree.

I also think we’re seeing a situation where a product is experiencing massive highly unexpected growth. As a result problems with the product are being found quickly. It seems that Zoom is doing a reasonable job of responding to issues ASAP.


Not only is Zoom’s strong end-to-end encryption not actually end-to-end, its encryption isn’t even that strong

1 Like

If you post a private video to Vimeo (or youtube for that matter), both organizations have enough understanding of “security” to ensure that the URLs generated are not easily guessable.

That’s “hosting stuff 101” right there, and no way should any org recording individuals get a pass on that.


This topic was automatically closed after 5 days. New replies are no longer allowed.