Mozilla’s latest “*Privacy Not Included” report shows that twelve out of fifteen popular video call applications and platforms meet the organization’s minimum security standards.
With the current COVID-19 pandemic forcing many to work from home, organizations have adopted video calling as a means to keep teams connected and ensure collaboration and efficiency.
Almost immediately, these applications started facing scrutiny, as both individual users and organizations have been seeking reassurance that the software and services they have adopted could deliver the desired level of security and privacy.
Released today, Mozilla’s latest *Privacy Not Included report takes a swing at fifteen video calling applications that people have been turning to lately, aiming to help users relying on video conferencing during the current lockdown make smart decisions on which apps and services are best for them.
What Mozilla’s researchers discovered was that twelve of the analyzed apps meet Mozilla’s Minimum Security Standards. These include Zoom, Google Hangouts, Apple FaceTime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting, and Cisco WebEx.
Apps that meet the standards use encryption, have an automatic security update system, use strong passwords, employ bug bounty programs and clear points of contact for reporting and managing security vulnerabilities, and have clear privacy policies.
The three applications that did not meet the standards are Houseparty, Discord, and Doxy.me. While Houseparty and Discord allow for the use of weak passwords such as ‘12345’ or ‘111111’, thus exposing user accounts, Doxy.me fails to implement many of Mozilla’s minimum security standards.
The researchers discovered that the Doxy.me telemedicine app did not require a strong password when setting up an account and did not support two-factor authentication, not to mention that it did not require for patients to prove they are who they claim to be.
All apps alert participants when recording occurs, most apps provide hosts with the ability to set rules, and all apps use some form of encryption, but only some offer end-to-end encryption.
Most of the analyzed applications did meet the minimum security standards, but that doesn’t mean they are without risk, Mozilla warns.
“It’s unclear whether Facebook Messenger uses metadata like who you chat with to target ads, Houseparty appears to be a personal data vacuum (though kudos to its privacy policy for clearly telling users that), and Discord collects information on your contacts if you link your social media accounts,” the browser maker explains.
Mozilla also points out that users get different sets of features in video call apps designed for businesses than in those targeting everyday use.
“Video call apps like FaceTime, Google Duo, Signal, and Houseparty have a very different set of video chat features and ease of use than business-oriented apps such as Zoom, BlueJeans, GoToMeeting, Microsoft Teams, and Cisco Webex,” Mozilla says.
Thus, those looking for simplicity might skip the business-oriented apps and choose the decent security and privacy of consumer-oriented products. Businesses, however, might go for the higher level of security and a more comprehensive set of features, the Internet organization says.
Related: Zoom Announces Better Encryption, Other Security Improvements
Related: Hackers’ New Target During Pandemic: Video Conference Calls