What is Zoom

Zoom is a cloud-based SaaS application that allows private individuals as well as businesses to virtually interact with each other. Communication can occur via text, audio, video, or a combination of the three

Zoom is a market leader and it is owned by Eric Yuan, a Chinese-American ex Cisco engineer, now billionaire, who acts as its CEO.

Nesos and Meetis

The Nesos Ecosystem allows you to manage every aspect of an e-learning experience in one single platform with additional webinar and video conferencing capabilities. Create, Schedule, Sell, Deliver and Analyse your Courses, Meetings or webinar with ease in our online cloud based software.

Why Meetis

As part of this ecosystem, to facilitate communication and collaboration while avoiding needing the use of any other software and a possible compromise in security, we developed Meetis.

What is Meetis

Meetis is our online learning and video conferencing environment and it is an integral part of the wider Nesos ecosystem. Unlike most other video conferencing software, Meetis has been designed from the ground up to ensure absolute privacy and security whether it is to protect users’ privacy, children/pupils identities or corporate secrets.

Why Compare

Even though it has a slightly different focus than Zoom, and a wider scope, many of the functionalities of Meetis would naturally draw a comparison and in this page you will find just that.

Feature Comparison

Let's have a look at how Nesos and Zoom stack up in terms of features.

Nesos Zoom
HD Video
HD Audio
Camera Feed
Audio Only
Live Chat
Scheduling
Calendar Scheduling
Waiting Rooms
Recordings
Secure Recordings Storage
Custom Background
Comprehensive Branding
File Sharing
File Editing
Shared Notes
Whiteboard
Closed Captions
Polls
Breakout Rooms
User Moderation
Non Verbal Comms
Screen Sharing
Screen Audio Sharing
Private Deployment
Lan Protection
Custom Domain
Custom Firewall
Azure Front Door
Cross Platform
No Downloads Required
No App Required
Works In The Browser
PWA

Concerns about Zoom’s Business Model

On the surface, Zoom operates on a freemium subscription model, which means it offers various plans with prices based on users and usage.

On top of the subscriptions for meetings, Zoom offers workspaces, webinar functionality and voIP features.

Zoom is a multinational company with an impressive revenue and unlike many other tech companies, it seems to be profitable.

So, we have a profitable multinational tech company with impressive growth, everything sounds great if not for a couple of developments that have cast a shadow of doubt over what Zoom's actual business model is.

Ads

Source

The first one is the introduction of ads in their platform, which would not be necessarily a concern per se, if not for the fact that any advertising platform, to be profitable, needs reliable profiles of their users. Therefore it would be legitimate to suspect that Zoom could be tempted to harness the power of their userbase’s data to profile and identify potential customers to serve ads to.

Data Selling

Source

If one considers that to be far fetched or improbable, I would point out that Zoom is being sued for illegally selling data to Facebook (Meta). The lawsuit alleges that Zoom's software reported to Facebook whenever a Zoom user logged on for a conference call, a lawsuit filed Monday stated. After a user logged on, Zoom gave Facebook the person's customer information, including what device a person used to access Zoom, the device's model and the device's unique advertising identifier regardless of whether the user even had a Facebook account.

Censorship

Source

With the introduction of speech recognition AI, centralised database, alleged lawsuit about data sales, is it ungenerous to wonder whether your meetings, especially if on the free plan, are being listened to, transcribed and used for commercial purposes? To add to all this Zoom reportedly violated it’s own terms of service to gain access to the Chinese market and actively censored its users per request of the Chinese government.

More details can be found here. A quick google search on Zoom Censorship will yield many more results, some even concerning western countries.

Zoom Security Concerns

Zoom has had its fair share of problems, and rewriting them all here would be redundant, instead we want to highlight a few with links to more comprehensive resources. The aim here is not to condemn mistakes, those happen, but more to give an idea of scale, repercussions and allow the user to evaluate whether these are all mistakes as reported or if there was a more shady intention to work with user data, in a gray close to black area.

Privacy Lawsuit

Zoom settles US class action privacy lawsuit for $86m

source

Selling Data

The lawsuit alleged that Zoom had invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn.

Phony end-to-end encryption

It also accused Zoom of misstating that it offers end-to-end encryption and for failing to prevent hackers from zoombombing sessions. Zoom even declared that their definition of End-To-End encryption is not the same as the common one used, most likely to get out of having to admit lying to their users about implementing it.

Meeting Hijacking

Zoom has also come under fire for security flaws, including a vulnerability that allowed an attacker to remove attendees from meetings, spoof messages from users and hijack shared screens. Another saw Mac users forced into calls without their knowledge.


Malware-like behavior on Macs

The application is installed without the user giving his final consent and a highly misleading prompt is used to gain root privileges. The same tricks that are being used by macOS malware.

iOS profile sharing

Until late March, Zoom sent iOS user profiles to Facebook as part of the log in with Facebook feature in the iPhone and iPad Zoom apps.

Windows password stealing

If a malicious Zoom bomber slipped a UNC path to a remote server that he controlled into a Zoom meeting chat, an unwitting participant could click on it. The participant's Windows computer would then try to reach out to the hacker's remote server specified in the path and automatically try to log into it using the user's Windows username and password. The hacker could capture the password hash and decrypt it, giving him access to the Zoom user's Windows account.

Zoom Blunders

You can find a comprehensive list of Zoom blunders and whether the issues have been fixed, the list is long.

Full List

Zoom Infrastructure and Vulnerabilities

By operating in a decentralised cloud infrastructure Zoom is able to serve with a single scaling deployment millions of users around the world.

This though, exposes Zoom to a wide variety of attacks, some of which are not even made by professionals (Zoombombing anyone?) due to faults in their design and inherent limitations of their infrastructure added to their notoriety and widespread use.

All communications from Zoom clients is collected centrally by the Zoom cloud and redistributed through their network of data centres and public cloud in various locations around the world. This makes the Zoom cloud a convenient target for attackers or interceptions. The zoom client is installed as an app on the operating system, exposing it to inherent risks of the platform it operates on as shown in previous sections of this article.

Even inside the Zoom cloud infrastructure the communication happens between different geographical locations exposing the data to the wide area network and therefore making it more vulnerable to exploits

Zoom Infrastructure

As reported by Hackread the cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector.

These vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. To top all of this off, the centralised nature and branding of the Zoom platform make it a prolific target of phishing and impersonation attacks via email or text.

Meetis Infrastructure

Meetis Infrastructure

From the diagram to the left we can see that the only communication that goes through the public internet infrastructure is the one from the user device to Nesos itself and then from Nesos to the Meetis installation in the Meetis Cloud or on premise.

We consider these channels secure though, as the communication from the user’s client to Nesos is encrypted and can be restricted to desired IPs, the specific MAC address of authorised devices and even set up to be accessible only through an Azure virtual client.

Nesos deployment is protected from attacks by Firewalls and by Azure Front Door, Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe. This allows us to guarantee that Nesos is a secure application with built-in layer 3-4 DDoS protection supported by Threat Intelligence and access to its APIs is protected by a zero-trust access model.

The communication between Nesos and the Meetis environment is even more secure given the fact that each Nesos deployment has to match a specific Meetis deployment and everything can be setup on custom domains making it much harder to be found by automatic sniffing bots.

Even if the Meetis server was identified the attacker would have to discover the specific meeting id, have the Nesos credentials on top of the Nesos specific passwords that are automatically created with every meeting.

Without finding the deployments, finding the secret keys, compromising the user’s Nesos account, the device of the client and the meeting credentials, it is not possible to gain access to the content of a meeting happening on Meetis.

Meetis fully integrates with any AV software to further protects its server and deployments leveraging the power of machine learning. The rest of the communications happens inside a protected VLAN or LAN depending on the type of deployment which makes it extremely difficult to penetrate.

Meetis’ Transparency

Our company Cygnus Tech Solutions Ltd. does not gather, use, sell or disclose any of the data within Nesos or Meetis. It has never been our aim and it never will bel, it is not part of our business model and we are dubious about the ethics of it.

Each Nesos deployment has its own database so that each customer can have control over their data, where it is stored and who has access to it.

In this way the customer does not have to worry about compliance with GDPR like protocol nor worry about ever having their or their own clients data exposed.

To Wrap Up

With Us You Get:

Customisation

Instead of getting a product companies need to adapt to, we offer to adapt our product around them and their use case. We can customise it and brand it for each company, deploy it where they want it and scale up security ad infinitum depending on the type of confidentiality needed.

Security

Our clean record, company policy and technical infrastructure keeps us safe from centralised attacks whether those are political or technical. On the other end Zoom security concerns have prompted the US senate to issue a memo telling members to avoid Zoom.

Privacy

Despite the operational size difference, our divergent philosophies when it comes to how to approach security and privacy in online communication makes us believe that we can offer the superior product to the security and privacy minded individuals or institutions.