As part of this ecosystem, to facilitate communication and collaboration while avoiding needing the use of any other software and a possible compromise in security, we developed Meetis.
Meetis is our online learning and video conferencing environment and it is an integral part of the wider Nesos ecosystem. Unlike most other video conferencing software, Meetis has been designed from the ground up to ensure absolute privacy and security whether it is to protect users’ privacy, children/pupils identities or corporate secrets.
Even though it has a slightly different focus than Zoom, and a wider scope, many of the functionalities of Meetis would naturally draw a comparison and in this page you will find just that.
|Secure Recordings Storage|
|Non Verbal Comms|
|Screen Audio Sharing|
|Azure Front Door|
|No Downloads Required|
|No App Required|
|Works In The Browser|
The first one is the introduction of ads in their platform, which would not be necessarily a concern per se, if not for the fact that any advertising platform, to be profitable, needs reliable profiles of their users. Therefore it would be legitimate to suspect that Zoom could be tempted to harness the power of their userbase’s data to profile and identify potential customers to serve ads to.
If one considers that to be far fetched or improbable, I would point out that Zoom is being sued for illegally selling data to Facebook (Meta). The lawsuit alleges that Zoom's software reported to Facebook whenever a Zoom user logged on for a conference call, a lawsuit filed Monday stated. After a user logged on, Zoom gave Facebook the person's customer information, including what device a person used to access Zoom, the device's model and the device's unique advertising identifier regardless of whether the user even had a Facebook account.
With the introduction of speech recognition AI, centralised database, alleged lawsuit about data sales, is it ungenerous to wonder whether your meetings, especially if on the free plan, are being listened to, transcribed and used for commercial purposes? To add to all this Zoom reportedly violated it’s own terms of service to gain access to the Chinese market and actively censored its users per request of the Chinese government.
The lawsuit alleged that Zoom had invaded the privacy of millions of users by sharing personal data with Facebook, Google and LinkedIn.
It also accused Zoom of misstating that it offers end-to-end encryption and for failing to prevent hackers from zoombombing sessions. Zoom even declared that their definition of End-To-End encryption is not the same as the common one used, most likely to get out of having to admit lying to their users about implementing it.
Zoom has also come under fire for security flaws, including a vulnerability that allowed an attacker to remove attendees from meetings, spoof messages from users and hijack shared screens. Another saw Mac users forced into calls without their knowledge.
The application is installed without the user giving his final consent and a highly misleading prompt is used to gain root privileges. The same tricks that are being used by macOS malware.
Until late March, Zoom sent iOS user profiles to Facebook as part of the log in with Facebook feature in the iPhone and iPad Zoom apps.
If a malicious Zoom bomber slipped a UNC path to a remote server that he controlled into a Zoom meeting chat, an unwitting participant could click on it. The participant's Windows computer would then try to reach out to the hacker's remote server specified in the path and automatically try to log into it using the user's Windows username and password. The hacker could capture the password hash and decrypt it, giving him access to the Zoom user's Windows account.
This though, exposes Zoom to a wide variety of attacks, some of which are not even made by professionals (Zoombombing anyone?) due to faults in their design and inherent limitations of their infrastructure added to their notoriety and widespread use.
All communications from Zoom clients is collected centrally by the Zoom cloud and redistributed through their network of data centres and public cloud in various locations around the world. This makes the Zoom cloud a convenient target for attackers or interceptions. The zoom client is installed as an app on the operating system, exposing it to inherent risks of the platform it operates on as shown in previous sections of this article.
Even inside the Zoom cloud infrastructure the communication happens between different geographical locations exposing the data to the wide area network and therefore making it more vulnerable to exploits
As reported by Hackread the cybersecurity researchers at Positive Technologies identified three vulnerabilities in several critical apps part of the Zoom video conferencing platform (both apps and tools). These include Zoom Virtual Room Connector, Zoom Meeting Connector Controller, and Zoom Recording Connector.
These vulnerabilities could have allowed hackers to intercept your Zoom meetings and target customer infrastructure. To top all of this off, the centralised nature and branding of the Zoom platform make it a prolific target of phishing and impersonation attacks via email or text.
We consider these channels secure though, as the communication from the user’s client to Nesos is encrypted and can be restricted to desired IPs, the specific MAC address of authorised devices and even set up to be accessible only through an Azure virtual client.
Nesos deployment is protected from attacks by Firewalls and by Azure Front Door, Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe. This allows us to guarantee that Nesos is a secure application with built-in layer 3-4 DDoS protection supported by Threat Intelligence and access to its APIs is protected by a zero-trust access model.
The communication between Nesos and the Meetis environment is even more secure given the fact that each Nesos deployment has to match a specific Meetis deployment and everything can be setup on custom domains making it much harder to be found by automatic sniffing bots.
Even if the Meetis server was identified the attacker would have to discover the specific meeting id, have the Nesos credentials on top of the Nesos specific passwords that are automatically created with every meeting.
Without finding the deployments, finding the secret keys, compromising the user’s Nesos account, the device of the client and the meeting credentials, it is not possible to gain access to the content of a meeting happening on Meetis.
Meetis fully integrates with any AV software to further protects its server and deployments leveraging the power of machine learning. The rest of the communications happens inside a protected VLAN or LAN depending on the type of deployment which makes it extremely difficult to penetrate.
Instead of getting a product companies need to adapt to, we offer to adapt our product around them and their use case. We can customise it and brand it for each company, deploy it where they want it and scale up security ad infinitum depending on the type of confidentiality needed.
Our clean record, company policy and technical infrastructure keeps us safe from centralised attacks whether those are political or technical. On the other end Zoom security concerns have prompted the US senate to issue a memo telling members to avoid Zoom.
Despite the operational size difference, our divergent philosophies when it comes to how to approach security and privacy in online communication makes us believe that we can offer the superior product to the security and privacy minded individuals or institutions.