Hey folks, I'm unlocking the feature topic from this week's newsletter. I'm also donating all initial payments to Direct Relief and Feeding America for anyone who signs up for Advisorator by April 16. More details on that at the bottom of this newsletter.

The coronavirus has a way of accelerating events already in motion, from the rise of remote work to the collapse of theatrical release windows. With that in mind, Zoom's rapid evolution from video chat hero to privacy and security villain was inevitable.

Zoom already had reputation for prioritizing convenience over security. Last summer, researchers found that Zoom's Mac version was quietly running a local web server on users' machines even after they had uninstalled the software, leading to a vulnerability that let any website seriptitiously access users' cameras and microphones. Now that Zoom is leading a boom in videoconferencing, security researchers and journalists have uncovered all kinds of other issues:

• A practice known as "Zoombombing," in which malicious users invade videoconferences to harass the participants, was made possible by weak default privacy and security settings.
• Zoom was caught sending analytics data to Facebook without disclosure. (It's no longer doing so.)
• Until last week, Zoom's privacy policy gave it the right to collect data about users' content and share it with advertisers.
• A feature, discontinued earlier this month, allowed conference hosts to see when participants were focusing on other apps instead of the video call itself.
• In response to scrutiny, Zoom had to clarify that its claims of securing video calls with end-to-end encryption are not exactly what people thought.

That's not even the full list of recent transgressions. (Glenn Fleishman, writing for TidBits, has an even deeper dive.)

To be fair, Zoom has been owning up to its mistakes. An apologetic blog post last week by CEO Eric Yuan credited journalists and security researchers for calling out problems, walked through some recent fixes (most notably, new default settings that make Zoombombing harder to pull off), and promised to freeze new features for the next 90 days while Zoom shores up its security and privacy.

Part of Zoom's underlying problem, however, is that it's just such a complicated piece of software in the first place. It's so easy to get lost in Zoom's labyrinthine settings menu, and not so easy to understand concepts like the Personal Meeting ID (a random numeric code permanently assigned to each user for on-the-spot meetings) and how it differs from other Meeting IDs (which have their own random numeric codes). Yuan was quick to note that Zoom is business software first and foremost, and that rings true in the way it can be so obtuse.

I'm not naïve enough to think people will stop using Zoom because of a few privacy and security blunders. Such issues, after all, haven't hindered Facebook, which if anything is enjoying a pandemic popularity surge. But I would like to humbly suggest an alternative.

For the past few days, I've been playing around with another video conferencing service called Jitsi Meet, and it's refreshingly simple compared to Zoom and other options.

Jitsi works in any web browser without any extra software (though Android and iOS apps are also available), and you don't need any kind of account to use it. Best of all, setting up a meeting is dead-simple: Just create a name for the meeting room, optionally set a password, and share the link with others. You can even create a meeting by typing any string of letters and numbers after entering meet.jit.si/ in your address bar.

Jitsi Meet is free to use, and it can smoothly support up to 35 people in a video call with no time limits. (The service is built on a set of open-source projects, and is backed by a company that offers extra services for businesses.) It's also just nicely laid out, with easy access to basic functions like chatting and hand-raising, and more complex functions such as recording and background blur hidden behind a single menu button. It even has a neat tie-in to YouTube that lets you livestream a videoconference to non-participants.

I'll admit that this system, were it enjoying Zoom-like scale and scrutiny, would have its issues. At minimum, it would probably have to make users set meeting passwords by default. But the meeting structure is also just a lot easier to understand, which might help users avoid security blunders in the first place.

As with any social app, getting others to use Jitsi Meet instead of whatever's popular will be an uphill battle. But when they see how lightweight and hassle-free it is compared to Zoom, maybe it won't take all that much convincing.
 

As I mentioned at the top of this newsletter, become an Advisorator subscriber by April 16, and I'll donate your first payment (minus card processing fees) to Direct Relief and Feeding America. That applies both to annual subscriptions and to a three-month subscription I've set up for this purpose.

Advisorator members get a full-sized tech advice newsletter each week, with feature topics like this one, quick tips, notable deals, and perspective on the latest news. Subscriptions also include periodic deal alert emails and personalized tech advice on-demand. Sign up here, and if you have any questions, don't hesitate to reach out.

Also, I apologize for the messy imagery of both my office and my in-progress apocalypse beard at the top of this email—consequences both of Jitsi having no good press screenshots available.

Until next week,
Jared