Remote work and study platforms: A collaboration tool comparison
April 03, 2020 / Current Affairs, Data Privacy / By OPTF
While the peak of the COVID-19 crisis is still yet to come, it has already caused seismic shifts in our daily lives. White-collar employees and students of all ages have been abruptly forced to move conversations, classes, and meetings onto digital platforms, sacrificing the inherent control they had over face-to-face conversations, and putting their privacy at the mercy of the platforms chosen to enable this new norm of communication.
It is imperative that the tools and platforms we use to communicate during this crisis are designed to give us the same control over our privacy as we had in real-life conversations. There are many different tools available to facilitate communication among professionals that are being required to work remotely and students that have been forced to move to online study. However, some communications platforms protect your privacy better than others. And some software companies demonstrate a far greater commitment to privacy than others.
For most of us, this might mean that our employer asks us to use video conferencing software that we may not be totally comfortable with. For others, it could mean being directed to use collaboration software which has features that can be used by employers to monitor their employees. But for those who work in medical and legal offices, social workers who work with survivors of sexual abuse or domestic violence, and a variety of other professions, privacy is not an ideal. It is an absolute necessity.
Zoom has proven to be the most popular solution for remote work and study, by a wide margin. This is despite design flaws that have seen significant media attention in recent weeks, and copious amounts of data-collection which in some cases extends even beyond the scope of their own privacy policy. But there are several alternatives which take privacy more seriously and have the technical capacity to back it up. While there’s no perfect one-size-fits-all solution, there are open-source, end-to-end encrypted solutions to remote communication.
OK, Zoomer: Mainstream conferencing platforms
There are many, many video-conferencing platforms available. Almost every big tech brand has skin in the game, for personal or professional communication, or both. But which of the most popular video-conferencing platforms offer the greatest privacy and security features? And what other alternatives are available?
1. Zoom
One of the primary reasons for Zoom’s success compared to similar services is its frictionless design. A user can simply click a link and Zoom’s desktop app will automatically launch, allowing you to join a video chat instantly. This design is very attractive to consumers — but it demonstrates the company’s ethos of sacrificing privacy for functionality.
Zoom’s instant-join mechanism works by installing a local web server on your computer, which remains even once you uninstall the software. For Mac users, this allowed Zoom to bypass security features in Safari, giving malicious websites access to the user’s webcam without ever alerting them. Security researcher Jonathon Leitschuh discovered this vulnerability and disclosed it to Zoom, but Leitschuh later noted that the issue was never truly resolved. Additionally, Zoom’s privacy policy outlines a concerning level of data collection. Using Zoom gives the platform access to your name, physical address, email address, phone number, job information, credit card information, Facebook profile information, information about your computer and internet connection, and even your buying and browsing habits. Zoom claims that they do not sell your data, but also paradoxically admit that they do share data for “business purposes”.Despite Zoom claiming end-to-end encryption capabilities on its website, in its user interface and even in it’s security whitepaper, the embattled video conferencing platform has recently admitted that this is not strictly the case, leading some commentators to remark that Zoom seems to have tried to intentionally mislead consumers about its data security capabilities.
If this isn’t enough to give you pause, a class-action lawsuit has been filed against Zoom for sharing data with Facebook in ways which violate their privacy policy, and the office of New York’s attorney general, Letitia Jones, is currently investigating Zoom’s privacy and security practices. Jones is “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,”
E2EE: No
Privacy Score: 1/5
2. Microsoft Teams
What we once all knew as Skype (and its enterprise version Skype for Business) has been rebranded as Microsoft Teams. A significant part of Teams’ appeal is that it is included in the standard Office 365 software suite. However, Teams does not offer end-to-end encryption, instead opting for encryption of data in transit and at rest, meaning Microsoft can still access your data — this encryption is of little use if you’re truly concerned about keeping your data private.Microsoft had previously partnered with Signal to apply Open Whisper Systems’ industry-leading E2EE protocol to Skype video chats. It is both confusing and strange that Microsoft would downgrade their security for an enterprise product which presumably has even greater demand for private and secure communication than a consumer-grade offering.Private chats within Microsoft Teams cannot be accessed by admins, which does place Teams above competitors such as Zoom, which gives hosts the ability to keep tabs on any employees who may be multitasking.
E2EE: No
Privacy Score: 2/5
3. Google Hangouts
Google products have developed something of a reputation for being fraught with privacy concerns, and Google Hangouts is no exception. Originally a feature of Google+, Hangouts is now a standalone video chat platform, and — as with Microsoft Teams — your conversation is not end-to-end encrypted. Hangouts relies on in-transit encryption, which means that Google can have complete access to your data when it passes through their servers.
E2EE: No
Privacy Score: 2/5
4. Cisco WebEx
Founded in 1995, Cisco WebEx develops a variety of different video conferencing software. Their primary video conferencing offering, Cisco WebEx Meetings, does offer end-to-end encryption. However, WebEx Meetings is not private by default, and enabling this option limits the availability of certain features.
E2EE: Yes, but not by default
Privacy Score: 3/5
5. FaceTime
FaceTime is one of the most commonly-used video chat platforms in the market, despite being exclusive to Apple devices — even if you don’t have an Apple device, you’ve probably heard of it. Aside from a few caveats, Apple does back up its desired image of the big tech brand that actually takes privacy seriously.
FaceTime supports end-to-end-encrypted video conferencing with up to 32 participants, and FaceTime calls are encrypted by default. This commitment to privacy, in combination with Apple’s highly intuitive UI, means that for those with access to Apple devices, FaceTime is often a front-runner in terms of both functionality and security.
The primary thing holding FaceTime back from being the solution that most people are looking for is that Apple’s solution is only available on Mac and iOS, which is a huge drawback for most people. FaceTime also lacks the collaboration tools which are packaged with other options like Microsoft Teams.
E2EE: Yes
Privacy Score: Apple-Only/5
Security and obscurity: The wildcard options
If you’re working or studying from home, there is a good chance that you are using one of the above five platforms for video conferencing. Unfortunately, there are some glaring issues in relation to privacy and security, and none of the above platforms is perfect. However, there are a variety of lesser-known options which claim to take your privacy much more seriously and may offer far more security for your data.
1. Jami
All of the above-mentioned software platforms use a centralised server infrastructure, meaning that those platforms may be subject to legislation which requires the provision of backdoor access to government agencies — undermining the security of your communications.
Jami utilises a distributed peer-to-peer network which relies on TLS 1.3 encryption. Jami is free and open source, meaning that the platform’s code can be independently audited to ensure its security and integrity.
While Jami’s infrastructure layout and privacy-by-default approach to encryption are promising, the platform appears to be somewhat buggy and is missing certain features which many users would consider to be essential. While it shows potential and may be the solution that some people are looking for, Jami may not be for everyone.
2. Wire
Another way to communicate securely with your team is by using Wire, a privacy tool created by former Skype developers. Wire is an open-source ‘collaboration platform’ which uses end-to-end encryption very similar to Signal’s — considered by most to be the gold standard for private communication. Like Jami, Wire is a privacy-first platform — privacy is the foundation of the software, rather than an add-on or premium feature.
Wire can be used for text, voice, video, conference calls, file-sharing, and external collaboration. Wire has a user-friendly interface, and supports mobile (Android and iOS) and desktop (PC, macOS, and Linux). In many ways, Wire is ideal as a communication and collaboration tool for those who require security and privacy as they work from home.Unfortunately, Wire only supports video conferencing with up to 4 users. This is compared to 100 conference participants using a free plan on Zoom or up to 500 using Zoom’s paid service. Although Zoom offers less security, Wire does come up short in terms of the functionality that some users may require.
Another minor drawback is that Wire’s database stores a plaintext record of the people you have communicated with. This could be a risk for anyone needing a platform that keeps their communications anonymous as well as secure.
Wire is also leading the charge in the development of a groundbreaking new encryption standard, MLS (Message Layer Security), which is being positioned as the next step in encrypted online communications. MLS may see widespread adoption if it can live up to its lofty claims of security and privacy.
3. Jitsi
An endorsement by Edward Snowden is considered by some to be the highest praise possible for privacy tools, and Jitsi has received one. Jitsi describes itself as ‘a set of open source projects’, the most relevant being Jitsi Meet, their video conferencing software. Jitsi Meet is open-source and operates within your browser, instead of requiring any installation, giving it an edge in ease of use.Unfortunately, this ease of use comes at the cost of privacy. WebRTC, the framework used by Jitsi Meet to enable browser-based real-time communication, does not support end-to-end encryption. This is actually not hugely problematic, as you have the option of hosting a Jitsi conference on a server you own or control, but self-hosting may prove too cumbersome for many use cases.Although Jitsi products do not have the slickest UI on the market, they offer all the functionality of large competitors for free, with a level of potential security that far-exceeds most other video conferencing and collaboration platforms, due to the possibility of hosting one’s own instance of the Jitsi server. And if you’re worried about limitations on how many people can join your meeting, don’t be. The amount of people who can participate in a video conference using Jitsi Meet is only limited by your available CPU power and bandwidth.
Conclusion
Unfortunately at the moment there is no one-size-fits-all solution for secure video conferencing — there are a variety of different options that will suit different teams based on their individual needs. Depending on the features that you require, the level of privacy and security you need, and the nature of the work that you are doing, any of these tools could be right for you. Regardless of which platform is right for you, be sure to do your research — and ensure you’re making an informed choice so you can maintain control of your data.
Latest blog posts
The OPTF and Session
The OPTF is transferring its responsibilities as steward of the Session project to the newly established Swiss foundation, the Session Technology Foundation.
READ MORE »
October 15, 2024
Cyber laws around the world: Privacy is not the policy
There is no doubt that the European Union’s GDPR has changed the cyber regulation landscape forever. As onlookers from non-EU countries urge their governments and regulators to adopt similar legislation, countries are rapidly adopting their
READ MORE »
December 04, 2022
The long and winding road : Striving for data protection in Indonesia
Juliana Harsianti is an independent researcher and journalist working at the intersection of digital technology and social impact. The long awaited Indonesian Personal Data Protection Bill was approved by the parliament on 20 September 2022.
READ MORE »
November 17, 2022