I confess, I’m so fatigued by all things quarantine, I’ve let my guard down. I find myself not caring very much about the services I use to stay connected to my friends—and that’s not ideal, because some video chat apps take security and privacy much more seriously than others.
You’re probably assuming this will be another article crapping on Zoom. While it’s true the company has suffered one security gaffe after another since the pandemic made it a household name, you might also be surprised to find that it’s one of the highest-ranked video chat apps for security in Mozilla’s latest analysis.
Does that mean it’s perfect? No, but Zoom—and a number of other video apps—at least fulfil some of the basic security and privacy criteria Mozilla thinks any decent app needs to have. Consider disappearing any that don’t from your phone, tablet, or computer in favour of better choices, if possible. Otherwise, use Mozilla’s guides to help you pinpoint the weaknesses in your service of choice/necessity.
Of the 15 apps Mozilla surveyed, 12 met its minimum security standards across five separate categories, earning a sort of participation award for doing so. (You should, of course, expect better from your apps than doing the minimum.)
Encryption: Does the app/service offer it?
Security updates: How regularly is the app/service updated?
Strong passwords: How strong are the app’s password guidelines?
Manages vulnerabilities: Is there a way for people to report bugs and other security issues with the app?
Again, I wouldn’t use an app merely because it earns Mozilla’s stamp of approval for clearing that low bar, but I would definitely question any app that didn’t. The three who didn’t make Mozilla’s grade are:
Houseparty: For having a minimum password requirement of only five characters and allowing weak passwords (like “12345").
Discord: For having a minimum password requirement of only six characters and allowing weak passwords (like “123456").
Doxy.me: For allowing incredibly weak passwords (like “123") and for having seemingly no way to report bugs or other vulnerabilities.
While these hardly sound like damning characteristics—since it’s on you to be smart and make strong, unique passwords for everything—there’s no reason why these services can’t incorporate the simple practice of requiring complex passwords. That’s like, a few lines of code; hardly even a day’s work for an engineer at any of them.
To add a little gasoline to the fire, each of Mozilla’s reports spells out what could go wrong if an attacker takes advantage of any of a services’ security lapses to get into your account. Or, for that matter, if you don’t pore over the service’s settings to ensure privacy for your chats. For example, here’s Mozilla’s warning about Houseparty:
Screenshot: David Murphy (Mozilla)
What should you do with Mozilla’s video chat dossiers? I wouldn’t try comparing all of them to find the best video chat service for privacy and security. Rather, if there’s one you use—or are thinking of using going forward—give the service’s review and features a quick read. Note any peculiarities that might impact your security and definitely check out anything you can do to increase the privacy of your video chats.
This includes scanning some of the related security and privacy articles Mozilla links at the bottom of each service’s profile. If Mozilla’s guide doesn’t give you all the details you need to know to stay safe and secure with whatever video chat service you prefer, chances are good you’ll find the answers among these many guides.
And if an app you’re considering using doesn’t appear on Mozilla’s list (cough Google Meet cough), then use one of its guides as your own guide for evaluating whether a service is secure and private. Ask yourself the same questions Mozilla uses to evaluate other services and take note of anything you might have to do—like creating a stronger password or messing around with advanced settings—to make it work better for you.