I see this as a good thing. If vendors see security and privacy as key features, rather than afterthoughts, then the world becomes a safer place. Not for Doxy.me users though…:
[…] However, on the whole, a new report suggests that vendors are working on improving the situation and the majority of popular teleconferencing solutions now meet at least minimum security standards.
On Tuesday, Mozilla released a study, *Privacy Not Included, exploring the security posture of these solutions. In total, 15 products were tested, 12 of which have met basic cybersecurity criteria.
The research is based on Mozilla’s Minimum Security Standards: a level of encryption must be in place, security updates must be issuable, when users sign up they must have to create a strong password, privacy policies must be clear and without jargon, and there must be a way for cybersecurity researchers to be able to report software vulnerabilities — such as through a direct line or bug bounty program.
This does not mean an app is fully secure or keeps privacy at the heart of operations, but it does indicate that at least basic security measures to protect user privacy are being met.
In total, 12 out of 15 platforms have now met Mozilla’s standards — Zoom, Google Hangouts, Apple Facetime, Skype, Facebook Messenger, WhatsApp, Jitsi Meet, Signal, Microsoft Teams, BlueJeans, GoTo Meeting, and Cisco WebEx.
However, Houseparty, Discord, and Doxy.me — a telemedicine app — have failed in the basics.