CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

How to choose a video chat app? Grade it on privacy

May 6, 2020, 3:16 PM UTC

This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.

In Techland, everyone loves a good rivalry. There are the smartphone wars (iOS vs. Android). The ride-hailing rumblings (Uber vs. Lyft). The music match-ups (Spotify vs. Pandora). The video-streaming vendettas (Netflix vs. Quibi—lol, just kidding!).

Virtual conferencing software, somewhat amazingly, bucks the trend. While Zoom has rocketed to prominence during the time of quarantine, people are just as likely to use one of the many other options on the market: Apple’s FaceTime, Facebook’s WhatsApp, Microsoft’s Skype, the list goes on.

How do they all stack up against each other? Since the U.S. National Security Agency published its report assessing the security of various video chat apps, two respected non-profits have followed suit. Consumer Reports, known for its independent product testing and reviews, and the Mozilla Foundation, the group behind the Firefox web browser, surveyed the privacy implications of some of the most popular options.

The privacy policies leave much to be desired. That was the standout finding from Consumer Reports, which looked at the legalese behind Cisco’s WebX, Microsoft Teams and Skype, and Google’s Meet, Duo, and Hangouts.

The terms of service for these services’ data collection and sharing remain unclear. To quote the report, all three companies “reserve the right to store information on how long a call lasts; who’s on it; and everyone’s IP, or internet address,” data they can then combine with other information to build profiles of people. In an accompanying statement, Katie McInnis, Consumer Reports’ policy counsel, demanded that the companies manage this information with care and “ensure that they are respecting the digital rights of users.”

The surprise finding from the Mozilla report was that Zoom has really stepped up its game since security researchers pointed out its flaws in recent weeks, while other apps, like Houseparty, seem mostly to have gotten a pass on scrutiny. That latter app, owned by Fortnite-maker Epic Games, apparently continues to accept weak passwords like “12345,” and lets people “sneak” unnoticed into contacts’ virtual rooms. Since Houseparty caters a younger demographic, the security and privacy of the service matters even more.

Because there is so much variety in the video-chatting category, narrowing down the selection can be difficult. Safety seems as good a grading criterion as any.

Robert Hackett

Twitter: @rhhackett

Email: robert.hackett@fortune.com

THREATS

Under COVID of darkness. The UK's foreign minister, Dominic Raab, is warning that hackers are using the cover of the COVID-19 pandemic to perpetrate data breaches. Britain's cybersecurity chief describes how people's attention has been pivoting to the healthcare and biopharma industries as well as research institutions. Meanwhile, Mark Esper, the U.S. Defense Secretary, warned that China and Russia are using the pandemic as a way to gain influence around the world by trying to send acutely afflicted countries, like Italy, aid. 

Suit up. There were some developments in the Facebook WhatsApp lawsuit accusing Israeli spyware maker NSO Group of helping to spy on WhatsApp users. WhatsApp says the defendant's law firm has a conflict of interest because it previously represented WhatsApp in another suit. Shortly afterward, NSO Group disputed some of WhatsApp's allegations, including that it used computer servers in the U.S. hosted by L.A.-based QuadraNet to target WhatsApp users. Meanwhile, an unrelated lawsuit filed by Apple is said to be "chilling" cybersecurity research

*Slides eye-level slot and asks for password* Two-thirds of respondents to a recent survey admitted they "always or mostly use the same password or a variation," even though 90% acknowledged they knew the practice was risky. Aware of people's bad habits, the folks behind the web browser Mozilla Firefox updated its password manager, Firefox Lockwise, to alert people when they're using a password that is known to have been compromised. Another welcome, though long overdue update: Google Nest security cameras are going to start requiring people to use two-factor authentication

Cat got your tongue? Open source investigative news site Bellingcat recently published a number of fascinating security-related stories. There's the recent attempted coup in Venezuela by a private company in the U.S., Silvercorp USA, that has run security at Trump campaign rallies. Then there's the story of Russian citizen Dmitry Badin, who Germany just indicted for allegedly hacking the Bundestag, Germany's parliament. (In 2018, the U.S. indicted the same guy for allegedly helping to hack the Democratic National Committee.) Plus, there's a deep dive into a recent pro-China propaganda campaign on Twitter.

Caught with pants down. Web domain host GoDaddy recently disclosed a data breach affecting as many as 28,000 customers. The breach started in October, it said, noting that it had reset people's passwords as a result. Also, CAM4, an adult website, potentially exposed a whole heap of information—nearly 11 billion records—in an unprotected online database containing people's email addresses, hashed passwords, and correspondences with the company. 

Is Kim Jong Un planning a pool party?

ACCESS GRANTED

We all know by now: Social media allows misinformation to run amok. But Guillaume Chaslot, a former Google engineer, knows better than most exactly how and why this happens. Britain's The Daily Telegraph interviewed the anti-tech crusader about how YouTube, in the quest for engagement and advertising profits, prioritizes provocation and extremism over accuracy.

Just after midnight on Good Friday, firefighters were called to tackle a 70ft blaze that had engulfed a telecoms mast in Solihull’s Chelmsley Wood.  

Days later, engineer George Davis and his team were threatened with broken bottles and bricks while working on a telecoms line in Putney. “The gentleman thought we were installing 5G,” says Davis. “He’s not the first person to threaten us… people just look at things online and believe it.”

FORTUNE RECON

Airbnb to cut nearly 2,000 employees due to the coronavirus pandemic by Danielle Abril

California to sue Uber and Lyft for classifying drivers as contractors by Joel Rosenblatt

Apple’s WWDC developers conference will be livestreamed on June 22 due to coronavirus by Jonathan Vanian

Photo essay: What life looks like in Europe as the continent starts to reopen by Mia Diehl and Katherine Dunn

Cord cutting is speeding up as the coronavirus pandemic squeezes consumers by Aaron Pressman

Goldman Sachs doubts there will be a Round 3 of PPP loans for small businesses by Anne Sraders

Uber’s (potentially) twisty Lime deal by Lucinda Shen

ONE MORE THING

The National Cybersecurity Centre in the UK has decided to stop using the terminology "blacklist" and "whitelist," opting instead for the more neutral "deny list" and "allow list." The reasoning, the government group says, is to avoid "casually pejorative wording" with potentially racist overtones. "No, it's not the biggest issue in the world—but to borrow a slogan from elsewhere: Every little [bit] helps."

The choice reminds me of something I do when reciting my favorite poem by the short-lived, 19th-century writer Stephen Crane, "Should the wide world roll away." In my own reading, I like to swap "black" for "bleak" and "white" for "warm."