Last year, near the beginning of the COVID-19 pandemic, we published a blog pitting Google Meet against Zoom, illustrating why Meet was the better choice.
A lot has changed since then. Organizational digital transformation efforts have been accelerated by years. As cities and states shift in and out of lockdowns, remote-work accommodations that employers (and workers) thought were temporary are turning into long-term, possibly permanent arrangements. Once-obscure terms like “digital nomad” have entered the common vernacular.
In a world where everything has changed, it’s nice to know that at least one thing remains the same. Google Meet is still the superior alternative to Zoom, and here are 5 reasons why.
1. Google Meet doesn’t require any additional software on desktops
While Zoom requires desktop users to download a desktop app or browser plugin to use its service, Google Meet allows meeting hosts and attendees to manage and join meetings from the web browser of their choice simply by visiting meet.google.com, with no additional software required.
In addition to being more convenient, Meet’s browser-based platform minimizes organizations’ potential attack surface and eliminates the need for IT administrators to keep a desktop app or browser plugin updated. It also ensures that users won’t download a phony desktop installer that’s bundled with malware, which was a problem for Zoom in 2020.
2. Google Meet is secure by default
Over the past year, Zoom has taken steps to mitigate Zoombombing, a practice where malicious, often uninvited users hijack Zoom meetings to share offensive or disruptive content. These measures require meeting hosts to do more work when setting up meetings, but a new study reveals that these measures do little to deter Zoombombers, who are usually invited participants, not external cybercriminals.
Google Meet hosts don’t have to take additional steps to prevent their meetings from being hijacked by disruptive attendees. Easily accessible security controls enable Google Meet organizers to mute or remove disruptive participants, and meeting attendees can report abusive behavior in meetings. Anonymous attendees can’t join Meet conferences; all attendees must have a Google account. This enables hosts to identify disruptive participants and avoid situations like the one currently unfolding in Juneau, Alaska, where a city assembly member was harassed by an anonymous participant in a Zoom meeting.
Google Meet hosts also get tons of other security features by default, including:
- Randomly generated meeting codes that are 10 characters long, with 25 characters in the set, making it harder for hijackers to brute-force “guess” meeting codes.
- The ability to change meeting details in the invite, which alters both the meeting code and the phone PIN. This prevents hijacking if a user is no longer invited to a meeting, or if a user shares meeting details with unauthorized parties.
- Only users on the calendar invite can enter a Meet conference unless they explicitly request to join by “knocking.” Only hosts can accept “knocks.”
Google Meet benefits from the Google Cloud Platform (GCP) defense-in-depth approach to security, which utilizes Google’s built-in protections and global-private network.
3. Meet offers the same experience on mobile as on desktop
Just like last year, Zoom users on mobile face a severely downgraded user experience compared to the desktop app. Most notably, Zoom’s mobile apps lack the full range of host controls available on the desktop, such as the ability to launch a poll, start breakout rooms, or stream meetings publicly.
In contrast, Google Meet offers the same functionality and user experience on mobile as it does on the desktop. With Meet’s specially designed iOS and Android apps, users can view all of their meetings for the day Calendar, then join by tapping or dialing in.
4. Google Meet offers superior encryption
Last fall, Zoom reached a settlement with the U.S. Federal Trade Commission (FTC) over allegations that the company had misled its customers into thinking their meetings were secured by end-to-end encryption when they weren’t. As we discussed in our previous blog, Canadian security researchers had discovered that Zoom’s encryption algorithm had some very serious and well-known weaknesses.
Google Meet has always encrypted all data in transit by default, adhering to IETF security standards for Datagram Transport Layer Security (DTLS) and Secure Real-time Transport Protocol (SRTP). Meet generates a unique encryption key for every person and every meeting. This key is transmitted in an encrypted and secured RPC (remote procedure call) during the meeting setup, lives only as long as the meeting, and is never stored to disk.
5. Google is committed to protecting your privacy
The same Canadian researchers who uncovered the issues with Zoom’s encryption algorithm also discovered that Zoom sometimes uses encryption keys issued by servers in China, even when the meeting host and all participants are located in North America. Hypothetically, the researchers noted, if the Chinese government were to demand that Zoom hand over the encryption keys to a particular meeting, Zoom would be legally obligated to do so.
These warnings came to fruition in December, when the U.S. Department of Justice (DOJ) issued an arrest warrant for Jin Xinjiang, aka Julien Jin, a former Zoom executive who had worked as a liaison between Zoom and the Chinese government. The DOJ is accusing Jin of working with intelligence services in Beijing to interfere in Zoom calls, organized and hosted by U.S-based individuals, that were being held to commemorate the June 4, 1989, Tiananmen Square massacre.
In contrast, Google is committed to customer data privacy. Google Meet data, like all other data stored on Google Cloud, is processed only according to customers’ instructions, and it is never used for advertising purposes. Google never accesses customer data unless doing so is absolutely necessary to fulfill its contractual obligations, such as when resolving a technical or security issue. Google will never give any government entity “backdoor” access to your data or to our servers storing your data.
Google Workplace Enterprise and Google Workplace for Education customers are also covered by Google Cloud’s Access Transparency policy, a feature that is unique to Google Cloud. Google’s Access Transparency controls require employees to provide a valid business justification to access Google Meet recordings stored in Drive. The employee must fill out a log noting the date, time, and reason for the access, and Google performs regular audits to ensure that these controls are being adhered to.
Customers can also use Google’s Data Regions feature to choose the geographic location where select/covered data for Google Meet recordings will be stored at rest.
