Slash Boxes

SoylentNews is people

posted by Fnord666 on Saturday April 04 2020, @03:43PM   Printer-friendly
from the thus-spoke-Schneier dept.

Security and Privacy Implications of Zoom - Schneier on Security:

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

Now security: Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.

Finally, bad user configuration. Zoom has a lot of options. The defaults aren't great, and if you don't configure your meetings right you're leaving yourself open to all sort of mischief.

Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out. (Their 4/1 response to all of this is here.) On 4/2, the company said it would freeze all feature development and focus on security and privacy. Let's see if that's anything more than a PR move.

(2020-04-02) Elon Musk's SpaceX Bans Zoom over Privacy Concerns
(2020-03-28) Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For
(2020-03-27) School Quits Video Calls After Naked Man ‘Guessed’ the Meeting Link
(2020-03-23) Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
(2020-03-21) Homeschooling Resources
(2020-03-14) Student Privacy Laws Still Apply if Coronavirus Just Closed Your School

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Funny) by Anonymous Coward on Saturday April 04 2020, @04:00PM (1 child)

    by Anonymous Coward on Saturday April 04 2020, @04:00PM (#979048)

    Wait until the next release of systemd which has videoconferencing built in. Poettering's already got the audio driver written.

    Starting Score:    0  points
    Moderation   +4  
       Funny=4, Total=4
    Extra 'Funny' Modifier   0  

    Total Score:   4  
  • (Score: 0) by Anonymous Coward on Sunday April 05 2020, @02:26AM

    by Anonymous Coward on Sunday April 05 2020, @02:26AM (#979242)

    Oh yeah, I can't wait, systemd - Now featuring GNU/LINUX