Slash Boxes

SoylentNews is people

posted by Fnord666 on Saturday April 04 2020, @03:43PM   Printer-friendly
from the thus-spoke-Schneier dept.

Security and Privacy Implications of Zoom - Schneier on Security:

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

Now security: Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.

Finally, bad user configuration. Zoom has a lot of options. The defaults aren't great, and if you don't configure your meetings right you're leaving yourself open to all sort of mischief.

Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out. (Their 4/1 response to all of this is here.) On 4/2, the company said it would freeze all feature development and focus on security and privacy. Let's see if that's anything more than a PR move.

(2020-04-02) Elon Musk's SpaceX Bans Zoom over Privacy Concerns
(2020-03-28) Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For
(2020-03-27) School Quits Video Calls After Naked Man ‘Guessed’ the Meeting Link
(2020-03-23) Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
(2020-03-21) Homeschooling Resources
(2020-03-14) Student Privacy Laws Still Apply if Coronavirus Just Closed Your School

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Saturday April 04 2020, @07:01PM (4 children)

    by Anonymous Coward on Saturday April 04 2020, @07:01PM (#979098)

    Don't use non-free proprietary user-subjugating software. Sure, they could improve the security of the software against outside actors, but when you use proprietary software, the developers are your masters. It's possible for them to change the software at any time to add more malicious functionality or simply refuse to fix existing malicious functionality, and all you can do is stop using, which everyone should do anyway.

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 2) by gtomorrow on Saturday April 04 2020, @07:44PM

    by gtomorrow (2230) on Saturday April 04 2020, @07:44PM (#979108)

    -1 Preaching to the choir

  • (Score: 2) by MostCynical on Saturday April 04 2020, @08:08PM

    by MostCynical (2589) on Saturday April 04 2020, @08:08PM (#979123) Journal

    People wil use whatever is easiest, or whatever their friends are using, so long as it isn't too difficult.

    People are 1. Lazy and 2. Herd-like
    if there is something "better" out there, what is it?

    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
  • (Score: 2) by Grishnakh on Sunday April 05 2020, @02:27AM (1 child)

    by Grishnakh (2831) on Sunday April 05 2020, @02:27AM (#979243)

    Free software is great if it's actually available as a workable alternative. But for some functions, Free alternatives simply do not exist, and I'm pretty sure this is one of them. Generally speaking, any service that requires software running on a heavy-duty server connected to the internet with a fat pipe is not going to have any kind of Free alternative: it isn't just the software you need, you need the hardware infrastructure as well, and no one's going to run all that stuff for free.

    • (Score: 0) by Anonymous Coward on Sunday April 05 2020, @02:55AM

      by Anonymous Coward on Sunday April 05 2020, @02:55AM (#979258)

      Free software is great if it's actually available as a workable alternative.

      To me, freedom is a must. If no suitable Free Software exists for some task, then I still won't use proprietary software.

      But even when Free Software exists to fulfill some purpose, people complain that it doesn't have enough "features," which is how you know they're completely missing the point. This is one of those cases.

      Schools in particular should never use proprietary software, since it's completely antithetical to independence and education, which are values that schools should promote.

      and no one's going to run all that stuff for free.

      Unnecessary. They could charge for the use of their hardware itself, even if the software is Free Software.

      Though, doing too much of your computing on someone else's computers has other obvious issues.