Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.
posted by Fnord666 on Saturday April 04 2020, @03:43PM   Printer-friendly
from the thus-spoke-Schneier dept.

Security and Privacy Implications of Zoom - Schneier on Security:

Over the past few weeks, Zoom's use has exploded since it became the video conferencing platform of choice in today's COVID-19 world. (My own university, Harvard, uses it for all of its classes. Boris Johnson had a cabinet meeting over Zoom.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.

In general, Zoom's problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

Now security: Zoom's security is at best sloppy, and malicious at worst. Motherboard reported that Zoom's iPhone app was sending user data to Facebook, even if the user didn't have a Facebook account. Zoom removed the feature, but its response should worry you about its sloppy coding practices in general:

"We originally implemented the 'Login with Facebook' feature using the Facebook SDK in order to provide our users with another convenient way to access our platform. However, we were recently made aware that the Facebook SDK was collecting unnecessary device data," Zoom told Motherboard in a statement on Friday.

Finally, bad user configuration. Zoom has a lot of options. The defaults aren't great, and if you don't configure your meetings right you're leaving yourself open to all sort of mischief.

Zoom is a security and privacy disaster, but until now had managed to avoid public accountability because it was relatively obscure. Now that it's in the spotlight, it's all coming out. (Their 4/1 response to all of this is here.) On 4/2, the company said it would freeze all feature development and focus on security and privacy. Let's see if that's anything more than a PR move.

Previously:
(2020-04-02) Elon Musk's SpaceX Bans Zoom over Privacy Concerns
(2020-03-28) Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For
(2020-03-27) School Quits Video Calls After Naked Man ‘Guessed’ the Meeting Link
(2020-03-23) Work from Home Pwn2Own Hackers Make $130,000 in 48 Hours from Windows 10 Exploits
(2020-03-21) Homeschooling Resources
(2020-03-14) Student Privacy Laws Still Apply if Coronavirus Just Closed Your School


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by gtomorrow on Saturday April 04 2020, @07:42PM (2 children)

    by gtomorrow (2230) on Saturday April 04 2020, @07:42PM (#979107)

    I stand corrected. I wasn't aware of its en masse privacy-rape capability. Signal/Whatsapp/Skype all handle ~4-6 participants if I'm not mistaken.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Grishnakh on Sunday April 05 2020, @02:24AM (1 child)

    by Grishnakh (2831) on Sunday April 05 2020, @02:24AM (#979239)

    4-6 participants is useless when you're trying to do a department-wide conference call, or any other large group activity.

    • (Score: 2) by gtomorrow on Sunday April 05 2020, @09:08AM

      by gtomorrow (2230) on Sunday April 05 2020, @09:08AM (#979332)

      Yeah...I get it. Easy, killer.