Zoom admits data got routed through China - Business Insider:
In a statement late Friday, Zoom CEO Eric Yuan admitted to mistakenly routing calls via China.
"In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began," Yuan said. "In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect."
He did not say how many users were affected.
During spells of heavy traffic, the video-conferencing service shifts traffic to the nearest data center with the largest available capacity – but Zoom's data centers in China aren't supposed to be used to reroute non-Chinese users' calls.
This is largely due to privacy concerns: China does not enforce strict data privacy laws and could conceivably demand that Zoom decrypt the contents of encrypted calls.
Separately, researchers at the University of Toronto also found Zoom's encryption used keys issued via servers in China, even when call participants were outside of China.
[...] Zoom has faced multiple high-profile security issues in recent weeks as it struggles to cope with an unprecedented surge in traffic and new users.
Zoom did not immediately respond to Business Insider's request for comment and clarification.
Previously:
(2020-04-04) Senator Mad That Zoom Not Actually Offering the Encryption His Law Will Outlaw
(2020-04-04) Scrutiny Needed for Teleconferencing Software and Their Backing Companies
(2020-04-04) 'The Phone Slipped Into the Bath': Conference Call Tales
(2020-04-04) Security and Privacy Implications of Zoom
(2020-04-03) Automated Tool Can Find 100 Zoom Meeting IDs Per Hour
(2020-04-02) Elon Musk's SpaceX Bans Zoom over Privacy Concerns
(2020-03-28) Now That Everyone's Using Zoom, Here Are Some Privacy Risks You Need to Watch Out For
(2020-03-27) School Quits Video Calls After Naked Man "Guessed" the Meeting Link
(2020-03-14) Student Privacy Laws Still Apply if Coronavirus Just Closed Your School
(Score: 2, Troll) by Runaway1956 on Monday April 13 2020, @07:11AM (1 child)
Isn't the world upset over geofencing? https://soylentnews.org/article.pl?sid=20/04/11/0810254 [soylentnews.org]
A MAN Just Won a Gold Medal for Punching a Woman in the Face
(Score: 0) by Anonymous Coward on Monday April 13 2020, @02:01PM
Some call it quackery but many Westerners are wary of potential for contracting a zoomnotic virus.
/me ducks
(Score: 2, Disagree) by MostCynical on Monday April 13 2020, @08:05AM (2 children)
Soi the Chinese now know (possibly) the IP and MAC addresses of a few people.
If unencrypted, they may also know that CR038 failed two of the end-to-end test cases.
If your company is working on cutting-edge research and/or development, use properly tested, encrypted software (or have your company ban using zoom - cf Tesla)
Otherwise, so what?
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 1, Insightful) by Anonymous Coward on Monday April 13 2020, @11:16AM (1 child)
Will be hilarious if the Chinese Gov is spending resources to sift through all that. Storing all that successfully will make the network, hardware and HDD manufacturers very happy. As they say- like drinking from a firehose.
If you want to troll them, continue using Zoom for very public stuff but randomly mention uighur, tiananmen, xinjiang, jihad and other juicy keywords.
(Score: 1, Interesting) by Anonymous Coward on Monday April 13 2020, @12:17PM
Old but probably still has relevant keywords: https://github.com/jasonqng/chinese-keywords/blob/master/csv/all.csv [github.com]
(Score: 4, Insightful) by hendrikboom on Monday April 13 2020, @01:18PM (5 children)
Those seriously concerned with security would be running teleconferencing software on their own servers.
-- hendrik
(Score: 0) by Anonymous Coward on Monday April 13 2020, @04:55PM
ha!
I wish that were true, but I know too many techies who believe the promises of big companies. If they say "end to end encrypted" you'll get a lot of people trusting it. The number of people who have repeated the claim of long passwords taking exponentially longer to decrypt is staggering. They don't realize the number of ways crypto can be compromised.
I'm sure you're correct for certain instances like a meeting where actual data/specs are being discussed, but corporate espionage can involve a lot of mundane type of information that a manager might not think is a big deal.
(Score: 2) by legont on Monday April 13 2020, @04:59PM (3 children)
My employer which is a large bank and very much concerned is using Zoom simply because nothing else currently reliably works - our own net is overloaded as is and we need our bandwidth to provide service to the customers - you.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 0) by Anonymous Coward on Monday April 13 2020, @07:27PM
"service"
(Score: 1, Insightful) by Anonymous Coward on Tuesday April 14 2020, @01:08AM
Why are businesses freaking out about needing to see people on a video conference? What's wrong with the good old fashioned telephone conference with slides sent out beforehand? There is even software to share computer screens for remote presentations where you don't need to turn on any cameras. Why is everyone running to Zoom (especially even when other solutions existed before anyone heard of them last year)? Is this just simple social media herd mentality?
(Score: 2) by hendrikboom on Tuesday April 14 2020, @02:56AM
I was going to suggest jitsi, which s free software that will run on your own server (and which I haven't tried yet myself), but ... if your net connexion is overloaded, I see your point.
I presume you have some way of using zoom without a net connexion?
-- hendrik
(Score: 2) by Rosco P. Coltrane on Monday April 13 2020, @05:22PM (1 child)
That one has to be the understatement of the year.
(Score: 2) by DannyB on Monday April 13 2020, @05:39PM
Also: China does not enforce strict data piracy laws.
Universal health care is so complex that only 32 of 33 developed nations have found a way to make it work.