Lectori Salutem,
The privacy dangers using a tool like Zoom. FBI warns users.
Read: https://www.bleepingcomputer.com/news/security/zoom-client-leaks-windows-login-credentials-to-attackers/
The developers thereof even thought of a new definition to what E2E encryption means as they see it:
https://www.theregister.co.uk/2020/04/01/zoom_spotlight/
Certainly not a tool when you wanna keep information from others, again perfect tool when you wanna leak info to the world.
Re: https://support.zoom.us/hc/en-us/articles/115004055706-Managing-Contacts
and recently this:
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
FBI warning against Zoom-bombing : https://techcrunch.com/2020/03/17/zoombombing/
Security advice: https://www.csuci.edu/news/releases/zoom-bombers-2020.htm
Privacy friendly alternatives working from your home used by Tor Project developers?
Riseup Pads notifier: https://pad.riseup.net/
Productivity Platform NextCloud: https://nextcloud.com/
One-on-one chat-app Signal: https://www.signal.org/
Zoom alternative: JitsiMeet: http://meet.jit.si/
Sharing app = OnionShare: http://onionshare.org/
Sharing app for non-critical data: http://share.riseup.net/
1-6 all courtesy of Tor Project developers mentioned as tools they use at home to communicate (more) safely and securely.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Asyn
April 2, 2020, 9:20am
2
Nasa & SpaceX ban the use of zoom over security concerns.
https://www.jpost.com/International/Elon-Musks-SpaceX-bans-Zoom-over-privacy-concerns-623307
All of a sudden they wanna work on these issues: https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-encryption-for-meetings-webinars/ But can we trust them as they apologize? https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
See it happen first to really believe it, every corporation online is out there to grab your data
an make a sell-out to the highest bidder. :o
polonus
ZOOM should not be used if the meeting discusses any kind of secrets until they fix their security issues.
There certainly isn’t any reason not to use this product for anything that isn’t of a confidential mature.
Hi bob3160,
Agree with that, but “zoom bombing” is going on around us and your FBI warns you that to do so is an offence:
https://www.justice.gov/usao-edmi/pr/federal-state-and-local-law-enforcement-warn-against-teleconferencing-hacking-during
So be aware you should never share such links (zoom-ids) to any third party and/or do not share on social media.
Put a password to secure the waiting room is a good advice.
On a side-line, remember Zoom’s CEO had links to Shandong in Mainland China (he was born there in 1969/70),
and he had his USA-visa refused eight times in the past.
polonus
ZOOM Booming has already been addressed and they are working on the other items.
Asyn
April 5, 2020, 3:59am
9
Zoom will enable waiting rooms by default to stop Zoombombing
https://techcrunch.com/2020/04/03/zoom-waiting-rooms-default/
EFF instructs how to better make use of Zoom.
Disable chat auto saving; also disable “Attention Tracking”.
Keep your meeting IDs to yourself and install a password.
Zoom should not be used where any confidentiality comes involved.
Read: https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/:
The claimed AES-256 encryption seems only to be AES-128. Not to big of a problem.
However using AES in ECB mode (see figure 5 in mentioned link);
All participants make use of one and the same key, occasionally also shared with some server in Mainland China. :
Read https://www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/ & https://www.metzdowd.com/pipermail/cryptography/2020-April/035887.html .
All updates are not being installed automatically,
re: https://www.metzdowd.com/pipermail/cryptography/2020-April/035890.html .
Info credits go out to Erik van Straten.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Asyn
April 9, 2020, 7:45am
14
Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore
https://www.buzzfeednews.com/article/pranavdixit/google-bans-zoom
Considering that Google wants you to use their own product, this was expected.
For those using ZOOM, there was another update yesterday.
Asyn
April 10, 2020, 5:27am
16
It is not only Google to ban Zoom, also governments like Taiwan, Germany and American senators:
https://www.ft.com/content/dac7d60b-54fa-402b-8469-70f85aaace76
Encryption keys of non-Chinese user have been sent to Chinese servers. Do we want that?
Using Chinese made devices you do that everyday, remember.
My only hope is that China stays part of our Globe and they will send us loads of good “chi”.
polonus
It is not only Google to ban Zoom, also governments like Taiwan, Germany and American senators:
https://www.ft.com/content/dac7d60b-54fa-402b-8469-70f85aaace76
Encryption keys of non-Chinese user have been sent to Chinese servers. Do we want that?
Using Chinese made devices you do that everyday, remember.
My only hope is that China stays part of our Globe and they will send us loads of good “chi”.
polonus
To read the article, you need to sign up. Not about to happen any time soon.
https://screencast-o-matic.com/screenshots/u/Lh/1586521106038-99277.png
Asyn
April 14, 2020, 11:26am
19
Why do we have so many topics with the same information?
It makes replying extremely difficult and confusing.