“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
A team of researchers at The Citizen Lab says the suddenly popular videoconferencing app Zoom uses a non-standard method of encryption, and transmits user information through China. If true, huge: the concern is that China could have access to all the encryption keys needed to access the contents of all those calls.
Read the report:
The researchers advise against use of Zoom by government officials (Boris Johnson is using the app for Cabinet meetings), but say the app is fine for keeping in touch or other forms of low-security group communication, for most users.
Me? I ain’t installing that app for nothing and nobody.
The Citizen Lab’s report warns Zoom “may not be suitable” for:
• Governments and businesses worried about espionage
• Healthcare providers handling sensitive patient information
• Activists, lawyers and journalists working on sensitive topics
But “our findings should not necessarily be concerning”, the report said.
They also note that “Zoom… appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software…this arrangement may make Zoom responsive to pressure from Chinese authorities.”
Here’s a snip from Bruce Schneier’s takeaway on the news today:
Over the past few weeks, Zoom’s use has exploded since it became the video conferencing platform of choice in today’s COVID-19 world. (My own university, Harvard, uses it for all of its classes.) Over that same period, the company has been exposed for having both lousy privacy and lousy security. My goal here is to summarize all of the problems and talk about solutions and workarounds.
In general, Zoom’s problems fall into three broad buckets: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.
Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.
The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. And it uses all of this surveillance data for profit, against your interests.
Read the rest at schneier.com:
Security and Privacy Implications of Zoom
And more observations on Twitter.
Google and Apple are working on a joint effort to introduce opt-in Bluetooth-based COVID-19 contact tracing APIs in mid-May for iOS and Android.
Uber today announced that it will provide millions of face masks against coronavirus for people who work as drivers or food delivery workers around the world, and that it has begun providing gloves and face masks for its workers in New York City.
“Big Brother, it turned out, was wearing a MAGA cap”
Along with medical professionals and grocery store employees, home WiFi networks are also being pushed to their limits during the recent troubles. With almost everyone home at all times and the web as one of the few links to everything outside your four walls, it’s a good bet that you’re seeing screen times rising significantly […]
Not long ago, the term weighted blanket elicited more blank stares than nods of recognition. But a funny thing happened over the course of the past few years. People who had trouble nodding off to sleep each night or who found themselves waking up multiple times throughout the overnight hours realized they didn’t just have […]
With workforces scattered, timelines busted and a reign of general uncertainty gripping our world, experienced project managers have never been more valuable. Now that most companies and industries face unprecedented belt-tightening and resource allocations, having a skilled project manager capable of successfully leading major initiatives while staying on time and on budget is an incalculable […]