[Nottingham] Non-Zoom - Re: [Talk] *Tomorrow* Thursday 7:30pm 26/03/2020: Going Virtual!

Martin martin at ml1.co.uk
Sat Apr 4 15:17:50 UTC 2020 

Further detail from The Register:


Not only is Zoom's strong end-to-end encryption not actually end-to-end,
its encryption isn't even that strong

Video calls also routed through China, probe discovers

https://www.theregister.co.uk/2020/04/03/dont_use_zoom_if_privacy/


Stay safe folks!
Martin



On 04/04/2020 15:47, Martin via Nottingham wrote:
> ... And to add a few more nails into the Zoom coffin:
> 
> 
> Zoom 'unsuitable' for government secrets, researchers say
> 
> https://www.bbc.co.uk/news/technology-52152025
> 
> 
> #####
> ... found that Zoom was using a non-standard type of encryption, and
> transmitting information through China...
> 
> ... found that Zoom sends traffic to China - even when all the people in
> a Zoom meeting are outside of China. "During multiple test calls in
> North America, we observed keys for encrypting and decrypting meetings
> transmitted to servers in Beijing, China,"...
> 
> ... Zoom has "rolled their own" encryption - using a variant of
> something called AES-128 in "ECB mode". Among security researchers, ECB
> mode "is well understood to be a bad idea", because it preserves some of
> the patterns of the original [easing breaking the encryption]...
> 
> ... [And] it uses "transport" encryption between devices and [Zoom's]
> servers [not unbroken end-to-end encryption]...
> 
> ... Zoom clarified its encryption policy on 1 April, apologising for
> incorrectly suggesting that meetings were capable of end-to-end
> encryption...
> 
> ... Prof Woodward added: "I would not use Zoom for any sensitive or
> secret discussions."
> #####
> 
> 
> Really, Zoom 'promises' to 'do better' amusingly announcing that on the
> 1st of April?!
> 
> To my personal view, all overly overtly suspicious!
> 
> 
> Stay safe folks!
> Martin
> 
> 
> 
> On 03/04/2020 19:34, Martin via Nottingham wrote:
>> On 26/03/2020 16:44, J J via Nottingham wrote:
>>> at least it's not Zoom, Skype or something.
>>
>> ... And here's an example of why we didn't use those:
>>
>>
>> Zoom boss apologises for security issues and promises fixes...
>>
>> https://www.bbc.co.uk/news/technology-52133349
>>
>>
>> Zoom vows to spend next 90 days thinking hard about its security and
>> privacy after rough week...
>>
>> https://www.theregister.co.uk/2020/04/03/zoom_security_improvements/
>>
>>
>> And beware whatever 'fixes' you might wish for... As a user you get
>> whatever you are given... User beware?
>>
>>
>> Stay safe folks!
>> Martin

More information about the Nottingham mailing list