[Nottingham] Non-Zoom - Re: [Talk] *Tomorrow* Thursday 7:30pm 26/03/2020: Going Virtual!
VM
vadim at mankevich.co.uk
Sat Apr 4 15:20:17 UTC 2020
It's all Microsoft's fault. It mismanaged Skype so that Zoom which was never designed to be a critical piece of software suddenly came under so much scrutiny and expectations.
Jitsi meet with a dial-in as was used by the group obviously was not end-to-end encrypted and really worked well only when using proprietary browsers... iOS app worked flawlessly, by the way :)
On April 4, 2020 2:47:35 PM UTC, Martin via Nottingham <nottingham at mailman.lug.org.uk> wrote:
>... And to add a few more nails into the Zoom coffin:
>
>
>Zoom 'unsuitable' for government secrets, researchers say
>
>https://www.bbc.co.uk/news/technology-52152025
>
>
>#####
>... found that Zoom was using a non-standard type of encryption, and
>transmitting information through China...
>
>... found that Zoom sends traffic to China - even when all the people
>in
>a Zoom meeting are outside of China. "During multiple test calls in
>North America, we observed keys for encrypting and decrypting meetings
>transmitted to servers in Beijing, China,"...
>
>... Zoom has "rolled their own" encryption - using a variant of
>something called AES-128 in "ECB mode". Among security researchers, ECB
>mode "is well understood to be a bad idea", because it preserves some
>of
>the patterns of the original [easing breaking the encryption]...
>
>... [And] it uses "transport" encryption between devices and [Zoom's]
>servers [not unbroken end-to-end encryption]...
>
>... Zoom clarified its encryption policy on 1 April, apologising for
>incorrectly suggesting that meetings were capable of end-to-end
>encryption...
>
>... Prof Woodward added: "I would not use Zoom for any sensitive or
>secret discussions."
>#####
>
>
>Really, Zoom 'promises' to 'do better' amusingly announcing that on the
>1st of April?!
>
>To my personal view, all overly overtly suspicious!
>
>
>Stay safe folks!
>Martin
>
>
>
>On 03/04/2020 19:34, Martin via Nottingham wrote:
>> On 26/03/2020 16:44, J J via Nottingham wrote:
>>> at least it's not Zoom, Skype or something.
>>
>> ... And here's an example of why we didn't use those:
>>
>>
>> Zoom boss apologises for security issues and promises fixes...
>>
>> https://www.bbc.co.uk/news/technology-52133349
>>
>>
>> Zoom vows to spend next 90 days thinking hard about its security and
>> privacy after rough week...
>>
>> https://www.theregister.co.uk/2020/04/03/zoom_security_improvements/
>>
>>
>> And beware whatever 'fixes' you might wish for... As a user you get
>> whatever you are given... User beware?
>>
>>
>> Stay safe folks!
>> Martin
>
>
>--
>Nottingham mailing list
>Nottingham at mailman.lug.org.uk
>https://mailman.lug.org.uk/mailman/listinfo/nottingham
--
vadim at mankevich.co.uk PGP key fingerprint
0xC046022A3A91455AF0C9BB2404BF882B1905C772
Retrieve from https://keybase.io/vmankevich
"When we take away the right to figure out if something bad is going on in our computers, the inevitable consequence is that bad things will happen in our computers." (Cory Doctorow)
More information about the Nottingham
mailing list