As the previous discussion already noted it seems disingenuous.
Spacex has real security concerns with national security secrets and trade assets.
Schools primary goal should be accessibility when it comes to teaching and Zoom arguably with its better video/audio has the best even with glaring security flaws (that do not necessarily seem decidedly worse than Hangouts).
Banning Zoom seems to be getting on the negative news train and applying the old adage, "everything looks like a nail."
We're talking about videos of children in their homes, in many cases probably their bedrooms. If they have to use it for school, they may also use it with their friends other than for school work as they will have it set up and know how to use it. I think the risks of illicit access to that material are pretty clear, and there are several serious vulnerabilities in Zoom that can grant direct access to video chats and saved videos, plus numerous other vulnerabilities.
None of that, while distasteful seems to signal any national security or personal security risk. This seems pretty hyperbolic. Why on earth would the Chinese government want access to videos of children in bedrooms? Ridiculous.
There are more reasons to not give access than personal or national security. Privacy is one. We shouldn't be in a situation where you need to explain why you need privacy. It should be the default.
"Think of the Children" is when an issue that is only tangentially or tenuously anything to do with children, and may not even be a legitimate concern anyway, uses a notional impact on children as emotional leverage to gain undeserved attention.
This case is literally and specifically about the protection of specific children from a proven risk.
Is the proven risk that China is snooping on American children? If so, I'm sure I'd have read it everywhere. If not, it's sensationalism. The case is literally and specifically about Zoom having the ability to snoop. Children are ancillary.
I'll reluctantly repeat the below from another post of mine on this thread:
There are two vulnerabilities in particular that can grant access to videos to anyone. One is that Zoom video chat IDs are short enough and low enough entropy to be guessable so it's possible to crash meetings. Also saved videos have a standard naming scheme that makes their file names guessable and therefore accessible publicly, as anyone who knows the file name can access any saved video.
Both of these are deliberate choices. They made meeting IDs short and memorable, which makes them guessable. They also wanted saved videos to have meaningful names derived from meeting and user metadata, but again that means they are guessable, and easy to access without annoying security controls.
Oh my god, you really didn’t read my post did you? To repeat myself, the concern is that if they have this software already installed and know how to use it, and in fact have to use it and it is recommended to them, that they will then also use it for private chats with their friends. Thus exposing the private video chats of teenage children on a platform with many known trivial vulnerabilities. How anyone can’t see what a bad idea this is boggles the mind.
There are two vulnerabilities in particular that can grant access to videos to hostiles. One is that Zoom video chat IDs are short enough and low enough entropy to be guessable. Also saved videos have a standard naming scheme that makes their file names guessable and therefore accessible publicly. However, any vulnerability, especially intentional ones knowingly trading convenience for security or implemented deceptively, is not acceptable especially when we're dealing with the privacy of children.
Those are photos and videos they have intentionally shared. Not supposedly secure private video sessions. If private chats and videos on Facebook of e.g. teenage girls virtual sleepover parties were also trivially accessible by strangers, that would also be an equal concern.
Can you imagine the lawsuits that are gonna come pouring in because some hacker was able to control the webcam on a students MacBook because Zoom’s installer basically acts as an insecure root kit, and takes videos of a kid in his private moments and releases them to the internet?
Zoom isn't being "targeted". They have repeatedly been in the news for gross security failures and personal privacy abuses. Other video services have not because they have not had this series of failures and abuses. That is not "targeting" zoom, that is reality being appropriately reported that zoom has bad and suspicious security practices and probably should be avoided.
Because Zoom in particular not only has numerous demonstrated security vulnerabilities, many of which are apparently intentional features, but has also shown a recklessly cavalier attitude to security generally. Surely it makes more sense to use and promote solutions from companies with better track records on security and privacy, which at this point seems to be pretty much anybody else.
I would agree with you on the point on adoption outside the school. Btw, what kind of serious vulnerabilities in Zoom are you talking about? Been using it in a big tech company for almost two years already. Our sec department seems confident with it afaik.
"negative news train", disregarding importance of security for schools? What are you talking about? The negative news train is just the negative series of revelations about Zoom. There is no media conspiracy here.
I respectfully disagree. I feel it is safe to say that Zoom have some serious issues in their development process. It seems every other day there is some new issue. Install fuckery on macOS, lying about E2EE, including code they did not properly understand, etc.
We talk so much about wanting to protect children that we should not be using software that gives audio and video access to their computers that we do not have confidence in.
>> including code they did not properly understand, etc.
Yeah we understand all of our code, right? I'm developing an Electron app. I let you guess how much I know about the code behind electron/chronium.
>> We talk so much about wanting to protect children that we should not be using software that gives audio and video access to their computers that we do not have confidence in.
> Yeah we understand all of our code, right? I'm developing an Electron app. I let you guess how much I know about the code behind electron/chronium.
I get your point however I feel there is a different between not having full understanding of the platform you are using (be it Electron, Windows, macOS, Linux, etc) and a small library from Facebook of all companies. The fact they were able to change/fix the issue within a day(?) says to me they just didn't bother to look at what it was really doing in the first place.
> Let's start banning facebook. Shall we?
Is Facebook not banned, or at least extremely restricted within the New York school network? My daughters school in the UK has a complete block on Facebook.
But yes I would happily ban Facebook. I feel the value it adds is not worth the trade off. For the purely social connection functionality (which I do see value in obviously) there are other options that are not as dirty as Facebook.
The only question is different interpretations of “fake”: it is a real system dialogue, invoked by a deprecated API; it is fake in that the text is set by Zoom to trick the user into allowing it to install itself without approval.
The reason SpaceX banned it is because of legal reasons: they can't export their tech. When children are involved, there are very similar legal concerns: they can't export the data associated with the children, aka: the video feed. I think both bans of Zoom are reasonable.
Right now it's been proven zoom lied about some parts of it's tech, particularly the end to end encryption part, so the state probably sees it as a legal risk if anything were to accidentally get out or get hacked.
> As the previous discussion already noted it seems disingenuous.
> Schools primary goal should be accessibility when it comes to teaching and Zoom arguably with its better video/audio has the best even with glaring security flaws (that do not necessarily seem decidedly worse than Hangouts).
Schools also have the primary goal that elementary school children are not exposed to male genitalia, pornography, graphic violence & the like under __any__ circumstances.
It doesn't matter if the first occurrence was a zoombomb, and it's fixed now, or the standard tech reply of "oh, well, it's the had the wrong settings."
Parents have zero tolerance for these things. They'll be coming for someone's head if it happens. Let alone if it happens again.
And no school administrator is going to put their job on the line once trust in a platform is destoryed.
Maybe because MS has a good solution that isn’t riddled with privacy issues?
What’s actually behind this is the threat of a mountain of lawsuits that are gonna come descending on school systems that compromise little kids’ privacy by forcing them to use Zoom.
If the images of one child during their private moments show up on the internet because Zoom has so many vilnerabilities and a malicious actor was able to control the students camera school systems are gonna get sued out of their existence.
Comparing an operating system to a video conference app...SMH. Anyways the article you list is more about privacy policy issues, the kind of which even ZOom is subject to because the US govt forever it on all their companies. Zoom, in addition to that, was also routing the video through Chinese servers,making you vulnerabl not only to the NSA but also the Chinese services.
More specifically, Teams has been in use for several years now, without a faction of the security issues that Zoom has had in the last couple of years.
Edit: The US government regulations are the problem there which is why the article mentions that Google and Apple also do not meet the same privacy standards. In other words, all the OS makers fail to do so, and not just Microsoft.
The only solution that would probably work for the German standards (and is something the EU should be investing heavily in anyways) would be Linux.
It's not "just" the OS, it's O365 too. Teams is a part of it.
And yeah, this is MS' attitude to privacy issues. The fact that nobody cares about that or doesn't want to write an article about it every day doesn't mean that it's less worse or somehow good. Zoom has been there for years too, just like those problems. The fact that now everybody DOES want to write an article about it is a result of the fact that it became so popular and it became so popular because it just works. Acting now as if MS is some kind of privacy heaven compared to Zoom is plainly wrong.
> The only solution that would probably work for the German standards (and is something the EU should be investing heavily in anyways) would be Linux.
This is not true. There were guidelines by the Federal Office for Information Security for Win7 that would work just like for certain versions of Office. Windows 10 is the first one where they plainly say: it's so ridden with privacy issues that it's just bad (data protection and privacy accident) and you should avoid it.
Gives you most of the featureset of the Mac app (unlike Zoom's crappy web app), but has a much narrower permission set which should mitigate most abuse.
After trying out a few solutions, I found https://bigbluebutton.org/ by far the best for classroom settings or even for general meetings. Being able to upload a presentation as a collaborative white board is much better than simple screen sharing (which is also possible). Video quality is not the best, but audio is rock solid and we had zero connection problems with tens of people in a conference. Getting started is simpler than Zoom, since no installation is required and both Firefox and Chrome are fully supported. It is also pretty easy to self-host and there is even a load balancer for large installations: https://github.com/ICTO/BBB-Load-Balancer
Been evaluating Jitsi all day, pretty good! I'm actually kind of impressed. Anyone have more experience who can elaborate on limitations and weaknesses we should be aware of before expanding to a larger internal pilot?
Spacex has real security concerns with national security secrets and trade assets.
Schools primary goal should be accessibility when it comes to teaching and Zoom arguably with its better video/audio has the best even with glaring security flaws (that do not necessarily seem decidedly worse than Hangouts).
Banning Zoom seems to be getting on the negative news train and applying the old adage, "everything looks like a nail."
This case is literally and specifically about the protection of specific children from a proven risk.
There are two vulnerabilities in particular that can grant access to videos to anyone. One is that Zoom video chat IDs are short enough and low enough entropy to be guessable so it's possible to crash meetings. Also saved videos have a standard naming scheme that makes their file names guessable and therefore accessible publicly, as anyone who knows the file name can access any saved video.
Both of these are deliberate choices. They made meeting IDs short and memorable, which makes them guessable. They also wanted saved videos to have meaningful names derived from meeting and user metadata, but again that means they are guessable, and easy to access without annoying security controls.
You're asking a broader question of children's safety. 100% it's a valid concern, but video tele-learning should be under fire then.
https://github.com/jitsi/docker-jitsi-meet#quick-start
Source: Father of two teenagers struggling with getting them acclimated to online school right now.
We talk so much about wanting to protect children that we should not be using software that gives audio and video access to their computers that we do not have confidence in.
>> We talk so much about wanting to protect children that we should not be using software that gives audio and video access to their computers that we do not have confidence in.
Let's start banning facebook. Shall we?
I get your point however I feel there is a different between not having full understanding of the platform you are using (be it Electron, Windows, macOS, Linux, etc) and a small library from Facebook of all companies. The fact they were able to change/fix the issue within a day(?) says to me they just didn't bother to look at what it was really doing in the first place.
> Let's start banning facebook. Shall we?
Is Facebook not banned, or at least extremely restricted within the New York school network? My daughters school in the UK has a complete block on Facebook.
But yes I would happily ban Facebook. I feel the value it adds is not worth the trade off. For the purely social connection functionality (which I do see value in obviously) there are other options that are not as dirty as Facebook.
The only question is different interpretations of “fake”: it is a real system dialogue, invoked by a deprecated API; it is fake in that the text is set by Zoom to trick the user into allowing it to install itself without approval.
> Schools primary goal should be accessibility when it comes to teaching and Zoom arguably with its better video/audio has the best even with glaring security flaws (that do not necessarily seem decidedly worse than Hangouts).
Schools also have the primary goal that elementary school children are not exposed to male genitalia, pornography, graphic violence & the like under __any__ circumstances.
It doesn't matter if the first occurrence was a zoombomb, and it's fixed now, or the standard tech reply of "oh, well, it's the had the wrong settings."
Parents have zero tolerance for these things. They'll be coming for someone's head if it happens. Let alone if it happens again.
And no school administrator is going to put their job on the line once trust in a platform is destoryed.
What’s actually behind this is the threat of a mountain of lawsuits that are gonna come descending on school systems that compromise little kids’ privacy by forcing them to use Zoom.
If the images of one child during their private moments show up on the internet because Zoom has so many vilnerabilities and a malicious actor was able to control the students camera school systems are gonna get sued out of their existence.
https://thenextweb.com/privacy/2019/07/15/german-schools-ban...
More specifically, Teams has been in use for several years now, without a faction of the security issues that Zoom has had in the last couple of years.
Edit: The US government regulations are the problem there which is why the article mentions that Google and Apple also do not meet the same privacy standards. In other words, all the OS makers fail to do so, and not just Microsoft.
The only solution that would probably work for the German standards (and is something the EU should be investing heavily in anyways) would be Linux.
And yeah, this is MS' attitude to privacy issues. The fact that nobody cares about that or doesn't want to write an article about it every day doesn't mean that it's less worse or somehow good. Zoom has been there for years too, just like those problems. The fact that now everybody DOES want to write an article about it is a result of the fact that it became so popular and it became so popular because it just works. Acting now as if MS is some kind of privacy heaven compared to Zoom is plainly wrong.
> The only solution that would probably work for the German standards (and is something the EU should be investing heavily in anyways) would be Linux.
This is not true. There were guidelines by the Federal Office for Information Security for Win7 that would work just like for certain versions of Office. Windows 10 is the first one where they plainly say: it's so ridden with privacy issues that it's just bad (data protection and privacy accident) and you should avoid it.
https://chrome.google.com/webstore/detail/zoom/hmbjbjdpkobdj...
Gives you most of the featureset of the Mac app (unlike Zoom's crappy web app), but has a much narrower permission set which should mitigate most abuse.