Zoom Security Incidents and Lies

  • Thread starter
  • Moderator
  • #1
MagicalAzareal

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
704
www.theregister.co.uk

Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...

Super-crypto actually normal TLS, lawsuit launched over Facebook API usage, privacy policy rewritten
www.theregister.co.uk www.theregister.co.uk
And this... is why you never market a product with a features it doesn't have (like end to end encryption) or to be more secure than it actually is. It turns out the British Government winded up using it for sensitive high level meetings... Sigh.

It somewhat reminds me of the U.S. DoD putting classified documents on unprotected AWS S3 buckets (not taking the time to secure it) and them getting leaked, although that case would arguably be their fault.
 
LeadCrow

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,562
I miss the good old times when people prioritized sovereignty and control over their data over idiot-proof convenience where these concepts are optional and sold separately...
 
  • Thread starter
  • Moderator
  • #3
MagicalAzareal

MagicalAzareal

Magical Developer
Joined
Apr 25, 2019
Messages
704
LeadCrow said:
I miss the good old times when people prioritized sovereignty and control over their data over idiot-proof convenience where these concepts are optional and sold separately...
Click to expand...
Unfortunately, even politicians seem to buy into convenience. In the U.S. they are very fond of sending things over emails, even things they really shouldn't. Something like Signal would be a fair bit better (and can be self-hosted), but it's harder to use than just sending someone an email.
 
R0binHood

R0binHood

Habitué
Joined
Nov 23, 2011
Messages
1,389
LeadCrow said:
idiot-proof convenience
Click to expand...
That's why Zoom is so popular. It literally just works. When you're trying to set up a call with 20 people, or a class with a teacher and 50 students, or even just a one on one with someone who knows nothing about computers, you want everyone to be able to join with as little problems and troubleshooting as possible.

99% of people couldn't care less that it's not end to end encrypted, they just want to join the call and get on with it without running into problems.

It's like their dodgy mac install setup that apparently side steps certain Mac standards to make it easier in install. I get why they did it, even though it's not a good idea in terms of security. But that's also partly Apple's fault for training user to randomly type in their password to generic dialogue boxes the last few years.
 
You must log in or register to reply here.
Top