Zoom Security Incidents and Lies

[MagicalAzareal]

Zoom's end-to-end encryption isn't actually end-to-end at all. Good thing the PM isn't using it for Cabinet calls. Oh, for f...

Super-crypto actually normal TLS, lawsuit launched over Facebook API usage, privacy policy rewritten

www.theregister.co.uk

And this... is why you never market a product with a features it doesn't have (like end to end encryption) or to be more secure than it actually is. It turns out the British Government winded up using it for sensitive high level meetings... Sigh.

It somewhat reminds me of the U.S. DoD putting classified documents on unprotected AWS S3 buckets (not taking the time to secure it) and them getting leaked, although that case would arguably be their fault.

 

[LeadCrow]

I miss the good old times when people prioritized sovereignty and control over their data over idiot-proof convenience where these concepts are optional and sold separately...

 

[MagicalAzareal]

I miss the good old times when people prioritized sovereignty and control over their data over idiot-proof convenience where these concepts are optional and sold separately...

Unfortunately, even politicians seem to buy into convenience. In the U.S. they are very fond of sending things over emails, even things they really shouldn't. Something like Signal would be a fair bit better (and can be self-hosted), but it's harder to use than just sending someone an email.

 

[R0binHood]

idiot-proof convenience

That's why Zoom is so popular. It literally just works. When you're trying to set up a call with 20 people, or a class with a teacher and 50 students, or even just a one on one with someone who knows nothing about computers, you want everyone to be able to join with as little problems and troubleshooting as possible.

99% of people couldn't care less that it's not end to end encrypted, they just want to join the call and get on with it without running into problems.

It's like their dodgy mac install setup that apparently side steps certain Mac standards to make it easier in install. I get why they did it, even though it's not a good idea in terms of security. But that's also partly Apple's fault for training user to randomly type in their password to generic dialogue boxes the last few years.