requesting info on current tech events
Could someone tell me 1) what is wrong with zoom security-wise and is it something I need to be worried about considering our school and our doctor use it for remote meetings and 2) what is keybase and why is it bad that zoom bought it
re: requesting info on current tech events
@IceWolf the thing about malware reminds me of the superfish thing that made lenovo lose our trust....
re: requesting info on current tech events
@Felthry Yeahhhh.
re: requesting info on current tech events
@Felthry I mean it's not quite /that/ bad, but still...
re: requesting info on current tech events
@IceWolf to be clear, this *specific* thing is not something we have to worry about on windows, right?
re: requesting info on current tech events
@Felthry I don't believe so; every article I've seen about that was talking specifically about Mac.
Still, probably a good idea to run it in a VM. >,,>
requesting info on current tech events
@Felthry here's a link I have handy regarding their privacy policy https://blogs.harvard.edu/doc/2020/03/27/zoom/
re: requesting info on current tech events
@Felthry Zoom has had a number of security issues to the point where people recommend using the in-browser version/ running the desktop client sandboxed/ running the iOS version. There's a good list on Wikipedia. The one that probably caught the most attention is "zoombombing" because at times you could just brute force meeting keys and connect to random meetings, most notably one the British government did (and also a bunch people connecting to classrooms showing porn and the like, you know how it is on the internet)
re: requesting info on current tech events
@Felthry keybase is a key directory that you can connect to your public-facing accounts like Twitter, Github or even Mastodon but at some point they added some cryptocurrency bullshit. Zoom probably bought them to get some people with crypto know-how in their company but that doesn't guarantee that they're gonna improve their crypto
providing info on current tech events, Zoom, Terran horribleness, capitalism
1. Zoom sends data to Facebook even if you don't have a Facebook account, released malware (at least for macOS), and lied about using end-to-end encryption.
Yes, you need to worry about this. If your institution requires using Zoom, demand that they issue you a device, or run it only on a separate untrusted device or in a VM (Qubes is great). Keep it powered off when not in use. Don't discuss private things over Zoom; find an actually secure decentralized open-source platform not maintained by a forprofit (Jitsi may become this, hopefully in the near future).
Zoom is a forprofit taking advantage of the current situation to grow its userbase, while selling user data to other forprofits and doing the bare minimum to try to look like it's patching up security.
2. Keybase was a cool innovation fishbowl. Now it's owned by a forprofit which is horrible at infosec and also malicious. RIP.
re: requesting info on current tech events
@Felthry Zoom is... they feel kinda shady. That's the big thing that worries me.
They basically did /malware/ stuff on Mac – they installed a /secret web server/ behind your back, and sneakily tricked you into giving them root permission instead of asking the normal way...
And, they claimed to have "end to end" encryption when in reality it was just TLS. Not okay.