Glenn Fleishmann Introduces Free Book ‘Take Control of Zoom Essentials’

· Andrew Orr · Cool Stuff Found

Zoom logo

Glenn Fleishman has released a free version of his book called “Take Control of Zoom Essentials” as well as updated the paid version called “Take Control of Zoom”. Take Control shared the news in a blog post:

Yesterday, we released two Zoom-related books by Glenn Fleishman: a new, free book called Take Control of Zoom Essentials and a gigantic version 1.1 update to the comprehensive Take Control of Zoom. We know a lot of people are using Zoom for work and school, and we hope you find these books helpful.

Zoom usage has skyrocketed now that more people have been working and learning from home due to the COVID-19 pandemic. Consider these books to know everything you want to know about using the video sharing platform.

Zoom Backtracks, Will Give Free Users Encryption Protection

· Andrew Orr · Link

Zoom logo

After a lot of negative attention from press and privacy advocates, Zoom has backtracked on its stance. It will provide free users with end-to-end encryption, a feature previously limited to paying customers.

The company said that free users will have to verify themselves with a phone number in a one-time process. It claimed that this will stop bad actors from creating multiple abusive accounts.

Zoom is also releasing an updated design of its end-to-end encryption solution on GitHub that intends to achieve a balance between “the legitimate right of all users to privacy and the safety of users.”

Good to see Zoom do this.

U.S. Lawmakers Ask Zoom About its Ties to China

· Andrew Orr · News

Zoom logo

Three lawmakers in the U.S. have asked Zoom to clarify its relationship with China after the company suspended user accounts at its request.

Zoom Security Tips – TMO Daily Observations 2020-04-28

· Kelly Guimont · The Mac Observer's Daily Observations Podcast

TMO Daily Observations Podcast Logo

Charlotte Henry joins host Kelly Guimont to discuss newly everywhere meeting service Zoom, and how hosts and attendees can stay safe.

Zoom: How to Host a Meeting Safely

· Charlotte Henry · News

Zoom logo

300 million people a day use Zoom. You’re probably one of them. Here are some tips on how to host a meeting on it safely.

Zoom: Don’t Want to Get Routed Through Chinese Servers? Fork Over Your Cash

· Andrew Orr · Link

Zoom logo

One of Zoom’s controversies is how it routes some of its network traffic through China’s servers. If you’re privacy conscious, you can opt out of specific data center regions starting April 18. But this is only for paying customers.

This feature gives our customers more control over their data and their interaction with our global network when using Zoom’s industry-leading video communication services.

I can’t say I agree. It’s not about making privacy a paid feature, it’s that Zoom is exploiting its own insecurity to create a paid feature. Next step: Making end-to-end encryption a paid feature, and leaving free users to fend for themselves.

Zoom’s Encryption is Linked to Chinese Servers

· Andrew Orr · Link

Chinese flag

Researchers found that Zoom uses its own encryption scheme, sometimes using keys issued by China.

Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report.

I don’t have further commentary on Zoom, other than asking, “How will this end?”

5 Zoom Alternatives to Maintain Your Privacy

· Andrew Orr · Quick Tip

Image of people on a video call

After multiple privacy and security violations have been found with Zoom, Andrew wanted to share three Zoom alternatives he found.

New Zoom Bug Can Be Used to Steal Passwords, Access Your Webcam, Microphone

· Andrew Orr · Link

Zoom logo

Security researcher Patrick Wardle disclosed two Zoom bugs today. They can be used to steal Windows passwords and access your webcam and microphone. They do however require physical access to the machine.

In this blog post, we’ll start by briefly looking at recent security and privacy flaws that affected Zoom. Following this, we’ll transition into discussing several new security issues that affect the latest version of Zoom’s macOS client.

At this point, Zoom should just rewrite its software completely.

Zoom Meetings Aren’t Encrypted End-to-End, Despite Marketing

· Andrew Orr · Link

Zoom logo

Along with recent news that Zoom sent your data to Facebook (although it stopped) now we learn that its video calls don’t use end-to-end encryption, despite the company marketing it as such.

…But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.

It just keeps getting worse for Zoom. It’s unfortunate the company has chosen such tactics, because it really is one of the better video calling apps out there.

Why is Zoom Sending Our Data to Facebook?

· Andrew Orr · Link

Zoom logo

As people are required to work from home, apps like Zoom help us with video conferencing. But why is the iOS app sending our data to Facebook?

Upon downloading and opening the app, Zoom connects to Facebook’s Graph API, according to Motherboard’s analysis of the app’s network activity. The Graph API is the main way developers get data in or out of Facebook. The Zoom app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.

I’ll add this to my #DeleteFBSDK endeavors.

Zoom Web Server Will Be Removed in New Update

· Andrew Orr · Link

Zoom logo

In an updated blog post, the Zoom web server will be removed in the next update, given recent information that it can be exploited.

JULY 9 PATCH: The patch planned for tonight (July 9) at or before 12:00 AM PT will do the following: 1. Remove the local web server entirely, once the Zoom client has been updated – We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device.