After a lot of negative attention from press and privacy advocates, Zoom has backtracked on its stance. It will provide free users with end-to-end encryption, a feature previously limited to paying customers.
The company said that free users will have to verify themselves with a phone number in a one-time process. It claimed that this will stop bad actors from creating multiple abusive accounts.
Zoom is also releasing an updated design of its end-to-end encryption solution on GitHub that intends to achieve a balance between “the legitimate right of all users to privacy and the safety of users.”
Good to see Zoom do this.
Three lawmakers in the U.S. have asked Zoom to clarify its relationship with China after the company suspended user accounts at its request.
Zoom is buying security firm Keybase in order to help the video-conferencing firm implement end-to-end encryption.
Charlotte Henry joins host Kelly Guimont to discuss newly everywhere meeting service Zoom, and how hosts and attendees can stay safe.
300 million people a day use Zoom. You’re probably one of them. Here are some tips on how to host a meeting on it safely.
Credentials for at least half-a-million Zoom accounts have been sold across the dark web and hacker forums for negligible amounts of money.
One of Zoom’s controversies is how it routes some of its network traffic through China’s servers. If you’re privacy conscious, you can opt out of specific data center regions starting April 18. But this is only for paying customers.
This feature gives our customers more control over their data and their interaction with our global network when using Zoom’s industry-leading video communication services.
I can’t say I agree. It’s not about making privacy a paid feature, it’s that Zoom is exploiting its own insecurity to create a paid feature. Next step: Making end-to-end encryption a paid feature, and leaving free users to fend for themselves.
Researchers found that Zoom uses its own encryption scheme, sometimes using keys issued by China.
Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report.
I don’t have further commentary on Zoom, other than asking, “How will this end?”
After multiple privacy and security violations have been found with Zoom, Andrew wanted to share three Zoom alternatives he found.
Security researcher Patrick Wardle disclosed two Zoom bugs today. They can be used to steal Windows passwords and access your webcam and microphone. They do however require physical access to the machine.
In this blog post, we’ll start by briefly looking at recent security and privacy flaws that affected Zoom. Following this, we’ll transition into discussing several new security issues that affect the latest version of Zoom’s macOS client.
At this point, Zoom should just rewrite its software completely.
Along with recent news that Zoom sent your data to Facebook (although it stopped) now we learn that its video calls don’t use end-to-end encryption, despite the company marketing it as such.
…But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.
It just keeps getting worse for Zoom. It’s unfortunate the company has chosen such tactics, because it really is one of the better video calling apps out there.
As people are required to work from home, apps like Zoom help us with video conferencing. But why is the iOS app sending our data to Facebook?
Upon downloading and opening the app, Zoom connects to Facebook’s Graph API, according to Motherboard’s analysis of the app’s network activity. The Graph API is the main way developers get data in or out of Facebook. The Zoom app notifies Facebook when the user opens the app, details on the user’s device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier created by the user’s device which companies can use to target a user with advertisements.
I’ll add this to my #DeleteFBSDK endeavors.
You may have noticed in iOS 13 and iPadOS that double tap to zoom in Safari no longer works. Instead you’ll have to do something else.
Apple released a silent update to Macs to patch apps affected by the Zoom security flaw, which it turns out affects a number of other apps.
John Martellaro and Andrew Orr join host Kelly Guimont to talk about Apple’s balance of security and user freedom, and a new iCloud VPN idea.
John Martellaro and Andrew Orr join host Kelly Guimont to talk about the state of updates from Apple, and the latest in blocking robocalls.
After the controversy surrounding Zoom and its hidden web server, Apple is pushing a hidden Mac update that removes it.
John Martellaro and Bryan Chaffin join host Kelly Guimont for a few PSAs, then a discussion of the current state of Apple’s computer lineup.
In an updated blog post, the Zoom web server will be removed in the next update, given recent information that it can be exploited.
JULY 9 PATCH: The patch planned for tonight (July 9) at or before 12:00 AM PT will do the following: 1. Remove the local web server entirely, once the Zoom client has been updated – We are stopping the use of a local web server on Mac devices. Once the patch is deployed, Mac users will be prompted in the Zoom user interface (UI) to update their client. Once the update is complete, the local web server will be completely removed on that device.
Andrew Orr and Dave Hamilton join host Kelly Guimont to talk about the new Mac laptop updates and the latest security flaw courtesy of Zoom.