Monday, April 6, 2020

New York City schools ban Zoom

Interesting:
As schools lie empty, students still have to learn. But officials in New York City say schools are not permitted to use Zoom for remote teaching, citing security concerns with the video conferencing service.

...

News of the ban comes after a barrage of criticism over the company’s security policies and privacy practices, as hundreds of millions of users forced to work during the pandemic from home turn to the video calling platform. On Friday, Zoom’s chief executive apologized for “mistakenly” routing some calls through China, after researchers said the setup would put ostensibly encrypted calls at risk of interception by Chinese authorities. Zoom also apologized for claiming its service was end-to-end encrypted when it was not.
Zoom also changed its default settings to enable passwords on video calls by default after a wave of “Zoombombing” attacks, which saw unprotected calls invaded by trolls and used to broadcast abusive content.
There's actually a lot more Zoom security history here; this is not a new situation.

I have to say that this is the biggest example of security hurting a product that I can remember, and I've been doing this for a long, long time.

UDATE 6 April 2020 11:33: Security bigwig Bruce Schneier is pretty harsh in his assessment of Zoom. Security bigwig Steve Bellovin is less harsh in his.

UPDATE 6 April 2020 14:01: Good Zoom security guidance.

4 comments:

Rick C said...

I guess all those kids one-starring it to get out of school a couple weeks ago were prescient.

Etaoin Shrdlu said...

It may all come down to one single question: Is Zoom Chinese-owned or controlled? if so, then it cannot be trusted. I would suggest the same question be asked of VPNs. Are you aware of any home-or personal, much less institutionally-oriented VPNs which are known NOT to be Chinese-owned?

Borepatch said...

Etaoin, I haven't hears any chatter about the Chinese being in bed with the VPN vendors.

I've heard good things about Proton VPN which is in Switzerland: https://protonvpn.com/

Etaoin Shrdlu said...

I saw some sort of brief comment on Chinese interests in VPNs awhile ago. Did a quick search and found this: https://www.computerweekly.com/news/252466203/Top-VPNs-secretly-owned-by-Chinese-firms. Obviously the potential for harm is ghastly. Some turned out to be owned by parties in Pakistan, and some the researchers were totally unable to determine.