| Rich Kulawiec via plug on 3 Apr 2020 05:20:31 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Virtual Plug? |
[ Yeah, I'm following up my own message. I know. I'm including some more links and some commentary below. ---rsk ] Turns out there's more: FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic "Zoom-Bombing" Hijacks Online Class Meetings In Massachusetts, FBI Warns -CBS Boston https://boston.cbslocal.com/2020/03/30/zoom-zoombombing-hack-security-tips/ Coronavirus: Add "Zoom-bombing" to the stresses overwhelming schools - Los Angeles Times https://www.latimes.com/california/story/2020-03-25/zoombombing-usc-classes-interrupted-racist-remarks "Zoombombers" disrupt online classes with racist, pornographic content https://www.insidehighered.com/news/2020/03/26/zoombombers-disrupt-online-classes-racist-pornographic-content Zoom Bug Gives Hackers Full Control Over Computers | Inc.com https://www.inc.com/don-reisinger/zoom-bug-gives-hackers-full-control-over-computers.html Ex-NSA hacker drops new zero-day doom for Zoom -- TechCrunch https://techcrunch.com/2020/04/01/zoom-doom/ Maybe we shouldn't use Zoom after all -- TechCrunch https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/ Zoom Contacts Feature Leaks Email Addresses, Photos https://www.databreachtoday.com/zoom-contacts-feature-leaks-email-addresses-photos-a-14039 The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet https://www.zdnet.com/article/the-internet-is-now-rife-with-places-where-you-can-organize-zoom-bombing-raids/ Students Conspire in Chats to "Zoom-Bomb" Online Classes, Harass Teachers | PCMag https://www.pcmag.com/news/students-conspire-in-chats-to-zoom-bomb-online-classes-harass-teachers Two comments: 1. Am I telling you not to use it? No. *I* certainly won't use it under any circumstances whatsoever, now or in the future, because Zoom has put sufficient proof on the table to convince me that they're completely untrustworthy and always will be. [1] It seems pretty obvious that they invested far more effort in monetizing users' security and privacy than they did actually making a product. That isn't an accident. It's a deliberate strategy. And it's unfixable. 2. At this very moment there are a lot of LUGs (and similar volunteer/dues-free organizations) trying to find a workable solution to roughly the same problem...and given that a lot of people involved in those have some extra time on their hands...this seems like a very opportune moment for someone (or a group of someones) to either work on an existing project that shows promise or start a new one. And not just for LUGs: the world could use a decent solution in this space that isn't controlled by the kind of filth who run and staff Zoom. So right here, right now, is an opportunity for the entire open source world to step up and put Zoom out of business. Win-win. I'm busy with other projects and I don't particularly care about video conferencing so I'm not volunteering. (Other than their security/privacy impacts, which is why I'm paying attention to this.) I'm just observing discussions on multiple LUG mailing lists and noting that a lot of other people *do* care about video conferencing and are trying to figure out what to do. ---rsk [1] It will happen this way: they will send out their spokesliars to make the right noises. They'll claim that these things are "accidents" and not deliberately designed and built. They'll promise to do better. They'll drag the lawsuit out as long as possible and then go for a settlement -- terms sealed, of course, and admitting no wrongdoing. Meanwhile, they won't remove anything: they'll just bury it deeper. Maybe they'll threaten a security researcher or two, that's often part of the playbook. They'll offer services to struggling, desperate organizations who don't have the awareness to say "no" and thus will get themselves embedded in a lot of places. And they'll sell, sell, sell any and all data. What they don't sell above board, they'll sell under the table. And what they don't sell under the table will be sold by enterprising, freelancing employees. And what nobody's selling will simply be taken from them because, after all, why should they invest in security? It's not *their* data. Bonus points if you know who I was quoting with "It will happen this way." ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug