Rich Kulawiec via plug on 3 Apr 2020 05:20:31 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Virtual Plug?

[ Yeah, I'm following up my own message.  I know.  I'm including
some more links and some commentary below. ---rsk ]

Turns out there's more:

	FBI Warns of Teleconferencing and Online Classroom Hijacking During COVID-19 Pandemic

	"Zoom-Bombing" Hijacks Online Class Meetings In Massachusetts, FBI Warns -CBS Boston

	Coronavirus: Add "Zoom-bombing" to the stresses overwhelming schools - Los Angeles Times

	"Zoombombers" disrupt online classes with racist, pornographic content

	Zoom Bug Gives Hackers Full Control Over Computers |

	Ex-NSA hacker drops new zero-day doom for Zoom -- TechCrunch

	Maybe we shouldn't use Zoom after all -- TechCrunch

	Zoom Contacts Feature Leaks Email Addresses, Photos

	The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet

	Students Conspire in Chats to "Zoom-Bomb" Online Classes, Harass Teachers | PCMag

Two comments:

1. Am I telling you not to use it?  No.  *I* certainly won't use it under
any circumstances whatsoever, now or in the future, because Zoom has
put sufficient proof on the table to convince me that they're completely
untrustworthy and always will be. [1]

It seems pretty obvious that they invested far more effort in monetizing
users' security and privacy than they did actually making a product.
That isn't an accident.  It's a deliberate strategy.  And it's unfixable.

2.  At this very moment there are a lot of LUGs (and similar
volunteer/dues-free organizations) trying to find a workable solution
to roughly the same problem...and given that a lot of people involved
in those have some extra time on their hands...this seems like a very
opportune moment for someone (or a group of someones) to either work on
an existing project that shows promise or start a new one.

And not just for LUGs: the world could use a decent solution in this
space that isn't controlled by the kind of filth who run and staff Zoom.
So right here, right now, is an opportunity for the entire open source
world to step up and put Zoom out of business.  Win-win.

I'm busy with other projects and I don't particularly care about video
conferencing so I'm not volunteering.  (Other than their security/privacy
impacts, which is why I'm paying attention to this.)  I'm just observing
discussions on multiple LUG mailing lists and noting that a lot of other
people *do* care about video conferencing and are trying to figure out what
to do.


[1] It will happen this way: they will send out their spokesliars to make
the right noises.  They'll claim that these things are "accidents" and
not deliberately designed and built. They'll promise to do better.
They'll drag the lawsuit out as long as possible and then go for
a settlement -- terms sealed, of course, and admitting no wrongdoing.
Meanwhile, they won't remove anything: they'll just bury it deeper.
Maybe they'll threaten a security researcher or two, that's often
part of the playbook.  They'll offer services to struggling, desperate
organizations who don't have the awareness to say "no" and thus will
get themselves embedded in a lot of places.  And they'll sell, sell,
sell any and all data.  What they don't sell above board, they'll
sell under the table.  And what they don't sell under the table
will be sold by enterprising, freelancing employees.  And what nobody's
selling will simply be taken from them because, after all, why should
they invest in security?  It's not *their* data.

Bonus points if you know who I was quoting with "It will happen this way."
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --