Rich Freeman via plug on 18 Jun 2020 07:53:34 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] taskbook, Zoom


On Thu, Jun 18, 2020 at 10:38 AM jeff via plug
<plug@lists.phillylinux.org> wrote:
>
> Zoom decided to encrypt end-to-end, after the yelling.

While I obviously support E2E encryption, I think that people
complaining about this don't have a great grasp on the threat model.

The only people that E2E encryption protects you from are those with
access to the telecom infrastructure.  This is all professionally
managed and unless you are concerned about government spying/etc I
think the risk of an attack here is relatively low.  Of course it is
nonzero and so E2E encryption should be preferred.

What E2E encryption doesn't help with is attacks on the endpoints
themselves - which are probably cellphones or desktop PCs.

Which do you think is more likely?  That some hacker managed to
install a rootkit on somebody's Win10 PC?  Or that some hacker managed
to install a rootkit on some router/switch at Verizon?

My point here isn't so much that you shouldn't care about E2E
encryption.  Rather, my point is that simply having a features
checklist in the software you're using doesn't make you secure.
Usually the weak point in any chain of security is you...

-- 
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug