Zoom’s Encryption Is “Not Suited for Secrets”

Zoom’s Encryption Is “Not Suited for Secrets” (The Intercept)

MEETINGS ON ZOOM, the increasingly popular video conferencing service, are encrypted using an algorithm with serious, well-known weaknesses, and sometimes using keys issued by servers in China, even when meeting participants are all in North America, according to researchers at the University of Toronto.

The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries. They conclude, in a report for the university’s Citizen Lab — widely followed in information security circles — that Zoom’s service is “not suited for secrets” and that it may be legally obligated to disclose encryption keys to Chinese authorities and “responsive to pressure” from them.

Zoom's security has been hammered since last week. First, Zoom was caught sending user meta-data to Facebook, then deception around end-to-end encryption, and now this: Unfortunately, this is the software that most colleges and K-12 schools are using to provide remote instruction to students.

Continue Reading
Sunday Paper, Rucksack, Magazine, Camera, Pocket Watch, Notebook, Leather, Range Finder Camera, Camera, Ruck

Sunday Paper - Supporting Strong Encryption, Facebook' Political Ad Policy, CES and vegan food, Music Shuffling versus Album Listening

There is a disconnect between the USA Congress, FBI, DOJ and industry regulatory bodies on encryption. The minute there is a data breach, Congress wants answers and results. That same congress along with the FBI is scaring people into supporting backdoors in everything while the Defense Department argues that robust encryption is necessary for national…

Continue Reading
Sunday Paper, Rucksack, Magazine, Camera, Pocket Watch, Notebook, Leather, Range Finder Camera, Camera, Ruck

Sunday Paper - Flawed sea level models, Politically Motivated Violence, Instagram, Gun Control, First Amendment, Private Networks and Rights, Privacy hypocrites

The climate may be even more screwed up than we thought. There are a couple of reasons. One of the major reasons is that we are seeing ice sheets pushed to a point where processes are coming into play that we hadn’t seen before. And we’re still struggling to understand these processes. We saw this…

Continue Reading

Google and Privacy

Deconstructing Google’s excuses on tracking protection (Freedom to Tinker)

Blocking cookies is bad for privacy. That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight.

So far Google has avoided the vitriol poured on Facebook. Why?

Continue Reading

Ethical Hackers Must Protect Digital Human Rights

Black Hat 2019: Ethical Hackers Must Protect Digital Human Rights (Threatpost)

When we talk about security, we have to ask, ‘security for who?'” said Galperin, speaking at a Black Hat session called “Hacking for the Greater Good: Empowering Technologists to Strengthen Digital Society.” “It’s usually for governments or corporations. We don’t talk about security for individuals, particularly individuals who don’t have a lot of spending money.”

Continue Reading