SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Ami I being too paranoid in not wanting to sign in to Zoom video conferences?
Page 1 2 
Go
New
Find
Notify
Tools
Reply
  
Ami I being too paranoid in not wanting to sign in to Zoom video conferences? Login/Join 
goodheart
Picture of sjtill
posted
Bible studies, choir, other groups of which I'm a part are using Zoom for video conferencing.

The first several things I read about Zoom were:
1. It claims to be end-to-end encrypted but is not
2. Hackers and pranksters can easily access Zoom conferences
3. Zoom sneakily installs itself on your computer and gives itself access to contacts and other private stuff
4. The Zoom iPhone app is crap
5. Elon Musk bans Zoom from use in SpaceX
6. The FBI is warning against Zoom use
7. Zoom's secret weapon is "our Chinese engineers"
8. Zoom, like Huawei, can be used by the Chicoms against us

Now some of the above I may not have gotten right, but it sounded scary enough that I have refused participation in meetings and sent out articles to friends warning them against Zoom.

In today's WSJ, there was this:

Zoom CEO: I Really Screwed Up

quote:
Use of Zoom exploded as the coronavirus pandemic has forced more people to stay home. Where once it enabled client conferences or training webinars, it is now also a venue for virtual cocktail hours, Zumba classes and children’s birthday parties. It became the most downloaded free app on Apple’s iOS App Store, leapfrogging bigger names like TikTok, DoorDash, and Disney+.

The number of daily meeting participants across Zoom’s paid and free services has gone from around 10 million at the end of last year to 200 million now, the company says. Most of those people are using its free service.

Zoom’s initial public offering just under a year ago was one of 2019’s most successful, making Mr. Yuan a billionaire. While the stock market has taken historic tumbles over the past month, Zoom’s shares are up.

But the platform’s surging popularity has attracted trolls and hackers, as well as scrutiny from privacy advocates. The practice of “Zoombombing”—where people gain unauthorized access to a meeting and share hate-speech or pornographic images—entered the popular vernacular almost overnight. Security experts found publicly highlighted problems with Zoom’s technology could leave user data vulnerable to outsiders’ exploitation.

The Federal Bureau of Investigation issued a warning Monday about videoconference hijacking, spurred in part by Zoombombing incidents. In the U.S., 27 attorney general’s offices have raised questions about privacy issues, Zoom said, adding it is cooperating with authorities.

On April 1, Mr. Yuan issued a lengthy blog post on Zoom’s website vowing to devote all his engineers to fixing trust, safety and privacy issues.

“I thought I was letting our users down,” he told the Journal on a video call, using a Zoom virtual background depicting the Golden Gate Bridge. He hasn’t had more than 4½ hours of sleep a night in the past month, he said. “I feel an obligation to win the users’ trust back.”


For those with professional knowledge of the security issues related to Zoom, what should I do?
I'm not discussing national security issues in my Bible study,


_________________________
“Remember, remember the fifth of November!"
 
Posts: 18560 | Location: One hop from Paradise | Registered: July 27, 2004Reply With QuoteReport This Post
Muzzle flash
aficionado
Picture of flashguy
posted Hide Post
Following this topic with interest.

flashguy




Texan by choice, not accident of birth
 
Posts: 27911 | Location: Dallas, TX | Registered: May 08, 2006Reply With QuoteReport This Post
Member
posted Hide Post
Zoom has made some changes in default settings, for example all meetings are set up with a password by default, so that makes it a lot tougher for "intruders" to get in.

They can't encrypt connections into the conference over regular telephone lines, and that is a source of confusion for people. If everyone is on a computer using computer audio, you are pretty much OK.

If you want an alternative, look at Jitsi.org. That is an open-source alternative.

Also, Skype has opened up a lot of previously premium features, but I haven't looked into it - but there you are putting as much (if not more) trust in Microsoft as you would be in Zoom.
 
Posts: 964 | Registered: August 04, 2007Reply With QuoteReport This Post
Member
Picture of bigdeal
posted Hide Post
quote:
Originally posted by sjtill:
I'm not discussing national security issues in my Bible study,
I think you'll be good to go for Bible Study.


-----------------------------
Guns are awesome because they shoot solid lead freedom. Every man should have several guns. And several dogs, because a man with a cat is a woman. Kurt Schlichter
 
Posts: 33845 | Location: Orlando, FL | Registered: April 30, 2006Reply With QuoteReport This Post
Muzzle flash
aficionado
Picture of flashguy
posted Hide Post
quote:
Originally posted by bigdeal:
quote:
Originally posted by sjtill:
I'm not discussing national security issues in my Bible study,
I think you'll be good to go for Bible Study.
Unless you consider that a "Bible Study" probably identifies one as a Christian, which is a target group these days.

flashguy




Texan by choice, not accident of birth
 
Posts: 27911 | Location: Dallas, TX | Registered: May 08, 2006Reply With QuoteReport This Post
Happiness is
Vectored Thrust
Picture of mojojojo
posted Hide Post
The answer to the question you asked in your post headline is yes.



Icarus flew too close to the sun, but at least he flew.
 
Posts: 6785 | Location: North Carolina | Registered: April 30, 2003Reply With QuoteReport This Post
Member
posted Hide Post
The exploits I've seen so far are local privilege exploits - meaning an attacker must ALREADY have compromised the host before being able to use ZOOM to do things. I use it from my phone rather than my laptops (personal or work) to mitigate those risks.
 
Posts: 502 | Location: Pennsylvania | Registered: December 27, 2001Reply With QuoteReport This Post
Void Where Prohibited
Picture of WaterburyBob
posted Hide Post
I would guess that your smartphone listening to everything should be more of a concern. Alexa or Google even more so.



"If Gun Control worked, Chicago would look like Mayberry, not Thunderdome" - Cam Edwards
 
Posts: 16689 | Location: Under the Boot of Tyranny in Connectistan | Registered: February 02, 2005Reply With QuoteReport This Post
Stop Talking, Start Doing
posted Hide Post
The first several things I read about Zoom were:

1. It claims to be end-to-end encrypted but is not (If people want to join my boring ass work calls, more power to them)

2. Hackers and pranksters can easily access Zoom conferences (If people want to join my boring ass work calls, more power to them)

3. Zoom sneakily installs itself on your computer and gives itself access to contacts and other private stuff (It can be beneficial. Also, see their privacy policy)

4. The Zoom iPhone app is crap (My opinion is different)

5. Elon Musk bans Zoom from use in SpaceX (I don’t work for SpaceX so this doesn’t affect me)

6. The FBI is warning against Zoom use (They issued that warning because of ‘Zoombombing’, where some bored person finds their way into your public meeting. This means you’ll have to hang up and start a new meeting. Add a password and you’ll be okay.)

7. Zoom's secret weapon is "our Chinese engineers" (Some smart folks over there in China)

8. Zoom, like Huawei, can be used by the Chico's against us (I guess so)


_______________
Mind. Over. Matter.
 
Posts: 5088 | Location: The (R)ight side of Washington State | Registered: August 31, 2011Reply With QuoteReport This Post
Go ahead punk, make my day
posted Hide Post
quote:
Originally posted by mojojojo:
The answer to the question you asked in your post headline is yes.
Indeed.
 
Posts: 45798 | Registered: July 12, 2008Reply With QuoteReport This Post
Member
Picture of Haveme1or2
posted Hide Post
I'm on Zoom daily.
The hoodrats became energized by the media reporting "zoombombing".
Another media infused act. The didn't start it but the way they told about it increased knowledge and curiosity.
Make sure there are password protected or your church ladies are gonna get shown porn.
Also there are other measures to use to create a "foyer" ppl have to come through and get accepted into meeting.
 
Posts: 1002 | Location: Mint Hill NC | Registered: November 26, 2016Reply With QuoteReport This Post
Fighting the good fight
Picture of RogueJSK
posted Hide Post
Yes, you're being paranoid.

To solve the "zoombombing" issue, use a password and/or a lobby. Problem solved. Keep Zooming.

The FBI isn't saying not to use Zoom. They're simply recommending not having your Zoom meetings fully open to the general public, which is basically a no-brainer.

This is like having your home wifi network visible. It's only an issue if you dont use a password, meaning you're allowing any Joe Blow to connect to your Wifi and do whatever they want.

The answer is to use a password, not go the nuclear option and simply swear off Zoom/Wifi altogether because "hackers and pranksters are scary".


As for the privacy concern, you have the option of allowing it access to your contacts if you choose. It is not required. If that concerns you, simply don't allow it.
 
Posts: 33318 | Location: Northwest Arkansas | Registered: January 06, 2008Reply With QuoteReport This Post
Member
posted Hide Post
quote:
Originally posted by WaterburyBob:
I would guess that your smartphone listening to everything should be more of a concern. Alexa or Google even more so.


You smartphone would be more of a concern.


 
Posts: 5479 | Location: Pittsburgh, PA, USA | Registered: February 27, 2001Reply With QuoteReport This Post
Member
posted Hide Post
I reluctantly have started using Zoom, just because the University I work for uses Zoom for everything. I dont like that fact that it shares your info, is practically owned by the Chinese Communists, and its operations and most of its workforce are located in the PRC. I am forced to use Zoom, but I dont like it at all.


If you think you can, YOU WILL!!!!!
 
Posts: 3833 | Location: Wolverine-Land!!!! | Registered: August 20, 2005Reply With QuoteReport This Post
186,000 miles per second.
It's the law.




posted Hide Post
I will never use Zoom. Just like I have never been on Facebook or Twitter. Don't let your kids use Tik Tok either.

Use Skype or Microsoft Teams.
 
Posts: 3285 | Registered: August 19, 2001Reply With QuoteReport This Post
Little ray
of sunshine
Picture of jhe888
posted Hide Post
If anyone wants to spy 9n my Zoom meetings, they'll die of boredom.

I don't think the Chinese care much about me.




The fish is mute, expressionless. The fish doesn't think because the fish knows everything.
 
Posts: 53362 | Location: Texas | Registered: February 10, 2004Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by sjtill:
For those with professional knowledge of the security issues related to Zoom, what should I do?

I haven't paid close attention to this app, because, quite honestly, I cannot see myself ever having a need for it. However, Zoom does not appear to be a significant threat--from what little I've seen.

My general philosophy about such things goes something like this: Every app I run, on every platform, increases my vulnerability. Increased vulnerability equals increased risk of compromise. Therefor I don't install and run apps for which I don't feel I have a need. The more questionable the app--the more vulnerable it would appear to make me, the more compelling must be that need.

E.g.: I run a weather app on my phone and tablet. The weather app is from a maker with a long history, so is relatively trustworthy. The app requires little in sensitive access/permissions on my devices. So, though the need isn't particularly compelling, the risk factor is quite low. Zoom, however, is from a relatively new source and would require fairly wide-ranging access to my device. So, for me, the need would have to be damn compelling before I'd install and use it.

In your shoes, I'd ask myself "Do I really need to do this?" and proceed on that answer.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26009 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
posted Hide Post
When I use Zoom to host a live Q&A session for my college students, I use my office desktop (that I brought home 2 weeks ago) and its hardwired into the network. I’m using a licensed version of Zoom provided by our University. I don’t use a password for our class meetings but instead use the “waiting room” feature to admit my students individually. I don’t use that computer for any personal activities (banking, etc) and I shut it down when not working. I sign out and close the Zoom app and / or browser-based access when not in use. My personal laptop is disconnected from the network any time that the desktop is connected (mostly since I’m too lazy to run another line of Cat5e temporarily).

When we’ve recently used Zoom to host some family gatherings, I use the Zoom app on my iPad. The app is only allowed access to my camera and mic during the session and then I eliminate that access after the meeting session. I also sign out and close the app.

Am I perfectly safe? No. But I think these steps reasonably reduce my risk and that’s about all we can accomplish these days with the internet, unless you want to make IT security both a vocation and obsession (I don’t).

If I were to only use Zoom as a participant, I’d use either my iPhone or iPad as described above. Keep the device and apps updated and limit access.
 
Posts: 481 | Registered: June 24, 2019Reply With QuoteReport This Post
Member
Picture of PowerSurge
posted Hide Post
https://www.businessinsider.co...with-facebook-2020-3

https://www.vice.com/en_us/art...e-a-facebook-account

Once your data makes it to BOOKFACE, who knows where else it will end up.


———————————————
The fool hath said in his heart, There is no God. Psalm 14:1
 
Posts: 4039 | Location: Northeast Georgia | Registered: November 18, 2017Reply With QuoteReport This Post
Member
posted Hide Post
For work CC calls, I usually call in rather than video-in. We have access codes so, outsiders trying to get-in, have to be desperate.

For the video calls where we're sharing spreadsheets/pdf's, I just need to make sure my hair is in the right place, choose the right background image and I don't stand-up to reveal what I'm not wearing below.
 
Posts: 15149 | Location: Wine Country | Registered: September 20, 2000Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    Ami I being too paranoid in not wanting to sign in to Zoom video conferences?

© SIGforum 2024