On 4/2/20 02:56, Curt wrote:
> On 2020-03-31, n...@dismail.de <n...@dismail.de> wrote:
>> On Tue, Mar 31, 2020 at 08:17:56PM +0200, deloptes wrote:
>>> […] Recently I was looking at zoom.us - seems to be in
>>> hype now - can be installed in debian and can be used as video conferencing
>>> tool.
>>
>> Based on zoom's "privacy" policy and everything I've herad so far about it,
>> I would not recommend using zoom. Some examples:
>> - Just a week or so ago it was exposed that zoom was sharing data with
>> facebook
>> without informing the user about it or giving any choice on that.
>> Alledgedly
>> they stopped it now [1]
They've done a public mea culpa about this and promised to stop (or by
now, maybe, have stopped) doing that. And as reported in [1] it was
peculiar to iOS, although I can't think of a reason they would do only
that one unless it came with a third party iOS library they used.
>> - Zoom created Security-Holes with it's Mac-Client, that persisted even after
>> deinstalling zoom on OSX. [2] Personally I wouldn't trust their other
>> clients
>> either.
I don't have a Mac, and may be off the mark here. After reading a couple
of the reports about this one, I was not sure whether the defect was
with zoom, MacOS, or somehow shared between the two. It was presented as
specific to Mac, so maybe for Debian it's mostly a cautionary tale.
Still, following the link described in [2] on Debian 10 opened a
meeting, somewhat as described, although the camera was not on.
>> - Zoom can collect more data about you then you might think and share this
>> with
>> the meeting-creator. [3]
>>
Depending on the specifics of an organization and meeting, that might
not be much of a problem, or might be thought a feature rather than a
problem. What the EFF article mentions, within a business conferencing
environment at least, are things that administrators or meeting
organizers generally are authorized to know and may have a legitimate
interest in. As a supervisor holding a branch meeting I would want, and
consider it well within my authority, to know if one of my employees
changed focus to another application (maybe a game?), and as a (former)
US DoD manager, would be entitled to know, and obligated to take
corrective action, if they used equipment not provided and managed by my
agency.
>
> I was just reading this little item about zoom from the G-men (actually,
> Kristen is a Boston G-woman, apparently):
>
> https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
The events reported here are very suggestive of pranks by one or more
students in the classes or their acquaintances who obtained meeting
details from them. That also seems possible in the case of the PhD
candidate whose disrupted dissertation defense Zoom meeting was reported
3 April on NPR, although that one indicated far more, and more personal,
malice.
There also are potential issues with Zoom's security of stored meetings,
both during the meeting and optionally after it is finished.
All that said, Ms. Setera's recommendations are appropriate and
reasonable and apply as applicable to any conferencing application.
For several specific reasons rooted in the apparent fact that Zoom
appears to be the conferencing tool of the day, and despite the various
caveats, I have installed and plan to use it - carefully - to compensate
partly for isolation dictated by prudence in the face of a rather nasty
epidemic. So far, it installed cleanly and seems likely to be functional
and generally fit for purpose.
>
Regards
Tom Dial