> """ > Zoom, the video conferencing service whose use has spiked amid the > Covid-19 pandemic, claims to implement end-to-end encryption, widely > understood as the most private form of internet communication, > protecting conversations from all outside parties. In fact, Zoom is > using its own definition of the term, one that lets Zoom itself access > unencrypted video and audio from meetings. > """ > > As I type, I am dutifully installing zoom to participate in remote > tutorials for COMP3310 Computer Networks at ANU. Good case study.
As far as I can tell Zoom, Hangouts Meet, Jitsi Meet are all roughly the same: - encrypted end-to-end when two parties - encrypted to conference bridge, plaintext through bridge, for more than two parties It's not clear if Zoom or Hangouts Meet can establish even a two-party connection via a bridge to meet an interception request for an endpoint or if the controller knows the encryption key of a two-party call (allowing an intercepting agency to request the key for traffic they intercepted via a carrier). Jitsi cannot do either at this point. I'd expect Microsoft Teams to be similar, but I can't easily find a reference. Unlike the other services, IMs in Teams is a complicated story. Apple Facetime is end-to-end in all scenarios. Tricky to engineer (because down-scaling video to meet the bandwidth available to a receiving client has to be done by transmitting client, so the videoconference bridge ends up as a bandwidth signaller more than as a video mixer). High resolution clients in a big meeting will end up using maybe 2x the bandwidth (eg, a 4K client will need to send 4K, HDTV, STV, something smaller again, etc). Zoom and Jitsi allow on-site bridge servers (and additionally the option for the controllers for those services, the Intercept article isn't quite right), so you can limit data exfiltration. Keeping data within Australia is one of the reasons AARNet has a really big Zoom farm for use by universities. Jitsi is free software, so you can read the source. I haven't yet seen notes from French academic network RENATER of their experience with their Jitsi farm at the scales seen in the past week. Zoom's "web server" application launcher on Macs to allow clickless launching of Zoom from a URL is a clear case of 'security versus usability' and also a nice illustration of how wanting to provide the feature parity across multiple platforms has security consequences. Videoconferencing systems, and the various tradeoffs made by each vendor, is great material for discussion in a COMP3310. As well as the networking aspects, the administration of large farms of servers at scale is essential to videoconferencing, and that might give a nice seq ue into how computer networks and servers are converging onto the same administration -- most visibly in the data centre -- ending the specialised CLI for networking equipment. That ease of bulk administration then allowing complex-to-configure mission-oriented packet forwarding via SDN, the question of why configure multiple protocols leading to BGP becoming the only routing protocol, the low price and high function of ethernet controller ASICs meaning ethernet becoming the only link layer, etc. -glen _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
