Re: Is your kids' school forcing Zoom on them too?

2020-08-13 Thread Ian Kelling 
Thank you for advocating with the school. I've been hearing that
BigBlueButton with Canvas is a good alternative to Zoom for schools. It
sounds like it might be most practical for them to switch next school
year, before they renew their Zoom license. In the meantime, you could
run a BigBlueButton demo for them, or any other free replacement for
other proprietary software they are using and try to get them to
evaluate and prepare to switch.

FSF has been working on this issue too
https://www.fsf.org/blogs/community/remote-education-does-not-require-giving-up-rights-to-freedom-and-privacy

- Ian
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-10 Thread Ben Scott 
On Mon, Aug 10, 2020 at 8:49 PM Joshua Judson Rosen
 wrote:
> security- and privacy- [which I guess I have to remind people are *not* the 
> same thing...]

OK, I'll bite, how is privacy not part of security?

(I suspect what you mean is that "privacy" is security you care about,
while "security" is security that corrupt corporate executives care
about.  But that doesn't mean privacy isn't security, it's just whose
assets we're talking about securing varies.  (In the later case, *you*
are one of the assets.))

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-10 Thread Joshua Judson Rosen 
On 8/10/20 10:23 AM, r...@mrt4.com wrote:
> I don't have any kids, but my school district and other governments who claim 
> jurisdiction over me also require it.
> 
> Since Zoom had said before that it was secure and it turned out that it 
> wasn't, it certainly doesn't make since to trust them now. The way we do it 
> in the open source community is to have lots of eyeballs looking over the 
> code so we can verify it ourselves. So, where can I get copies of the sources 
> for Zoom's app and server?
> 
> Also, although the CEO of Zoom has become a U.S. citizen and they are 
> headquartered in the U.S., Zoom is essentially a Chinese-owned company. They 
> do whatever the Chinese government tells them to do including shutting down 
> the accounts of U.S. and Chinese human rights activists.

Yeah Though the `developed in China' aspect isn't necessarily a `red flag' 
by itself
(there are good people everywhere, and there have been some really great 
projects
that came out of China specifically--OpenMoko and Qi Hardware
come to mind for me--and IIRC I heard somewhere that Ubuntu/Canonical got
a lot of funding from China; and there's probably a lot of good things that I'm 
forgetting)...,
when taken together with the other symptoms _and_ the general patterns of 
`privacy tonedeafness'
and `what could they possibly hav been thinking when they decided doing that 
was a good idea',
it doesn't really help to shift the scales back in their favor

> There are at least a dozen alternatives:
> 
> https://en.wikipedia.org/wiki/List_of_video_telecommunication_services_and_product_brands#Browser_based_-_does_not_require_software_downloads
> 
> https://techwiser.com/open-source-zoom-alternative/

Well..., the NH State Board of Education signed a deal a couple weeks ago to 
provide
BigBlueButton and a bunch of other hosted open-source services to every school 
in the state
for grades K-12 (the NH universities had already standardized on the same 
things a while ago...):


https://www.ilearnnh.org/sites/default/files/media/2020-07/doe-press-release-july-28-2020.pdf

So hopefully the schools will at least start taking up what the state is 
offering
instead of going it alone (even if the security- and privacy- [which I guess I 
have
to remind people are *not* the same thing...] arguments fall on deaf ears,
there's a pretty obvious *economic* "why are you using your funding for this 
instead of spending
everything you can on our kids and teachers" argument

(and if schools are using Zoom but *not* paying for a contract to ensure 
[supposed] FERPA compliance...,
  ummm...)

-- 
Connect with me on the GNU social network: 

Not on the network? Ask me for an invitation to a social hub!
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-10 Thread r270 
I don't have any kids, but my school district and other governments who claim 
jurisdiction over me also require it.

Since Zoom had said before that it was secure and it turned out that it wasn't, 
it certainly doesn't make since to trust them now. The way we do it in the open 
source community is to have lots of eyeballs looking over the code so we can 
verify it ourselves. So, where can I get copies of the sources for Zoom's app 
and server?

Also, although the CEO of Zoom has become a U.S. citizen and they are 
headquartered in the U.S., Zoom is essentially a Chinese-owned company. They do 
whatever the Chinese government tells them to do including shutting down the 
accounts of U.S. and Chinese human rights activists.


There are at least a dozen alternatives:

https://en.wikipedia.org/wiki/List_of_video_telecommunication_services_and_product_brands#Browser_based_-_does_not_require_software_downloads

https://techwiser.com/open-source-zoom-alternative/



Ron
r...@mrt4.com



On Fri, 7 Aug 2020 17:50:11 -0400
Joshua Judson Rosen  wrote:

> So..., pandemic. That's still a thing, and school is about to start up.
> 
> I hear a lot of schools have decided to make everyone use Zoom,
> whether they're at school or remote. That's apparently what's happening at my 
> kid's school.
> 
> If you haven't heard..., Zoom has turned out to be a complete privacy- and 
> security-nightmare
> (the set of links out from the Wikipedia article is not even exhaustive, but 
> holy crap).
> Though I suspect that most of the people on this list know all about it.
> 
> How are you dealing with it?
> 
> We've been trying to talk to our school's administration ever since they sent 
> out an e-mail
> telling everyone to `expect to use a video-conferencing tool like Google Meet 
> or Zoom'),
> and finally managed to get a meeting with... the Assistant Principal (who 
> honestly is great, but powerless),
> and at this point have basically got a response of "wish you'd raised the 
> issue earlier, but we already bought Zoom"
> (which might not be _as_ frustrating if we hadn't actually first raised this 
> issue back in _March_...).
> 
> NH does make it fairly straightforward to just give up and homeschool if it 
> comes to that...,
> but must it really come to that?
> 
> 
> -- 
> Connect with me on the GNU social network! 
> 
> Not on the network? Ask me for more info!
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-09 Thread jonhall80 
Jitsi also is "no installation required"

md
> On 08/09/2020 9:42 AM Curt Howland  wrote:
> 
>  
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> On Sunday 09 August 2020, Lloyd Kvam was heard to say:
> > I have attempted to join some meetings and discovered that the app
> > was *required*.
> 
> My experience as well.
> 
> Microsoft Teams, at least, allows me to be a passive viewer without 
> having to install anything.
> 
> 
> 
> - -- 
> You may my glories and my state dispose,
> But not my griefs; still am I king of those.
>  --- William Shakespeare, "Richard II"
> 
> -BEGIN PGP SIGNATURE-
> 
> iHUEAREIAB0WIQTaYVhJsIalt8scIDa2T1fo1pHhqQUCXy/9WQAKCRC2T1fo1pHh
> qVceAQCTDiFQq/+s3ErCxv6V6tMxxsHMUT7e1pSQ793yxjszfwD/TOhnQiyw7Ptn
> G8iM57SCzocAvCyo3ARV//LELN07aFg=
> =dpUy
> -END PGP SIGNATURE-
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-09 Thread Joshua Judson Rosen 
On 8/9/20 9:33 AM, Lloyd Kvam wrote:
> On Sun, 2020-08-09 at 08:07 -0400, dmich...@amergin.org wrote:
>> In a pinch you can run Zoom wholly in a browser or other semi-sandboxed
>> environment such as mobile phone or tablet, without using the desktop app.
> 
> I have attempted to join some meetings and discovered that the app was 
> *required*.

One of the first promises that they make in their `how we plan to someday 
actually provide
some of the end-to-end encryption that we lied about already having had for 
ages until we got caught
and exposed for actually not having any security underneath at all' whitepaper
is to stop supporting web browsers


>> I ended up repurposing a neglected chromebook as a zoom meeting appliance
>> and that's been fantastic for many activities.
>>
>>
>>> On Fri, 2020-08-07 at 19:14 -0400, Matt Minuti wrote:
 There's been no remote execution exploits (AFAIK), so that's a
 non-issue.
>>>
>>> There have been remote exploits.
>>> https://www.cvedetails.com/vulnerability-list/vendor_id-2159/Zoom.html
>>> Ignore #5 which is a different Zoom. Apple was forced to create a special
>>> update to clean up
>>> the mess after zoom was "uninstalled".
>>>
>>> That said, it's quite possible that today's Zoom is OK on that score. The
>>> Sans News Bites folks
>>> do not seem to be concerned.
>>>
>>> I installed Zoom on my wife's iPad. I won't install it on my gear. Being
>>> pushed into acquiring
>>> a somewhat isolated device to run Zoom would be annoying.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-09 Thread Curt Howland 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Sunday 09 August 2020, Lloyd Kvam was heard to say:
> I have attempted to join some meetings and discovered that the app
> was *required*.

My experience as well.

Microsoft Teams, at least, allows me to be a passive viewer without 
having to install anything.



- -- 
You may my glories and my state dispose,
But not my griefs; still am I king of those.
 --- William Shakespeare, "Richard II"

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTaYVhJsIalt8scIDa2T1fo1pHhqQUCXy/9WQAKCRC2T1fo1pHh
qVceAQCTDiFQq/+s3ErCxv6V6tMxxsHMUT7e1pSQ793yxjszfwD/TOhnQiyw7Ptn
G8iM57SCzocAvCyo3ARV//LELN07aFg=
=dpUy
-END PGP SIGNATURE-
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-09 Thread Lloyd Kvam 
On Sun, 2020-08-09 at 08:07 -0400, dmich...@amergin.org wrote:
> In a pinch you can run Zoom wholly in a browser or other semi-sandboxed
> environment such as mobile phone or tablet, without using the desktop app.

I have attempted to join some meetings and discovered that the app was 
*required*.

> I ended up repurposing a neglected chromebook as a zoom meeting appliance
> and that's been fantastic for many activities.
> 
> 
> > On Fri, 2020-08-07 at 19:14 -0400, Matt Minuti wrote:
> > > There's been no remote execution exploits (AFAIK), so that's a
> > > non-issue.
> > 
> > There have been remote exploits.
> > https://www.cvedetails.com/vulnerability-list/vendor_id-2159/Zoom.html
> > Ignore #5 which is a different Zoom. Apple was forced to create a special
> > update to clean up
> > the mess after zoom was "uninstalled".
> > 
> > That said, it's quite possible that today's Zoom is OK on that score. The
> > Sans News Bites folks
> > do not seem to be concerned.
> > 
> > I installed Zoom on my wife's iPad. I won't install it on my gear. Being
> > pushed into acquiring
> > a somewhat isolated device to run Zoom would be annoying.
> > 
> 
> 
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
-- 
Lloyd Kvam
Venix
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug



___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-09 Thread dmichaud 
In a pinch you can run Zoom wholly in a browser or other semi-sandboxed
environment such as mobile phone or tablet, without using the desktop app.
I ended up repurposing a neglected chromebook as a zoom meeting appliance
and that's been fantastic for many activities.


> On Fri, 2020-08-07 at 19:14 -0400, Matt Minuti wrote:
>> There's been no remote execution exploits (AFAIK), so that's a
>> non-issue.
>
> There have been remote exploits.
> https://www.cvedetails.com/vulnerability-list/vendor_id-2159/Zoom.html
> Ignore #5 which is a different Zoom. Apple was forced to create a special
> update to clean up
> the mess after zoom was "uninstalled".
>
> That said, it's quite possible that today's Zoom is OK on that score. The
> Sans News Bites folks
> do not seem to be concerned.
>
> I installed Zoom on my wife's iPad. I won't install it on my gear. Being
> pushed into acquiring
> a somewhat isolated device to run Zoom would be annoying.
>


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-08 Thread Lloyd Kvam 
On Fri, 2020-08-07 at 19:14 -0400, Matt Minuti wrote:
> There's been no remote execution exploits (AFAIK), so that's a non-issue.

There have been remote exploits.
https://www.cvedetails.com/vulnerability-list/vendor_id-2159/Zoom.html
Ignore #5 which is a different Zoom. Apple was forced to create a special 
update to clean up
the mess after zoom was "uninstalled".

That said, it's quite possible that today's Zoom is OK on that score. The Sans 
News Bites folks
do not seem to be concerned.

I installed Zoom on my wife's iPad. I won't install it on my gear. Being pushed 
into acquiring
a somewhat isolated device to run Zoom would be annoying.

-- 
Lloyd Kvam
Venix
DLSLUG/GNHLUG library
http://dlslug.org/library.html
http://www.librarything.com/catalog/dlslug
http://www.librarything.com/catalog/dlslug&sort=stamp
http://www.librarything.com/rss/recent/dlslug



___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-08 Thread Coleman Kane 
On Fri, Aug 07, 2020 at 10:26:57PM -0400, Kyle Smith wrote:
> On Fri, Aug 7, 2020 at 7:18 PM Matt Minuti  wrote:
> 
> > Virtually all of the security "issues" are irrelevant for the use case of
> > public schools. All the "hacking" I've heard of has been nothing more than
> > people doing the modern equivalent of wardialing, joining in meetings that
> > have no password by picking random numbers. That's not zooms fault, that's
> > just bad IT policy on any platform (which schools ought to know how to
> > address now).
> >
> > There's been no remote execution exploits (AFAIK), so that's a non-issue.
> >
> > Maybe I'm missing something, but what exactly is the problem with Zoom in
> > this context, and what better alternative are you proposing? Jitsi is cool
> > and open source (yay!), and a thousand times better than WebEx, but it's
> > subject to similar server-side concerns as zoom (compromised server MITM),
> > and I wouldn't put much trust in the local SAU IT guy to handle installing
> > it let alone running it securely for hundreds or thousands of simultaneous
> > users.
> >
> 
> This is essentially the main benefit of a hosted solution. Even if there
> are open-source alternatives that are equivalent or superior, most school
> don't have the resources (e.g. IT staff) to do this correctly. At least
> with Zoom it's consistent, and when security fixes go out they go out to
> everyone.

Hi everyone, long time since I chatted with many of you since moving back to
Cincinnati. However, as I am in a similar boat and also working in a cyber
security capacity for the past 10 years, I'll provide some insights around
Zoom that I and my friends are recommending. Mind you, Zoom can be as secure
as any other SaaS offering (Google Meet, WebEx, etc.).

All of the "security concerns" around Zoom boil down to two main categories:

1) Insecure by default - Default config options being "weak" to favor usability
or availability were the driving factor in many of its embarassing press pieces
earlier on. From what I can tell, none of these are much different from the
problems typically resulting from common (and flawed) software engineering 
methodologies. A lot of these are fixable, it just requires going exhaustively
through all of the system options prior to rolling it out.

My recommendation would be to offer to consult for your local school district
for free, to help them lock down their Zoom deployment and also build a list
of SOP to distribute to employees of the district.

2) Privacy concerns - supposedly a large amount of Zoom's contracted labor
workforce is located in China. People have derived that this also means a lot
of the server infrastructure is also located there. I'm not 100% sure, but I
am pretty skeptical of this claim - as just the bandwidth concerns alone would
seem to make this very unlikely to produce a working system. That said, there
had still been concerns early on about the lack of E2E encryption, and weak
algorithms, but Zoom has since fixed both of those. Now, even the free Zoom
accounts support E2E encryption. By my estimate, Zoom is about on-par with
MS Teams, Google Meet, and Cisco WebEx nowadays.

My kid's school district uses Google Enterprise Suite for education, which
works really well, and provides Google Meet for meetings (rather than Zoom).
It's too late this year, but if your school district is seeking out some sort
of lower-cost alternative to MS+O365, the Google Suite is a nice alternative
that also allows you to "activate" any Chromebook with the student's managed
account - basically managing their "desktop" in the Google cloud. At the very
least, everyone's data exists within the district "enclave". 

As always the above presumes some concessions around personal privacy, which
I realize can be a hot button topic. Not my biggest preference, but there are
so many usability and availability benefits to these SaaS productivity systems
that they're becoming commonplace for any large organizations that lack the
buying power of big corporate entities in their IT departments. Solutions like
the above can make it easier for the district's IT dept to manage and secure
what is going on within the student body, in scalable ways that installing a
bunch of dedicated-server software may not.

Coleman Kane

> 
> 
> > On Fri, Aug 7, 2020, 5:52 PM Joshua Judson Rosen 
> > wrote:
> >
> >> So..., pandemic. That's still a thing, and school is about to start up.
> >>
> >> I hear a lot of schools have decided to make everyone use Zoom,
> >> whether they're at school or remote. That's apparently what's happening
> >> at my kid's school.
> >>
> >> If you haven't heard..., Zoom has turned out to be a complete privacy-
> >> and security-nightmare
> >> (the set of links out from the Wikipedia article is not even exhaustive,
> >> but holy crap).
> >> Though I suspect that most of the people on this list know all about it.
> >>
> >> How are you dealing with it?
> >>
> >> We've been trying to talk to our scho

Re: Is your kids' school forcing Zoom on them too?

2020-08-08 Thread Curt Howland 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On Saturday 08 August 2020, Joshua Judson Rosen was heard to say:
> So apparently it's _not just me_ having trouble maintaining a
> useful attitude during "COVID life"? ;p

Watching a civilization collapse is not a comfortable thing.

- -- 
You may my glories and my state dispose,
But not my griefs; still am I king of those.
 --- William Shakespeare, "Richard II"

-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTaYVhJsIalt8scIDa2T1fo1pHhqQUCXy6QfQAKCRC2T1fo1pHh
qWTsAQCbK3erVREfnreJt181wNfKYVvTl7X70bxm517+l45dBAEAxKAmSZ1HKKZj
ySC4K4PY/zH6hOXmsOsGWQym7qMJ11Y=
=qs/d
-END PGP SIGNATURE-
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Joshua Judson Rosen 
So apparently it's _not just me_ having trouble maintaining a useful attitude 
during "COVID life"? ;p

On 8/7/20 6:18 PM, Ben Scott wrote:
> On Fri, Aug 7, 2020 at 5:52 PM Joshua Judson Rosen
>  wrote:
>> If you haven't heard..., Zoom has turned out to be a complete privacy- and 
>> security-nightmare
> 
> So has everything else created in the past several years.
> 
> To paraphrase Larry Niven, it appears that the concept of "privacy"
> was something of a passing fad.
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Kyle Smith 
On Fri, Aug 7, 2020 at 7:18 PM Matt Minuti  wrote:

> Virtually all of the security "issues" are irrelevant for the use case of
> public schools. All the "hacking" I've heard of has been nothing more than
> people doing the modern equivalent of wardialing, joining in meetings that
> have no password by picking random numbers. That's not zooms fault, that's
> just bad IT policy on any platform (which schools ought to know how to
> address now).
>
> There's been no remote execution exploits (AFAIK), so that's a non-issue.
>
> Maybe I'm missing something, but what exactly is the problem with Zoom in
> this context, and what better alternative are you proposing? Jitsi is cool
> and open source (yay!), and a thousand times better than WebEx, but it's
> subject to similar server-side concerns as zoom (compromised server MITM),
> and I wouldn't put much trust in the local SAU IT guy to handle installing
> it let alone running it securely for hundreds or thousands of simultaneous
> users.
>

This is essentially the main benefit of a hosted solution. Even if there
are open-source alternatives that are equivalent or superior, most school
don't have the resources (e.g. IT staff) to do this correctly. At least
with Zoom it's consistent, and when security fixes go out they go out to
everyone.


> On Fri, Aug 7, 2020, 5:52 PM Joshua Judson Rosen 
> wrote:
>
>> So..., pandemic. That's still a thing, and school is about to start up.
>>
>> I hear a lot of schools have decided to make everyone use Zoom,
>> whether they're at school or remote. That's apparently what's happening
>> at my kid's school.
>>
>> If you haven't heard..., Zoom has turned out to be a complete privacy-
>> and security-nightmare
>> (the set of links out from the Wikipedia article is not even exhaustive,
>> but holy crap).
>> Though I suspect that most of the people on this list know all about it.
>>
>> How are you dealing with it?
>>
>> We've been trying to talk to our school's administration ever since they
>> sent out an e-mail
>> telling everyone to `expect to use a video-conferencing tool like Google
>> Meet or Zoom'),
>> and finally managed to get a meeting with... the Assistant Principal (who
>> honestly is great, but powerless),
>> and at this point have basically got a response of "wish you'd raised the
>> issue earlier, but we already bought Zoom"
>> (which might not be _as_ frustrating if we hadn't actually first raised
>> this issue back in _March_...).
>>
>> NH does make it fairly straightforward to just give up and homeschool if
>> it comes to that...,
>> but must it really come to that?
>>
>>
>> --
>> Connect with me on the GNU social network! <
>> https://status.hackerposse.com/rozzin>
>> Not on the network? Ask me for more info!
>> ___
>> gnhlug-discuss mailing list
>> gnhlug-discuss@mail.gnhlug.org
>> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>>
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>


-- 
Kyle Smith
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Lloyd Kvam 
On Fri, 2020-08-07 at 19:14 -0400, Matt Minuti wrote:
> There's been no remote execution exploits (AFAIK), so that's a non-issue.

There have been remote exploits in the past.
https://www.cvedetails.com/vulnerability-list/vendor_id-2159/Zoom.html
Ignore #5 which is a different Zoom. Apple was forced to create a special 
update to clean up
the mess after zoom was "uninstalled".

That said, it's quite possible that today's Zoom is OK on that score. The Sans 
News Bites folks
do not seem to be concerned.

I installed Zoom on my wife's iPad. I won't install it on my gear. Being pushed 
into acquiring
a somewhat isolated device to run Zoom would be annoying.

-- 
Lloyd Kvam
5 Foliage View
Lebanon, NH 03766
802-448-0836


___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Matt Minuti 
Virtually all of the security "issues" are irrelevant for the use case of
public schools. All the "hacking" I've heard of has been nothing more than
people doing the modern equivalent of wardialing, joining in meetings that
have no password by picking random numbers. That's not zooms fault, that's
just bad IT policy on any platform (which schools ought to know how to
address now).

There's been no remote execution exploits (AFAIK), so that's a non-issue.

Maybe I'm missing something, but what exactly is the problem with Zoom in
this context, and what better alternative are you proposing? Jitsi is cool
and open source (yay!), and a thousand times better than WebEx, but it's
subject to similar server-side concerns as zoom (compromised server MITM),
and I wouldn't put much trust in the local SAU IT guy to handle installing
it let alone running it securely for hundreds or thousands of simultaneous
users.

On Fri, Aug 7, 2020, 5:52 PM Joshua Judson Rosen 
wrote:

> So..., pandemic. That's still a thing, and school is about to start up.
>
> I hear a lot of schools have decided to make everyone use Zoom,
> whether they're at school or remote. That's apparently what's happening at
> my kid's school.
>
> If you haven't heard..., Zoom has turned out to be a complete privacy- and
> security-nightmare
> (the set of links out from the Wikipedia article is not even exhaustive,
> but holy crap).
> Though I suspect that most of the people on this list know all about it.
>
> How are you dealing with it?
>
> We've been trying to talk to our school's administration ever since they
> sent out an e-mail
> telling everyone to `expect to use a video-conferencing tool like Google
> Meet or Zoom'),
> and finally managed to get a meeting with... the Assistant Principal (who
> honestly is great, but powerless),
> and at this point have basically got a response of "wish you'd raised the
> issue earlier, but we already bought Zoom"
> (which might not be _as_ frustrating if we hadn't actually first raised
> this issue back in _March_...).
>
> NH does make it fairly straightforward to just give up and homeschool if
> it comes to that...,
> but must it really come to that?
>
>
> --
> Connect with me on the GNU social network! <
> https://status.hackerposse.com/rozzin>
> Not on the network? Ask me for more info!
> ___
> gnhlug-discuss mailing list
> gnhlug-discuss@mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
>
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Re: Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Ben Scott 
On Fri, Aug 7, 2020 at 5:52 PM Joshua Judson Rosen
 wrote:
> If you haven't heard..., Zoom has turned out to be a complete privacy- and 
> security-nightmare

So has everything else created in the past several years.

To paraphrase Larry Niven, it appears that the concept of "privacy"
was something of a passing fad.

-- Ben
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

Is your kids' school forcing Zoom on them too?

2020-08-07 Thread Joshua Judson Rosen 
So..., pandemic. That's still a thing, and school is about to start up.

I hear a lot of schools have decided to make everyone use Zoom,
whether they're at school or remote. That's apparently what's happening at my 
kid's school.

If you haven't heard..., Zoom has turned out to be a complete privacy- and 
security-nightmare
(the set of links out from the Wikipedia article is not even exhaustive, but 
holy crap).
Though I suspect that most of the people on this list know all about it.

How are you dealing with it?

We've been trying to talk to our school's administration ever since they sent 
out an e-mail
telling everyone to `expect to use a video-conferencing tool like Google Meet 
or Zoom'),
and finally managed to get a meeting with... the Assistant Principal (who 
honestly is great, but powerless),
and at this point have basically got a response of "wish you'd raised the issue 
earlier, but we already bought Zoom"
(which might not be _as_ frustrating if we hadn't actually first raised this 
issue back in _March_...).

NH does make it fairly straightforward to just give up and homeschool if it 
comes to that...,
but must it really come to that?


-- 
Connect with me on the GNU social network! 

Not on the network? Ask me for more info!
___
gnhlug-discuss mailing list
gnhlug-discuss@mail.gnhlug.org
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/