On Friday night I had a very long email composed on this topic, but upon a re-read and after today's PTL call I scrapped it all and started over.
Thanks to those of you whom have sent me links to a myriad of Zoom security blog posts and articles from the interwebs. The problem is that all of these recommendations on are focused on private Zoom meetings and open source meetings are not private. However on the PTL call we did brainstorm around the directly conflicting needs of keeping out bad actors while staying open, welcoming and inclusive. Here's the logical order of operations. Knowing who is joining a meeting - ACTION REQUIRED BY ALL COMMUNITY MEMBERS Everyone should immediately begin following the model used by many other OSS communities and change your Zoom name to First-name FAMILY-NAME (company) - capitalization of family name here is intentional to help our global community. Example: Hosty MCHOSTFACE (Fetzervalve) Enable Waiting room for all meetings I'm actively resetting all of the accounts to waiting room now. Depending on the meeting this has the potential for a lot of administrative overhead and it is impractical to rely on the person hosting/sharing to manage this. Waiting room utilization therefore requires responsible delegation on the part of the meeting owner. * The Host needs to grant co-host privileges to a couple other attendees to monitor the waiting room to act as the door monitor. Also co-hosts are necessary to help identify and boot bombers. * As a community we would need to establish an unambiguous criteria to determine if someone should be admitted to the call or not. I believe that criteria should be as simple as seeing the First-name FAMILY-NAME (company) in the waiting room. If there is ever any question, the door monitor can always ask. Hide meeting links and/or passwords from bots or a google search. I have reset the permissions on the newly created https://lists.onap.org/g/onap-meetings list to be viewable only if logged into Groups.io. Also, I have created a wiki space for hosting meeting information <https://wiki.onap.org/x/tQCLBQ> that is similarly not anonymously viewable but can be seen by anyone that is logged into the wiki. I am starting the process of moving all of our meeting pages to the new wiki space this afternoon. The community is responsible for changing any zoom meeting passwords and corresponding meeting invites. Permit authenticated Zoom accounts only I really don't want to resort to this unless absolutely necessary as it will block any community members in the PRC that do not have a paid Zoom account. If the above steps have been followed, (new meeting password, user naming conventions and the waiting room) and a meeting still gets bombed, then and only then do I believe we should revert to authenticated users only. Thanks for your support and patience. -kenny -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7149): https://lists.onap.org/g/onap-tsc/message/7149 Mute This Topic: https://lists.onap.org/mt/77330414/21656 Group Owner: onap-tsc+ow...@lists.onap.org Unsubscribe: https://lists.onap.org/g/onap-tsc/leave/2743226/1412191262/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
