On Thu, 2 Apr 2020 at 19:00, Scott Allen via talk <talk@gtalug.org> wrote:
On Thu, 2 Apr 2020 at 18:39, D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
And this, reported today: <https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html>
And this: < https://www.reuters.com/article/us-spacex-zoom-video-commn/elon-musks-spacex...
Bruce Schneier has collected together a bunch of the relevant Zoom issues. https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html It all suggests to me that we shouldn't consider it as more than a temporary stopgap measure. Our security concerns aren't necessarily the same as others' concerns: - Our meetings are comparatively public matters; we don't especially mind if more people listen in - The special concern I'd have is if joining a Zoom meeting exposed members' personal information; we should certainly be wary of that - One of the protections is somewhat troublesome to apply to us; we will be a bit more vulnerable than average to "Zoom bombing" because we have a need to publish the addressing information somewhat publicly And I'd think that individuals should consider things like the following... - Run the web interface atop a separate web browser from your 'usual' activity so that it doesn't have as much to collect data from (I keep a Chromium around for that sort of thing). - Various considerations are mentioned here: < https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meeti...
It's actually a mighty useful thing to arrive at a set of protective measures on this, as there are a lot of organizations using Zoom, and hence some value if we have a sufficiently terse set of measures that might be useful to others. -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"