On 2020-04-03 12:21 PM, Christopher Browne via talk wrote:
On Thu, 2 Apr 2020 at 19:00, Scott Allen via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
On Thu, 2 Apr 2020 at 18:39, D. Hugh Redelmeier via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote: > And this, reported today: > <https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html>
Bruce Schneier has collected together a bunch of the relevant Zoom issues. https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
It all suggests to me that we shouldn't consider it as more than a temporary stopgap measure.
Our security concerns aren't necessarily the same as others' concerns: - Our meetings are comparatively public matters; we don't especially mind if more people listen in - The special concern I'd have is if joining a Zoom meeting exposed members' personal information; we should certainly be wary of that - One of the protections is somewhat troublesome to apply to us; we will be a bit more vulnerable than average to "Zoom bombing" because we have a need to publish the addressing information somewhat publicly
Then there's this: https://boingboing.net/2020/04/03/zoom-transmits-your-info-throu.html
And I'd think that individuals should consider things like the following... - Run the web interface atop a separate web browser from your 'usual' activity so that it doesn't have as much to collect data from (I keep a Chromium around for that sort of thing).
What about private browsers?
- Various considerations are mentioned here: <https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/>
It's actually a mighty useful thing to arrive at a set of protective measures on this, as there are a lot of organizations using Zoom, and hence some value if we have a sufficiently terse set of measures that might be useful to others. -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk