Issues with Zoom and updates

If you are hosting Zoom events advertised to large number of people, consider changing your settings to disallow screen-sharing by anyone. Look for these settings:

Screen sharing

Allow host and participants to share their screen or content during meetings

Who can share?

  • Host Only
  • All Participants

Who can start sharing when someone else is sharing?

  • Host Only
  • All Participants

@horace shared:


See, also:

Comprehensive post on issues with Zoom: Security and Privacy Implications of Zoom - Schneier on Security

Best practices

https://blog.zoom.us/wordpress/2014/09/04/complete-guide-secure-zoom-experience/

tl;dr from Scheneier’s post:

Short summary: don’t share the meeting ID more than you have to, use a password in addition to a meeting ID, use the waiting room if you can, and pay attention to who has what permissions.


University-provided Security guidelines for Zoom: Secure Zoom Meetings and Webinars | ITS


@amfarrell shared:

Official UChicago Zoom backgrounds ZOOM BACKGROUNDS | UChicago Creative

What about Encryption? Is end-to-encryption by default now?
There’s an advanced setting for using AES on all 3rd party endpoints. Is that needed to be turned on?

Wish me & my brothers weekly livestreams (Ben.VVarner.com) were getting #ZoomBombed. We could do with some more viewers.
@horace you’d like it incidentally! You finding any ways of doing comedy in quarantine?

A live dash is a great idea in principle.
However, my philosophy of data viz is only visualize what you can action change based on. Are there other more pertinent stats to an individual? Perhaps would require location tracking?

AFAIK, Zoom does not have E2E and they have clarified it publicly.

I think I agree visualization makes sense for something actionable. Having a dashboard here, however, is primarily for convenience and a good reminder of how serious this situation is.

The only other useful stats/visualization that I find helpful are projections made by UW IMHE (also linked above in OP): COVID-19.

Zoom acqui-hired Keybase to deploy some of the world’s best experts in improving their security: Keybase joins Zoom

I have been a Keybase user for over 5 years primarily for managing web identity, and think this is such a great move to improve the security of an app that is used by millions these days. I do not, however, understand why Keybase users are abandoning in revolt (apart from the uncertainty associated with the future of the Keybase ecosystem).

Do others use Keybase here? If so, for what?

Guess I have my answer: Zoom's Commitment to User Security Depends on Whether you Pay It or Not - Schneier on Security :frowning:

Zoom has also published a whitepaper about their E2E feature:


And here’s what happens with only a partial support for E2E: Zoom shuts accounts of activists holding Tiananmen Square and Hong Kong events | Zoom | The Guardian

Looks like public pressure worked: Zoom Will Be End-to-End Encrypted for All Users - Schneier on Security

Faith in Keybase/OkCupid restored: Commits · zoom/zoom-e2e-whitepaper · GitHub :smiley: