So remember when I was saying Zoom is a privacy and security train wreck? Apparently, that was an understatement:

“Zoom has ‘rolled their own’ encryption scheme [with] significant weaknesses … [and transmits] meeting encryption keys through China.”

Via @ScottMortimer

@aral It doesn't stop 200 million people from using it.

@desikn @aral NYC schools just banned teachers to use it after three weeks of intensive usage, no idea what will be used on Monday.…

@aral @ScottMortimer

It's been tough watching infosec Twitter "Luminaries" start to defend them under availability claims...

they just like the backdrops...

dumb, dumb, dumb.

@aral @ScottMortimer I'm petitioning for all "roll your own" encryption algorithms to be be "DKA-compliant"

DKA = Dunning Krueger Algorithm.

And this is why I have avoided Telegram like the plague. Friends don't let friends use Telegram. *Shudder*

@aral @ScottMortimer worst part - 97% of people won’t know, and won’t care. Zoom has done the most damage by simply advertising. I still see dozens of people daily saying others should use zoom. I warn them, send article links, and their response... “well, it’s I’ll chance it.” Where have I heard something similar?

@aral @ScottMortimer Hang on - the article says they use AES-128 - that's not rolling your own! I bet the reason for using ECB is for any user to be able to recover after congestion - (counter could do the same ?). Distributing the keys is a mess though - I don't think there's a standard to use; Matrix has a complex scheme that only just about works but shows the challenge in a multiple-user e2e scheme - it's hard to exchange keys with an arbitrary no of users who can join/leave/dropout.

@aral @ScottMortimer it's gotten to the point where i saw this post and just actually laughed

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!