So remember when I was saying Zoom is a privacy and security train wreck? Apparently, that was an understatement:
âZoom has ârolled their ownâ encryption scheme [with] significant weaknessesâ⊠[and transmits] meeting encryption keys through China.â
Via @ScottMortimer
@aral @ScottMortimer I'm petitioning for all "roll your own" encryption algorithms to be be "DKA-compliant"
DKA = Dunning Krueger Algorithm.
@aral @ScottMortimer Pretty sure Telegram is also DKA Compliant.
@craigmaloney
And this is why I have avoided Telegram like the plague. Friends don't let friends use Telegram. *Shudder*
@aral
@aral @ScottMortimer worst part - 97% of people wonât know, and wonât care. Zoom has done the most damage by simply advertising. I still see dozens of people daily saying others should use zoom. I warn them, send article links, and their response... âwell, itâs free...so Iâll chance it.â Where have I heard something similar?
@aral @ScottMortimer Hang on - the article says they use AES-128 - that's not rolling your own! I bet the reason for using ECB is for any user to be able to recover after congestion - (counter could do the same ?). Distributing the keys is a mess though - I don't think there's a standard to use; Matrix has a complex scheme that only just about works but shows the challenge in a multiple-user e2e scheme - it's hard to exchange keys with an arbitrary no of users who can join/leave/dropout.
@aral @ScottMortimer it's gotten to the point where i saw this post and just actually laughed
@aral It doesn't stop 200 million people from using it.