zoom

Auto Added by WPeMatico

Zoom improves security with automatic password protection and waiting rooms

Zoom improves security with automatic password protection and waiting rooms

After facing heavy criticism for the way it handles privacy and security, the video conferencing service Zoom is making a few very necessary updates. 

Beginning April 5, all meetings going forward will have automatically enabled password protection and waiting rooms. The password protection makes it so you need a password to enter a meeting even if you already have the meeting ID, although those who enter a meeting via a link will not need to enter the password. The waiting room allows the hosts to selectively admit people who are waiting to enter a meeting, so if they see a name they don’t recognize, they can choose not to let them have access. Read more…

More about Privacy, Zoom, Passwords, Tech, and Cybersecurity

Zoom admits some calls were routed through China by mistake

Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.

To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.

The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.

Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

From Zoom’s CEO Eric Yuan:

During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”

In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its data center “geofencing.” But when traffic spikes, the network shifts traffic to the nearest data center with the most available capacity.

China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.

Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup data centers, which meant non-Chinese users were in some cases connected to Chinese servers when data centers in other regions were unavailable.

Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.

Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.

But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.

Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked, a spokesperson declined to name any.

Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.

“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”

“If you’re a well-resourced entity, obtaining a copy of the internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.

“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”

Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.

Will Zoom’s mea culpas be enough?

If you’re going to fake paying attention with Zoom backgrounds, make it a looping video

If you're going to fake paying attention with Zoom backgrounds, make it a looping video

As the coronavirus pandemic forces many of us with desk jobs to work from home, some people are getting creative with conference calls.

Zoom has become the go-to video platform for remote calls, online classes, and social distancing parties. Creative users figured out how to spice up their calls by changing their backgrounds. Rather than calling in from the same boring old bedroom, they can instead appear to call in from a tropical beach or the peak of a mountain. 

Others took it a step further, customizing their backgrounds with a photo of themselves so they seem like they’re present in a call while they’re really taking a midday nap.  Read more…

More about Zoom, Social Distancing, Culture, and Web Culture

How big tech is taking on COVID-19

Over the past week, one thing has become painfully clear for U.S. residents: COVID-19 is going to permeate every aspect of our lives for a long time to come. Those of us in and around tech have been noticing this for months now. First through the impact on our friends and colleagues in Asia, who have been facing fallout from the pandemic head-on for some time, and then through the domino effect on tech conferences.

First there was MWC, then Facebook’s F8, E3, WWDC. The list goes on and on. Yesterday, TechCrunch announced that we would be postponing a pair of our own events. It was the right thing to do, and increasingly not really a choice, to be honest, as more and more cities have banned large gatherings.

Tech has been keenly aware of COVID-19’s impact for a while now because being a tech company is being a global company almost by default. Now, however, the virus’s threat has come to nearly everyone’s back door. If you don’t yet know someone who has been infected with the virus, odds are good you will soon. This is our reality, for now, at least.

If there’s hope to be mustered from this event, it’s in the prospect of people helping people. Coming together, separately, at a safe social distance. The response of the current administration leaves much to be desired at the moment. As yesterday’s press conference involved praise of the “private sector” and a parade of high profile executives, the reality is that many of us may have to rely on corporates and execs to help fill in the gaps of gutted government departments.

There will be plenty of time to call out the inevitable opportunism of corporate America (and it looks like I’m going to have a lot more free time on my hands in the coming months to do exactly that), but for now, let’s note some of the folks who are pitching in by donating supplies or easing some of the burden on a strained and uncertain population.

Alibaba co-founder Jack Ma today released a statement noting plans to donate 500,000 test kits and one million face masks. The donation follows similar ones to Japan and Europe, following the devastating impact on his own country.

“Drawing from my own country’s experience, speedy and accurate testing and adequate personal protective equipment for medical professionals are most effective in preventing the spread of the virus,” Ma said in a statement. “We hope that our donation can help Americans fight against the pandemic!”

Yesterday, Zoom CEO Eric Yuan announced that his video conferencing platform would be available for free to K-12 schools in Japan, Italy and the U.S. The move comes as the service is seeing a massive spike in downloads as many businesses and schools are attempting to adapt to working and learning remotely.

Earlier this week, Bill Gates, who recently left his position on Microsoft’s board, announced the Bill & Melinda Gates Foundation was teaming up with Wellcome and Mastercard to fund treatments to the tune of $125 million. Yesterday, Facebook announced it was committing $20 million in donations to support relief efforts. Apple announced a similar $15 million in donations, along with letting customers skip the March payment on their Apple Cards without risking interest payments. IPS like AT&T, Charter, CenturyLink, Comcast, T-Mobile, Verizon, Sprint and Cox, meanwhile, have promised not to overcharge, charge late fees or terminate service, in an attempt to keep people connected.

Likely we’ll continue to see more such announcements in the coming weeks and months as companies struggle with impact to their workforces and bottom lines. Some will no doubt be more crass that others, but there’s little doubt that such gestures will be a big part of our ability to emerge from one of the scariest and most surreal moments in recent memory.

Crunch Report | Zoom CEO Eric Yuan Raised $100 Millon

Hanging out with the CEO of Zoom Eric Yuan and talking about the most recent investment for Sequoia for $100 million, LinkedIn’s major desktop update, and the NHTSA fully exonerates Tesla’s AutoPilot. All this on Crunch Report Read More

Powered by WPeMatico