1. Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
2. Google is motivated to push their own solution for obvious reasons.
3. Tavis, or others, at Project Zero might know some things, maybe we'll find out.
> Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
Google's threat model surely differs in some way from a school, but the specific threats you named seem like threats equally applicable to the surfaces identifiable in the threat model of a school.
The threat model for a school is kids/others disrupting sessions and creepers using access to gawp at (or communicate with kids). Since the Chinese government is unlikely to feel the need to compel Zoom to do that, the fact that they have all the keys centrally stored is not a problem.
Google's threat model actually does include state level attack (And specifically by China) to steal IP or access confidential user data.
A risk when talking about memory safety vulnerabilities is that someone (not china especially, just someone exploiting zoom) pwns the child's or family's computing infrastructure and gains access to everything running on there and possibly does it without detection for a long time. It's badically an all-bets-are-off situation that also puts social media contacts at risk.
Zoom is of course just one vector for this, but the threat model of "it's just schoolwork at risk" is wrong. It's actually integrity of tje computing environment.
The Chinese gov't spying problem isn't with schoolchildren per se but schoolchildren use their parents' computers. Chinese authorities openly demonstrate their intention to deploy the maximum level of surveillance they can over any adult within their reach. This just increases their reach.
Even if they don't use their parents' computers, if Zoom is not totally sandboxed, they can hack the child's OS, they can mess with computers on LAN, or the router/wifi.
Every native app made by a Chinese company could also provide a backdoor to the PLA. Same could be said about apps from other countries and the NSA, FSB, GCHQ, Mossad, ASD, whatever the Germans are calling the gentler, kinder, totally-not-spying-on-everyone-anymore-we-swear successor to the Stasi, etc.
There is no specific evidence for this, but it is a possibility. Balancing remote possibilities and accepting some that are beyond our control is what separates the sane from the tinfoil hat crowd. Personally, I would try to stick to apps by companies headquartered in your home country. This is difficult outside of the USA and probably impossible outside of the next 5 top software hub countries.
>Personally, I would try to stick to apps by companies headquartered in your home country.
Why is that? It seems like the opposite would be the best advice: make sure to use something from a company not headquartered in your country. Most people probably have more to worry about from their own government than anyone else.
I think that's technically incorrect. The BND (and it's military sibling MAD) are mostly concerned with foreign intelligence, while the Stasi was mostly used for internal surveillance. The subdivision HVA inside the Stasi would be the equivalent to the BND, while the larger and infamous internal surveillance of the Stasi is now in the responsibility of the Verfassungsschutz.
> I think that's technically incorrect. The BND (and it's military sibling MAD) are mostly concerned with foreign intelligence, while the Stasi was mostly used for internal surveillance.
Of course they are. That's why they are happy to work with NSA which get everything that is routed through frankfurt.
>The subdivision HVA inside the Stasi would be the equivalent to the BND, while the larger and infamous internal surveillance of the Stasi is now in the responsibility of the Verfassungsschutz.
I'm not sure why you worry about that. It's guaranteed they have it and use it. You should worry about "is it a problem for me that the Chinese government and Chinese companies have access to my video meeting streams"
If yes: do not use Zoom right now.
If no: do what you want.
If China wants to waste its resources having people spy on me on Zoom while I play board games with friends on it, then this seems like a good thing to me.
China doesn't have any concerns about wasting resources. They have more than enough to spare. Vacuuming up any sort of mundane daily task people do is good data to feed into some AI that can easily distinguish fluff conversations from useful interactions worth investigating.
Not sure what your interest is in this, but I was responding to his not caring if China harvests his data. I didn't make claims about Zoom sending the data to China, but I've seen other people make comments around the internet that Zoom is sending the data to China, and they promptly get flooded with comments tearing them apart for having suspicions.
But you made me look into this. Apparently Zoom does "accidentally" (accidents like this don't really happen) send data to China. [1] It's very normal for companies to completely divide up their Chinese servers and non-Chinese servers, so the rerouting makes me suspicious.
It still leaks information. How many kids you have, their name, some things about their personality, who they are friends with, etc. Think about how someone who wants to hurt or control you could could use that information.
You seriously think the Chinese government is going to stoop to K&R with random Americans?
The Chinese government is the last entity I'd be worried about with this kind of information (unless, of course, you live in China). Certain criminals in your own country are a much bigger concern.
Doubtful. But "the Chinese government" is comprised of individuals who might want to make a quick buck selling information on various markets. Perhaps to those certain criminals better positioned to take advantage of it.
This is similar to the concern some of us had over giving local government departments access to our full Opal card public transport travel histories here in Australia. Not all government employees are up to no good, but some are. Don't give them more than they need.
> The threat model for a school is kids/others disrupting sessions and creepers using access to gawp at (or communicate with kids).
Not if the school actually cares about the future of its students.
From a blog post[0] we published at NuCypher a while back:
> If we fail to take action now, we risk a world in which unsavory actors - domestic and foreign - have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
I got confused and thought he was talking about Google. The results already exist via Cambridge Analytica.
It's like the old 5G debate in Europe: who do you want to have a backdoor: Cisco+USA or Huawei+PRC? (Hint for Americans: some/many see China as less malevolent).
Understood, it differs, I just made a very brief comment and mentioned a couple of obvious threats!
For those that use Zoom - consider spending at least a few minutes to make a mental threat model about Zoom. Who might go after you? What features does Zoom have that might be exploitable? What's the worst thing that can happen? The worst case for Google is not the same as the worst case for a professor or elementary school.
Maybe Zoom doesn't work for your use case - fine!
Maybe Zoom is good for your use case - fine!
Lots of people will be using it either way, so it's good to have Alex help lock it down.
My children's school is using Microsoft Teams for classes. The students are:
- kicking out their colleagues
- muting the teacher
- posting memes in the chat room
It looks like you can't prevent them from muting/kicking out each other. There's a larger threat surface of mean pre-adolescents, than a hacker trying to steal their info.
Sure. And it's not easy for a k12 teacher of a third world country to use these tools. The default is open and the need to configure it is a surface attack.
No they are not. A business can have trade information they want to protect. A school would be more focused on individual privacy and safety. These threat models are quite different.
* Google's exposure is far greater than merely other languages
* Exposing profiles & activities of an entire generation of kids to a foreign adversarial surveillance govt is itself a serious threat, covered by other responses here
* This creates a massive increase in exposed surface area. E. g., consider abkid using their parent's computer who happens to work at a sub-sub-contractor on a key defense project. Even if the key files are properly encrypted, just some little data points like the fact of their employment, network name, list of known WiFi routers cached, etc., now lets CCP fill out their model of attack vectors. There's a thousand other ways this can be used to gain an edge if you don't like that example
The bottom line is like the precautionary principle - just because you or I can't figure out how to exploit something, doesn't mean that it can't be exploited.
Why use it at all? I honestly don't know what's available in this space, since I don't need to, but is there really no alternative?
If they're building a product that does shady things (e.g., macOS install nonsense) and is full of security holes (e.g., zoombombing) that's enough to tell me I don't want to use it and I don't want my son's school using it.
Google isn't alone here. Just another data point.
At best it's a product full of security holes. At worst deliberately designed to spy on people. I don't care who those people are. I care about the intent.
Zoom is by far the best usable conferencing software. Its security flaws are irrelevant to most users as the pain of using anything else is awful. It's always a major drawback.
People in the real world care as much about Jitsi as about Bernie Sanders. HN and Reddit are bubbles that Joe Schmitz from MegaCorp Inc. does not know or care about ever despite some aspects being vastly better on the security side. UI/UX is Zoom's domain though and nothing comes close.
Some of us don’t have security as a high priority. I for example wouldn’t really mind if my computer’s entire contents were published at nytimes.com. What I care about right now is my kids getting to see their family over Zoom or whateverx
I think we’re probably at the point where it doesn’t matter what your personal threat model is: your insecurity affects everyone, so nobody has the luxury of not caring about it (much like vaccination against disease). It is a matter of collective and national security.
1. Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
2. Google is motivated to push their own solution for obvious reasons.
3. Tavis, or others, at Project Zero might know some things, maybe we'll find out.