Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

this is explicitly not what I asked, and not what the person I was replying to said. besides, zoom already owned this mistake.

https://blog.zoom.us/wordpress/2020/04/03/response-to-resear...



Zoom said that their meeting data is no longer routed through China's servers. That's not what citizenlab's complaint was, and also not what the original poster stated.

>There is the thing that all Zoom keys are kept and maintained in China

Their complaint was about zoom's encryption key generation and distribution practices. The post you linked has nothing about the key distribution scheme zoom needs to implement so they actually have end-to-end encryption.

https://blog.cryptographyengineering.com/2020/04/03/does-zoo...

Without proper encryption, it doesn't matter if all participants in a meeting only connect to zoom servers since you don't know what zoom could be doing inside their network. Are they actually routing data without any storage, or any they storing the data and sending a stream out the back door to interested parties? But with true end-to-end encryption, it doesn't matter what zoom does with the meeting data since only the participants can decrypt it.

Not to mention that for a sufficiently interested actor, they don't need to access zoom's network to intercept a copy of a meeting as it makes its way through the internet to a zoom server. End-to-end encryption also ensures they only get junk.


I actually have no idea what argument youre making.

OP: all Zoom keys are kept and maintained in China

me: got a source for that claim?

you: quote citizen lab, sometimes zoom keys are sent to china

me: i didn't ask if keys were sometimes sent to china and that's not what OP said

you: not what the original poster stated.

this is where you lost me

> But with true end-to-end encryption, it doesn't matter

i never said it mattered. i don't care if zoom is e2e encrypted or not, which is why i didn't bring it up.

> Not to mention that for a sufficiently interested actor, they don't need to access zoom's network

people get away with this internet boogeyman argument because its technically true, but what percentage of internet traffic inside the continental US is actually being monitored and exfiltrated to APTs? compromises happen internally. i cant remember any stories of a data breach occurring with data in transit, as opposed to data at rest.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: