LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Zoom is compromised
From:	Carlos Afonso <[log in to unmask]>
Reply To:	Carlos Afonso <[log in to unmask]>
Date:	Sat, 28 Mar 2020 12:31:31 -0300
Content-Type:	text/plain
Parts/Attachments:	text/plain (81 lines)

There are different meanings for "compromise"... but anyway, the joint big-time *unauthorized* profiling Zoom-Facebook is the central problem. Not sure if the relationship stopped because of the removal of the SDK.

To be sure, the community should seek alternatives.

fraternal regards

--c.a.

On 28/03/2020 12:05, James Gannon wrote:
> Its not compromised however, its using the Facebook SDK (And has now been removed) to enable the FB live integration, while yes there may be a feature here that people were not aware of, its not "compromised" in any way.
> 
> -----Original Message-----
> From: NCSG-Discuss <[log in to unmask]> On Behalf Of Carlos Afonso
> Sent: Saturday 28 March 2020 14:54
> To: [log in to unmask]
> Subject: Re: Zoom is compromised
> 
> Dear Farell, I think you did not read the second message from Raoul:
> 
> ====
> https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
> 
> "The Zoom app notifies Facebook when the user opens the app, details on the user's device such as the model, the time zone and city they are connecting from, which phone carrier they are using, and a unique advertiser identifier <https://konsole.zendesk.com/hc/en-us/articles/115013349668-Identify-Android-AdIDs-Apple-IDFAs-and-Safari-IDs>
> created
> by the user's device which companies can use to target a user with advertisements <https://www.singular.net/mobile-tutorial-series-idfa-apple-identifier-advertisers/>
> "
> -Raoul
> 
> ====
> 
> This is far more serious than hacking vulnerabilities known in the standard configuration of Zoom.
> 
> fraternal regards
> 
> --c.a.
> 
> On 28/03/2020 08:37, Farell FOLLY wrote:
>> Dear Raoul,
>>
>> Thanks for sharing this. However, I don’t think the word “compromised” is the right one to use here, unless I don’t understand what you would like to mean. What is described in the link you shared as well as in your second e-mail is something about privacy setting of the apps….that the user could prevent in many ways. Indeed, anytime you use your browser or anything that connect you to the internet, if you do not properly set up your privacy and cookie setting, it always send some data about your device, your operating system and your location. This situation is even worse when you accept cookies on a 3rd party website without reading it in details… A “yes” on a website most of the time means: “yes propagate all my date to all your thousand partners”.
>>
>>
>>
>>
>>
>>
>> @__f_f__
>>
>> Best Regards
>> ____________________________________
>>
>> (Ekue) Farell FOLLY
>> GNSO Councillor
>> linkedin.com/in/farellf
>>
>>
>>
>>
>>
>>
>>> On 27 Mar 2020, at 22:53, Raoul Plommer <[log in to unmask]> wrote:
>>>
>>> FYI:
>>>
>>> https://www.theguardian.com/technology/2020/mar/27/trolls-zoom-privac
>>> y-settings-covid-19-lockdown 
>>> <https://www.theguardian.com/technology/2020/mar/27/trolls-zoom-priva
>>> cy-settings-covid-19-lockdown>
>>
>>
> 

-- 

Carlos A. Afonso
[emails são pessoais exceto quando explicitamente indicado em contrário]
[emails are personal unless explicitly indicated otherwise]

Instituto Nupef - https://nupef.org.br
ISOC-BR - https://isoc.org.br

ATOM RSS1 RSS2

LISTSERV.SYR.EDU