LISTSERV - NCSG-DISCUSS Archives

NCSG-DISCUSS Archives

NCSG-Discuss

NCSG-DISCUSS@LISTSERV.SYR.EDU

	LISTSERV Archives
	NCSG-DISCUSS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Zoom is compromised
From:	James Gannon <[log in to unmask]>
Reply To:	[log in to unmask]
Date:	Sat, 28 Mar 2020 15:39:01 -0000
Content-Type:	text/plain
Parts/Attachments:	text/plain (104 lines)

I think the community has bigger problems right now tbh, your profiled by FB on the vast majority of the websites on the internet right now, nothing is going to change that.

I have to admit that I find the crying wolf at the moment by a lot of folks (And not targeting folks on this list but the general chatter about this on twitter etc) is particularly ignorant of the current situation that people are in, Zoom has proven to be a lifesaver in many situations, both private, educational and professional and if anything should be lauded for its work to remain scalable and stable, rather than slated for providing a user requested feature (FB Live integration allow people who are not tech savvy to be able to see loved ones or participate in education).

Compromised does have a specific meaning within the security community, that the app has been modified or changed by a third party not associated with the creators, which is not the case here, and is merely a tabloid style headline. Which we have enough of on other topics right now.

-----Original Message-----
From: NCSG-Discuss <[log in to unmask]> On Behalf Of Carlos Afonso
Sent: Saturday 28 March 2020 15:32
To: [log in to unmask]
Subject: Re: Zoom is compromised

There are different meanings for "compromise"... but anyway, the joint big-time *unauthorized* profiling Zoom-Facebook is the central problem. Not sure if the relationship stopped because of the removal of the SDK.

To be sure, the community should seek alternatives.

fraternal regards

--c.a.

On 28/03/2020 12:05, James Gannon wrote:
> Its not compromised however, its using the Facebook SDK (And has now been removed) to enable the FB live integration, while yes there may be a feature here that people were not aware of, its not "compromised" in any way.
> 
> -----Original Message-----
> From: NCSG-Discuss <[log in to unmask]> On Behalf Of Carlos 
> Afonso
> Sent: Saturday 28 March 2020 14:54
> To: [log in to unmask]
> Subject: Re: Zoom is compromised
> 
> Dear Farell, I think you did not read the second message from Raoul:
> 
> ====
> https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-f
> acebook-even-if-you-dont-have-a-facebook-account
> 
> "The Zoom app notifies Facebook when the user opens the app, details 
> on the user's device such as the model, the time zone and city they 
> are connecting from, which phone carrier they are using, and a unique 
> advertiser identifier 
> <https://konsole.zendesk.com/hc/en-us/articles/115013349668-Identify-A
> ndroid-AdIDs-Apple-IDFAs-and-Safari-IDs>
> created
> by the user's device which companies can use to target a user with 
> advertisements 
> <https://www.singular.net/mobile-tutorial-series-idfa-apple-identifier
> -advertisers/>
> "
> -Raoul
> 
> ====
> 
> This is far more serious than hacking vulnerabilities known in the standard configuration of Zoom.
> 
> fraternal regards
> 
> --c.a.
> 
> On 28/03/2020 08:37, Farell FOLLY wrote:
>> Dear Raoul,
>>
>> Thanks for sharing this. However, I don’t think the word “compromised” is the right one to use here, unless I don’t understand what you would like to mean. What is described in the link you shared as well as in your second e-mail is something about privacy setting of the apps….that the user could prevent in many ways. Indeed, anytime you use your browser or anything that connect you to the internet, if you do not properly set up your privacy and cookie setting, it always send some data about your device, your operating system and your location. This situation is even worse when you accept cookies on a 3rd party website without reading it in details… A “yes” on a website most of the time means: “yes propagate all my date to all your thousand partners”.
>>
>>
>>
>>
>>
>>
>> @__f_f__
>>
>> Best Regards
>> ____________________________________
>>
>> (Ekue) Farell FOLLY
>> GNSO Councillor
>> linkedin.com/in/farellf
>>
>>
>>
>>
>>
>>
>>> On 27 Mar 2020, at 22:53, Raoul Plommer <[log in to unmask]> wrote:
>>>
>>> FYI:
>>>
>>> https://www.theguardian.com/technology/2020/mar/27/trolls-zoom-priva
>>> c
>>> y-settings-covid-19-lockdown
>>> <https://www.theguardian.com/technology/2020/mar/27/trolls-zoom-priv
>>> a
>>> cy-settings-covid-19-lockdown>
>>
>>
> 

-- 

Carlos A. Afonso
[emails são pessoais exceto quando explicitamente indicado em contrário] [emails are personal unless explicitly indicated otherwise]

Instituto Nupef - https://nupef.org.br
ISOC-BR - https://isoc.org.br

ATOM RSS1 RSS2

LISTSERV.SYR.EDU