Yes. The whole point of end-to-end encryption is that your data is safe even when it goes through untrusted servers. (I know they might have a backdoor, or might screw it up somehow. But in principle, if they do it securely, then this holds.)
Yes, if the keys are held in servers that they have access to then they would be able to decrypt the traffic and see what is happening.
The whole point of e2e encryption is that only the 2 parties have the keys, Zoom are abusing this term and making people believe they are doing e2e
They apparently 'define it differently' to every other company, organization, and infosec professional. This sort of thing used to be called lying, but it's essentially an 'alternative fact' now:
Zoom, however, denies that it’s misleading users. The company told The Intercept, “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” and that “content is not decrypted as it transfers across the Zoom cloud.”
Whether the paper is any different is sort of irrelevant if they're starting off from a place of bad faith. One time after another this company has 'accidents' like this, while removing CCP distinguished nonpersons from the platform. A sense of skepticism is certainly justified.
If they can enter the meeting, either they have to get confirmation from the host who would send the keys to the person entering the meeting or they already have the keys and can enter the meeting and decrypt the stream.
If implemented correctly, the server doesn’t get the key. Look up Diffie–Hellman key exchange for more information on how this is possible. This can be verified by auditing the client so you don’t need to trust Zoom.
This is true, but they are going to help law enforcement with calls that have bad content in them, the only way this can happen is if they have the ability to decrypt the streams or enter calls silently and get the keys.
Edit: Sorry for coming across a little brash, I'm quite a strong advocate of real encryption and this kind dilution of terms makes my blood boil because terms are being diluted and people have trust in something that betrays them.
> The Diffie–Hellman exchange by itself does not provide authentication of the communicating parties and is thus vulnerable to a man-in-the-middle attack.[1]
Whoever controls key distribution can control the encryption channel; without a way to verify public keys, all bets are always off. You're right that auditing the client is one (if not the only?) way to do this.
There was a time when outside traffic routed through china. I believe zoom said it was a mistake.
I'm not convinced that a setting alone should provide much confidence in terms of traffic routing considering that it can always be changed independent of what setting in the application you make.
For me, that's hard to believe. They weren't routing the call itself through China, they were just sending the encryption keys to a server in china. That seems pretty intentional. Even if they weren't routing the call through China from a user's perspective, their US server could still be sending the call data to China or recording the call for playback (from China) later. Their track record around security is so bad that I would stay as far away as possible.
Unfortunately for folks who are good actors in other non free countries countries... I find any sort of development or real world controls that are in a seriously non free country... automatically suspicious.
Even good individual developers who have the best of intentions in those places could be subject to pressure and the likelihood we'd ever hear about it is near zero in many of those places.
Granted that 'could' happen in more free countries, but I'll hedge my bets there as there's a great deal more likelihood I would hear about it.
A product developed almost entirely within China is beholden to the whims of the CCP. Especially a billion dollar company. There is literally no escaping this reality.
Diffie–Hellman[0] is pretty cheap, you do it every time you visit a site with SSL enabled. Having the meeting leader do it 200 times to pass around a shared key generated on the client would be e2e and have minimal if any performance impact. There is probably a cleverer way to do it that I'm not aware of as well.
Edit: One issue is the client can run out of entropy but I think that would only happen on modern operating systems if you had hundreds of thousands of clients to negotiate with.
"To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message. Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts."
Eric S. Yuan (Chinese: 袁征; pinyin: Yuán Zhēng; born 1970) is a Chinese-American billionaire businessman, and the CEO and founder of Zoom Video Communications, of which he owns 22%.
The only "relevant" information found in the quote in the GP comment is the nationality of the CEO. How does one jump from the CEO's nationality to inevitable ties and implicit subservience to CCP?
Nationality is not a race. Nationality implies a connection with a specific country. And when that specific country is a vast wasteland for human rights and privacy and civil liberties, then yes, it’s relevant.
I find myself agreeing with most of your points. I mainly took issue with taking a shortcut from "being born and raised in China" to being a hostile Chinese agent (and we don't even know if the CEO has relatives in China that can be leveraged anyway).
Didn't Zoom block a US based activist on the request of the Chinese government? I'm not arguing that there is complete subservience to the CCP but this censorship seems like a line was crossed.
Edit: Let me also state that I'm not entirely sure what OP's argument was, considering the comment was deleted. I'm merely stating that there seems to be some cooperation with the CCP and Zoom.
I'm aware of Zoom's track record, and it could certainly be scrutinized, criticized, or even boycotted.
What we have here is going from "CEO was born and raised in China" to "No wonder why they have to play party with CCP" and "inevitable ties and implicit subservience to the CCP". I can't see the logical connection in the absence of other information. Don't you see a problem with assuming someone's motives purely from their country of origin?
The CCP can and will exert pressure on family members to get expats and former citizens to do what they want. They're not the only country to do so, not by a long shot, but they are particularly brazen about it.
Though I think the CEO is less relevant than the critical amount of developers Zoom relies on that are directly living under and subject to CCP malfeasance.
Summary: Chinese government harass the relatives of the fugitive corruption suspects to force these suspects to return voluntarily.
That's definitely one area the Chinese system is vastly behind the international standard. But this has not been conscious to me.
When I was a child, we had horror stories of people sentenced to death penalty and were executed on superficial charges that sexual misconduct. And my parents have witnessed detained thief were beaten like wild animals by policeman, and the thief's scream was heart far in the then poor village.
These measures can even escalate during "Yanda", a nationally-coordinated clampdown on criminal activities. In [1], it was noted: "China's execution rate increases dramatically during Yanda campaigns."
Such brutal national campaigns are dying down, the most recent one [2] has much less cruelty. And historically such campaigns enjoyed universal domestic support.
As of today, the Chinese government has a high degree of popular endorsement to use whatever not-too-out-of-line measures to bring back the corrupted businessman or former government officials, who are prosecuted by the public attorneys. Thanks a grain of national pride, i.e., "those corrupted bastard not only embezzled our money, and they escape to the country that is unfriendly and can be benefited from those fortune".
I'll be honest, I'm not sure what your point is. Your response reads a bit like a defence of the practice, but I'm going to give you the benefit of the doubt (since there's an obvious language issue).
I will say... it's curious to me that you seem to be well aware of such practices but still challenged the parent to provide examples (the implication being, that they were misinformed).
Why did you ask the parent to provide examples if you knew of some already? What's your motivation?
#1 I was aware of the flaw in legal system. But the flaws I know was that the Chinese legal system was ineffective, inefficient, and quite a bit corrupted.
#2 I was not aware of the details of harassing on corruption suspects' relatives.
#3 I think it was reasonable to not able to link these 2 facts automatically together as self-evident.
Just to be clear, I'm not suggesting that China is unique in doing this. They are simply much more openly aggressive and nonchalant about it.
EDIT: I also think it was both reasonable and correct for you to ask for examples. Superpowers do enough sketchy things that we don't need to be muddying the waters with made up claims.
Is the argument still that this man is a CCP agent because he comes from China? That's literally all the evidence that was provided in the parent post.
Do you not understand the racism behind assuming someone is a CCP agent based on nothing more than their race?
Chinese is also a nationality and that does have relevance if the person has ties to Beijing and the CCP. If the founder were Russian and had ties to Moscow would we be complaining about “casual racism?” It’s racist to suggest racism when a Chinese is involved when similar accusations wouldn’t have been made if the situation were Russian.
While I understand that on the surface seems "bad", you have to understand the CCP taps into people worldwide, and while I don't know his position per se, or finances -- or connection with China today.
It doesn't paint a great picture, especially with espionage and CCP tactics. Look at previous German and USA interference w/ GE, Bosch, -- it's the same story.
Except now it's highlight as "bad" to point out that connection.
I'm disgusted that in 2020, Americans continue to use the same racist, unfounded smears againts people based on their ethnicity just as they did when they were throwing Japanese-Americans into internment camps.
There are plenty of HN users who won't (or wouldn't, in an ideal world) use any US-based software because of NSA interference.
The issue is national origin, not ethnicity. Japanese Americans were thrown into camps for the same reason, but we're not talking about jailing anyone here. We're talking about avoiding a specific product.
Another difference is that Japanese Americans were put into camps regardless of how many generations removed from being Japanese they were. No one is arguing that CCP has control over Chinese Americans whose ancestors immigrated here in the 1800s. It's about people who literally grew up in China and/or still have close family there for CCP to threaten.
> The issue is national origin, not ethnicity. Japanese Americans were thrown into camps for the same reason
```
Of 127,000 Japanese Americans living in the continental United States at the time of the Pearl Harbor attack, 112,000 resided on the West Coast.[9] About 80,000 were Nisei (literal translation: "second generation"; American-born Japanese with U.S. citizenship) and Sansei ("third generation"; the children of Nisei). The rest were Issei ("first generation") immigrants born in Japan who were ineligible for U.S. citizenship under U.S. law.[10]
```
Should there be a upper limit on the generations to be considered not originated from a nation state? According to what happened to WWII Japanese ethnic Americans, that number seems have to be > 3?
And remember that what happened in WWII Japanese internment camp is an evidence that "national origin" as an association was plainly wrong, from the same wiki page:
```
In 1980, under mounting pressure from the Japanese American Citizens League and redress organizations,[30] President Jimmy Carter opened an investigation to determine whether the decision to put Japanese Americans into concentration camps had been justified by the government. He appointed the Commission on Wartime Relocation and Internment of Civilians (CWRIC) to investigate the camps. The Commission's report, titled Personal Justice Denied, found little evidence of Japanese disloyalty at the time and concluded that the incarceration had been the product of racism
```
Emphasis on the last statement: `the incarceration had been the product of racism`.
There is a difference between US based software (e.g. servers located in the US), vs a CEO that's from the US (or China in this case). If the argument is that Zoom the company has routes traffic to China etc then fine I can get behind that. But if the argument is the CEO is from China I find that problematic. I mean it's not like internment of Japanese Americans is ok if it's limited to only first gen.
EDIT: Also sounds like you're saying that it's ok to avoid doing business with someone based on national origin, which I also find problematic.
> Also sounds like you're saying that it's ok to avoid doing business with someone based on national origin, which I also find problematic.
Sure, it can be problematic. I've seen articles about how Russian people in the software industry are having a very hard time because of what Putin's regime does. It's not fair for the people who have nothing to do with Putin and no exposure to him.
But what is the alternative? Putin and Kim have assassinated dissidents in Western countries. Do we assume people can't be coerced just because they left the borders of the authoritarian country?
Should the US government also remove its nationality restrictions for security clearances?
The alternative is to not discriminate based on national origin? Which is a protected class by the way. Nationality is also very different from national origin. Eric is an American citizen as far as I aware. You can point to the requirement to be bore in the US to run for presidency, but 1) that’s an edge case and 2) where is the line? Is it ok to discriminate again foreign born Americans but not against native born? What about native born Americans with relatives in China / Russian / North Korea.
I mean overall you really don’t find it an issue to blankedly judge an entire class of people based on what some people within that population does or could do?
> The alternative is to not discriminate based on national origin?
It absolutely is not a protected class. There are no protected classes when I am deciding whom I trust with my personal data. I can discriminate for any reason, including national origin.
> I mean overall you really don’t find it an issue to blankedly judge an entire class of people based on what some people within that population does or could do?
I would find that an issue if anyone (including me) were proposing it. We are not. You're attacking a straw man.
Here are the facts, regardless of Yuan's citizenship, race, etc:
1. Yuan grew up in China. He still has Zoom employees and family there.
2. China is controlled by a regime that has no qualms about using physical threats and violence to maintain control.
That's it. That's all I need to decide that I don't trust Zoom, if all of their extreme dishonesty and malware installations weren't enough. They haven't shown good judgment, and even if they did, it would be easy for CCP to put pressure on Yuan (or any other employee living in mainland China).
If Yuan had no family in China, no employees, and enough bravery to speak against CCP, I would not feel this way. I am not judging an "entire class" of people.
By the way, every firm that requires security clearance does judge entire classes of people as security risks. The question I asked, which you didn't answer, is whether you think that's also inappropriate.
Yes you're free to make personal choices based on whatever factor you like. You can decide based on vendor's national origin, race, sex whatever. I just don't think it's right on those factors alone.
You listed 2 things. First is where he's from, the second is the politics of the country. You are then basing your judgement (at least in this comment) purely on those factors. The implication here is you wouldn't trust your data to anyone that was born, grew up and has family and / or employees in China. I mean most of the large tech companies have some employees in China. How is this not judging an entire class (or group if you'd like) of people?
As far as security clearance, they are at least in theory assessed based on established facts about a particular person. e.g. being born in China doesn't automatically disqualify you as far as I'm aware. If you know otherwise or can point to examples, I'm open to being corrected.
I mean if it's been established that Eric has connections to the CPP then that's a different matter and we can look at that. My objection is with "Eric is a Chinese-American billionaire businessman so we shouldn't trust him".
I see your point about a person's family still living in China, and hence giving leverage to CCP to put pressure on them. However, the argument that where people grow up gives them inherent alignment with the government of that country, and they can only be "cleansed" through generations is at best bogus, and at worst ammunition for racism.
Not to justify atrocities happening in China or getting into Whataboutism, but just to give an analogy, would it be fair to consider any US expat an accomplice in or a proponent of separating migrant children from their families at the border?
It explicitly argues that he's evil because he has a Chinese name and Wikipedia describes him as Chinese-American. There's no equivocating about the software being China-based, or him having close family in China for the CCP to threaten.
And discriminating against people for national origin is considered so bigoted it was explicitly included in the 1964 Civil Rights Act. Your reasoning is sound, but you should seriously reconsider your basic ethical principles.
> Japanese Americans were thrown into camps for the same reason, but we're not talking about jailing anyone here.
Yet.
At the risk of a slippery slope fallacy, institutional xenophobia ain't controlled by an on/off switch. Dehumanization is a gradual process, and establishing an attitude that people associated with an enemy are aligned with that enemy is part of that process. At first those associations might seem reasonable, going for officials and other important figures, and then perhaps their family, and so might the actions against them, like added scrutiny and surveillance of their communications and travels. The problem is that both ends of that are prone to scope creep - the target set broadens ever so slowly (citizens, ex-citizens, descendants of (ex-)citizens, their descendants, and so on, almost always excused with "well we need to be sure that $CURRENT_TARGET is not part of $PREVIOUS_TARGET"), while the actions worsen ever so slowly (surveillance, profiling, travel restrictions, property confiscation, imprisonment, sterilization, execution) as the rhetoric heats up from "we just want to make sure these people aren't the enemy" to "these people are the enemy and shall be treated as such".
Personally, I'd prefer to nip that in the bud rather than watch 1800's-era sinophobia reenact itself at the expense of my Chinese-American friends and colleagues. I also have enough self-awareness to know that if I would be upset by people writing me off as "will probably help oppress minorities and political dissidents if his government tells him to do so" simply because I happen to be a citizen of a country with a track record for oppressing minorities and political dissidents, then I should refrain from doing so to a citizen (let alone ex-citizen) of a different country with those same tendencies, even if those tendencies are, in my opinion, much stronger.
I don't see how this isn't just discriminating based on national origin.
It'd be one thing if there are actually some nefarious ties between Eric and CCP, but all we are going by is he's originally from China and there could be influence by CCP on people from China. It's not bad to point out a connection, it's bad to point out a possible connection based on nothing more than where the guy is from.
There is plenty of evidence suggesting that Zoom collaborates with the CCP without it, there was undue pressure to terminate activists without users from China.
It is best to focus on these sorts of links rather than someone merely being from China.
That I'm fine with. If there is evidence that suggest Zoom is doing something unsavory then we should call them out on it. But suggesting Zoom isn't trustworthy simply because the CEO is Chinese is distasteful.
A lot of Chinese values are at odds with American values. Someone who is genuinely pro-Chinese values threatens things we often take for granted here in America
Unfortunately, I have to post this comment again, from just 3 days ago [1]. Also remember that Eric Yuan is an American citizen, not a Chinese citizen. He switched. Original comment:
When will this meme die?
Zoom is NOT a Chinese company. It is incorporated in and headquartered in the US. Like any American company ever, it follows US laws in the US, and local laws in other companies where it operates. End of story.
Yes their culture certainly has stronger cultural internal ties to China, due to the number of Chinese employees, but what has that got to do with anything? At the end of the day, they're a public, profit-driven corporation trying to make lots of money across the entire world.
It's not like they're secretly and nefariously doing the CCP's bidding, which seems to be the veiled suggestion people keep making.
Seriously, every time someone brings up that Zoom is "really" a Chinese company, it comes across as borderline racism or conspiracy-mongering or both. And while I'd usually never comment on someone using a throwaway account, in this case when you're pushing these kinds of shady "stronger than the more-commonly-discussed" insituations, I think using a throwaway here is representative of exactly the kind of astroturfing that spreads malicious rumors without evidence.
> Yes their culture certainly has stronger cultural internal ties to China, due to the number of Chinese employees, but what has that got to do with anything?
How is it racist to suggest that Zoom has Chinese influences (seemingly not farfetched based on the equity ownership mentioned above and not at all disputed based on the technicality of Zoom being a US company)?
It is not racist to suggest that the Chinese government influences companies. It is racist to suggest that Chinese people are automatically predispositioned to certain actions.
Fair enough and I don't think anyone here will find that statement controversial. I think what bothers me in some of the dialogue here is what I perceive as an attempt to play "hide the ball" by pretending that CCP interests don't run counter to the interests of liberal democracies by labeling raised concerns as racist. No one framed anything in racial terms to begin with so I don't see why it needs to be placed in that context.
It's racist to suggest that Chinese people (NOT the similarly-colored Taiwanese) feel some weight from the dictatorship were they live/grew up/have parents in?
>The suspension targeted Humanitarian China, an organisation based in the US, after it held a call with roughly 250 people, including a number who dialled in from China.
Same reason why Google censored itself for China in 2006. Did people think Google was a 'Chinese company'? Note that this was before Google set up a presence in China.
I don't see how it's the same. In Zoom's case organization was in US and call organization was in US and company works by US laws. Why would they censor these accounts? Google on the other hand had to do it to operate in China, had to submit to Chinese regulations.
The same would be if they blocked Gmail of US citizens because of discussions related to China.
I guess I don't consider that the same thing at all. They're censoring searches coming from china to google.cn (hosted in China). They didn't really have a choice, the servers are in China, the users are in China.
What they aren't doing is actively blocking users from China getting to www.google.com, and they aren't censoring searches Chinese users do on www.google.com because those resources aren't hosted in China and aren't subject to Chinese law.
Zoom on the other hand IS blocking users from China accessing resources in the US and while they may have "undone" the ban, they banned US users from their platform for breaking a Chinese law that they aren't subject to. Namely talking about the Tienanmen Square massacre.
They actually didn't. Their options were filtered servers in China or no services in China at all. We can collectively be upset at their decision but they ARE beholden to their shareholders as a public company. Abandoning the Chinese market entirely is something they could've tried, but their major shareholders made it pretty clear there would be a change of leadership if they tried.
Unless you've got a magic bullet to give Wall Street a conscience, that wasn't going to happen.
Ok it was the fault of their major shareholders, but then it's ok to make them pay their decision, I think (hoping that they're still holding those shares).
By the way, in general my understanding is that the "beholden to their shareholders as a public company" (and thus forced to make the most remunerative decisions) belief is a myth, a public company is free to make ethical choices (if its major shareholders don't oppose them).
Zoom claimed they had to remove Chinese participants from the US-hosted meeting but didn't have the functionality to do that so (wrongly) banned the US hosts.
They said it was wrong to do, reinstated those accounts, and are building the functionality to enforce those Chinese laws without ever impacting users outside China.
I'll ignore for a second the fact they refused to even acknowledge Tiananmen Square in that post, despite the fact that as was pointed out they're a US company that isn't beholden to China and they're posting in English on their US-based website.
They are actually admitting that they're going to prevent people IN CHINA from connecting to a meeting that is presumably hosted IN THE US. That doesn't make it better, it makes it WORSE. You're basically telling the world that China will dictate how you operate WOLRDWIDE not just in China.
I'm sure that if the US had as strict control over our/their internet as China does over theirs, non-US sites would be forced to operate differently for peers in the US too.
Defending something as "NOT a Chinese company" or not a Chinese citizen (as if those would allow certain assumptions about the actions of individuals) is still xenophobic framing. People are people and are capable of independent thought and actions.
We can be upset at power structures and at their effects. Taking that further to make assumptions about groups of people is racist.
"Chinese" are not a race, and assuming that groups of people are somewhat more likely to be subject to some power structure, is not racism or xenophobia.
You'll get a Liu Xiaobo once in a while, but much more often you'll have people that, while easily wonderful as people per se, are disgracefully forced, or have been convinced to, do some things that they shouldn't do.
You started a wretched flamewar with this post. That was vandalism.
Nationalistic and ethnic flamewar will get you banned here. So will personal attacks and insinuated slurs.
People have been hounded off this site in the past by comments along these lines. That's shameful, and we want no more of it.
No, we're not defending communism or the communist party. We're trying to defend Hacker News against (a) mob behaviors and (b) self-immolation. Here are some recent comments about this, which include other links to plenty of past explanations.
The objective behind verifying accounts is to prevent spammers creating lots of spam accounts and using those to spam.
However, spammers rarely care if their spam is encrypted, so putting E2E behind verification won't do anything as far as spammers are concerned - they'll happily keep spamming using the unencrypted accounts.
There's some other reason behind this that isn't about reducing spam.
Only 4 comments in and we hit one of the four boogymen of the civil rights apocalypse. How many comments until we get to domestic terrorism or illegal drugs?
> one of the four boogymen of the civil rights apocalypse
The public is willing trade away privacy in exchange for protection from certain categories of risk. Instead of denying that, one can lean into it by ensuring strict definitions and enforcement options within those categories while preserving full privacy for those without. Arguing pedophile rings and terrorism are a cost of a privacy policy is a good way to sink that policy.
I would make a cogent argument to rebuff your straw man, but it's not worth my time if you don't share a priori assumptions with me about E2EE being uncrackable. It's just math. I don't see why the talk of trade-offs even is relevant to the discussion. People will use secure tools with E2EE or they will suffer the consequences of not doing so. Doing illegal things is already illegal. Banning or watering down E2EE so that it becomes no long E2EE is throwing the baby out with the bathwater.
Your mistake is bringing a technical argument to a political question.
My personal political answer to "how to have end-to-end encryption and prevent its use for child rape" would be to tax the companies which profit from E2EE, and use that money to fund death squads, which livestream dragging child rapists out of their home, anywhere in the world, and beating them to death with truncheons.
I'm joking, of course (or am I?) but I do consider this the general shape of a viable solution. E2EE is essential for a modern life which isn't a hellish surveillance dystopia, and the detection and prosecution of child rape is criminally underfunded.
> E2EE is essential for a modern life which isn't a hellish surveillance dystopia, and the detection and prosecution of child rape is criminally underfunded.
This is creeping a little close to populist rhetoric. The crimes you've described are obviously awful but angry politics will only lead to knee-jerk solutions.
It's clearly underfunded in relation to the difficulty in prosecuting these cases. Banning E2EE is a way of lowering the bar of difficulty in prosecuting these cases. The crime is reprehensible, and worthy of enforcement due to the heinous nature of abuse. Curtailing abuse via violating human right to encrypt is not the way to end abuse. Thus, more funding is likely justified, if it leads to an end to abuse. This social benefit of reduction and elimination of abuse should not come at the expense of human rights and E2EE.
I see, so your main concern here is prosecution. It is indeed true that prosecution is understaffed and underfunded. I feel there are other problems at play too.
CPS should be able to spot children in abusive homes and respond to reports of unusual activity. They should be able to spot clearly unstable caretakers.
Counsellors and teachers should be able to spot unusual behaviour from children. Mental health services can help someone escape falling into such a situation in the first place by keeping them from falling into depression which leads them to rely on such a person.
Local police shouldn't dismiss leads so readily. This is the it is impossible for him or her to do such a thing mindset which prevails so frequently.
Parents shouldn't trust their relatives so readily and should keep an eye out. 90% of cases happen at home.
If they stopped showing off their crimes online, would the entire system come to a crawl? I'm worried by how much of a reliance there is on divining crimes off the internet.
What if the only practical way to 100% stop all crime is to shutdown the internet?
Now, I'm not saying there is nothing that can be done to reduce it. I very much hope there can be, especially if counsellors can find warning signs and we can better figure out how to spot the danger signs, both online and off.
Facebook took a good step forward by putting warnings up to minors when someone outside of their social circles has contacted many others, although there are other things which could be done.
Should they be allowed to contact them through onion routing during such situations? Where do you draw the line of when such technologies can be used? Is it better not to open this can of worms and risk a slippery descent? What are the chances of false positives, will it unfairly impact relatives? Will it give a black mark to privacy technologies and civil liberties to be associated with automatic blocks? What if minors want to engage in activism, should this be limited? At what point does pushing and pushing start the lie about your age shenanigans again?
This is about Facebook here but it ties back to arguments about doing this or that for the greater good.
Is a more grounded approach better? Ensure minors are well-educated of the risks and dangers online? Invest in mental health services to avoid minors falling into depressive slumps where they might be susceptible to such criminals? In the rare event they drag anyone back home, whether they think they're of a similar age or not, they bring them before the parents first?
Yeah - I'm pretty sure this is the real concern and verifying a phone number is reasonable trade-off.
I know this argument is often quickly dismissed on HN since people see child abuse or 'going dark' as an easy excuse for the government to leverage to get more control (and it has been used for this), but that doesn't mean the problem isn't serious or doesn't exist.
The people carrying out the abuse are sophisticated.
I have a friend that works at WhatsApp and their entire team is focused on trying to remove groups that exist to share child abuse imagery (via metadata since content is encrypted).
I fall on the side that secure encryption is critical for all of the reasons that technical people normally argue that it's critical and breaking it doesn't work/is a bad idea, but I also understand and empathize with the difficulty encryption by default causes for the organizations fighting this abuse.
That said, I have serious disagreements with Zoom unrelated to this particular e2ee issue (https://zalberico.com/essay/2020/06/13/zoom-in-china.html), I think they don't actually care about protecting the speech of their users or securing content from authoritarian governments. It's still good to avoid them for that reason alone.
> The people carrying out the abuse are sophisticated.
In this case wouldn't they build their own solutions (potentially based on existing open-source solutions like Asterisk + Linphone or Jitsi Meet) or they might've built them already?
Phone numbers are also very easy to obtain anonymously, so I am not sure SMS verification would help track down abusers when it'll lead to a prepaid SIM or some innocent user's phone that happened to be compromised by malware.
I agree that these reasons are why it's not a good idea to break or outlaw encryption since bad actors can still use it and good people that need it are blocked, but this doesn't mean that making it the default doesn't enable more abusers to get away with it that might be caught otherwise.
There's a spectrum of sophistication, if it's harder more of them will make more mistakes that make them easier to catch.
So how do you define that giving away phone numbers is the right trade-off in the "spectrum of sophistication"? It effectively means lack of anonymous communications for everyone, i.e. global surveillance (personally identifiable metadata is in the hands of Zoom).
I didn't say it was 'right', I said it was 'reasonable' - and there aren't easy answers to this.
Also to clarify, specifically a reasonable trade-off for Zoom (I don't think there should be a general law that requires IDs for video software use or something).
> Phone numbers are also very easy to obtain anonymously, so I am not sure SMS verification would help track down abusers when it'll lead to a prepaid SIM or some innocent user's phone that happened to be compromised by malware.
It depends on which country really. In some places in Europe it became almost impossible to do that (sadly).
People would give more support to government efforts to fight child abuse videos, if the government stopped using child abuse control tech to violently suppress human rights.
Indeed, E2EE will enable criminals to go undetected. And this is a real problem. However, it’s an arms race that will end with criminals having proper, strong E2EE anyways. Trying to reverse this is like trying to reverse entropy, the toothpaste does not go back into the tube. It may seem like it is still doable now, but I’d be willing to place bets that feeling will evaporate shortly.
Of course, criminals are ordinary people too. They care about convenience and network effects as much as anyone. Which is why I think it’s insane that governments want to jeopardize the trust people have in proprietary, huge E2EE platforms that actually have the means to aid them in investigations. Yes, breaking the crypto may not be an option, but at least collecting useful metadata for use in investigating, and potentially ethical hacking, is an option.
I fear the day when the trust is gone because there is a very real possibility that some day many will be using decentralized E2EE chats, maybe even P2P. It’s not just conjecture of course, Matrix exists today and is already very impressive (in my opinion) in terms of usability.
The internet is opening up the concept of having nearly private communication with pretty much any individual in the world. It isn’t free of implications, but also, as more of our lives move online I feel its absolutely crucial that every day people can feel confident they’re not being monitored. The problem of CSA and other criminal behavior existed before the internet and it will certainly exist after. It’s absolutely past time to re-evaluate laws surrounding child protection, which seem to me to mostly be reactionary at this point (in that many of them are spawned as a result of a specific incident.)
If you think this strengthens the case against encryption laws, I suggest you rethink. There’s plenty of valid arguments against banning strong encryption and this isn’t one. You can’t simultaneously argue that E2EE keeps people’s conversations private to eavesdropping and then suggest that it doesn’t prevent eavesdropping for law enforcement purposes- at face value it does, and image hash databases to prevent the spread of known CSAM exist today; see, for example, Project Arachnid. And yes, law enforcement eavesdrops for law enforcement purposes. That’s why wiretap warrants exist. Whether its a good thing is another argument entirely, but it is indeed the status quo.
Put plainly, there will always be crimes you won't be able to catch. You prioritise resources on the most pressing ones and build up resources in the real world to tackle them in other ways. Dystopian lists on the client to control what you're allowed to say or think or report your thoughts back to the government still violates the principle E2EE is built upon.
There is no middle-ground. You either are secure or you are not. The genie is out of the bottle either way.
> Indeed, E2EE will enable criminals to go undetected. And this is a real problem. However, it’s an arms race that will end with criminals having proper, strong E2EE anyways.
Individual child abusers aren’t part of a monolithic organization with training on how to secure their comms and practice OpSec.
The number of criminals who still create evidence against themselves on unencrypted platforms (SMS, phone, etc) is significant, despite E2EE options already being available. People are even being arrested for rioting after admitting on public TikTok videos to participating.
I think the only way criminals will standardize on E2EE is if every platform and communication mechanism is E2EE by default. Otherwise they will continue to make mistakes or think they can slip under the radar.
> I think the only way criminals will standardize on E2EE is if every platform and communication mechanism is E2EE by default. Otherwise they will continue to make mistakes or think they can slip under the radar.
FWIW, I believe this is the future if lawmakers don’t prevent it. A look at some E2EE software today:
- WhatsApp
- Matrix
- Signal
- iMessage
- Firefox Send
- MEGA
- ...
The list will grow.
In my opinion, E2EE today is like TLS 10 years ago. TLS was once a nice-to-have when it came to communication that was not strictly necessary to encrypt. Today, TLS is more sophisticated, stronger, and easier to implement than ever, and damn near a necessity for anything, even toys.
Granted... E2EE is necessarily harder, since it requires application-level implementation of crypto primitives, things definitely get complicated. Still, I believe the state of the art will continue to improve and tooling with it. Eventually there will probably be defacto libraries and maybe even OS frameworks to deal with E2EE key management, trust, etc.
To be clear, I view this as strictly a good thing and an inevitability. I don’t think transport encryption and encryption-at-rest are good enough anymore for private communication. Of course for public sites like Twitter or Tiktok it’s all you would logically get, but for any group or direct communication I now believe E2EE is slowly becoming the new baseline, and it’s mostly the complexity of it that hampers adoption.
Now that iMessage and WhatsApp are E2EE though, there is a lot of messages flowing that, exploits notwithstanding, are “truly” private, today, and I think the number will only go up. The only real question in my mind is, who’s next?
As far as criminals making slip-ups, this is guaranteed; even the best make mistakes obviously. But assuming all criminals are foolish and stupid is a mistake; I believe there’s a lot of selection bias in there, since we don’t get to find out those who truly never get caught. Time will tell if any of this really matters, or, if, as usual, it’s just another panic that has no tangible effects. I vote on the latter, but I still do believe proliferation of E2EE will change the game in ways we can’t really anticipate 100%.
> I know this argument is often quickly dismissed on HN since people see child abuse or 'going dark' as an easy excuse for the government to leverage to get more control (and it has been used for this), but that doesn't mean the problem isn't serious or doesn't exist.
When a company says they want your phone number in order to use their resources, so they can take steps to avoid having their resources used for (certain) crimes, that's well within the bounds of reasonable.
The problem most people have is when the government tkes away the use of _super important feature_ from the populace as a whole (even using their own resources), because it _can_ be used for crimes.
If you read the rest of my comment beyond the first line (particularly my blog link), you'd see that I agree with you when it comes to companies taking an ethical stand against authoritarian governments.
What you're arguing is a strawman, we agree more than we disagree.
> If you read the rest of my comment beyond the first line (particularly my blog link),
I read, and I think your argument is hollow, and, assuming your goodwill, you are not understanding the matter at all, and if not, I see an ill intent.
I do not appreciate all what you say at all. Any argument against encryption must be quashed without exceptions, and second thoughts.
It is only since the start of 21st century, the experience akin to "legs broken, skin flayed alive, and head cut off" has been a grim reality for far more than a million people by now, mostly for, really, nothing. What are talking about this! And what you talk about?
Attack this argument, not something not even having a passing genuine relation to the matter.
As you’ve responded here and elsewhere, calling an argument “hollow” is not a substantive disagreement.
It seems any argument that you don’t already agree with (basically only your exact position) is classified this way.
The rest of your comment is basically incoherent, and the parts that do make sense are obviously wrong. It’s also a willful misinterpretation of my position.
People were flayed before the 21st century. Acknowledging the issues with encryption is a critical requirement in making an effective defense of it. I am not arguing against encryption.
If this is an issue you actually care about (which it sounds like it is), learning how to build consensus and honestly consider the positions of others would be a valuable skill to develop.
As it stands you’re doing more harm to the pro-encryption position (which is also my position) with how you’re attempting to defend it.
Are we talking about recirculation of existing content or new cases of abuse? How much of it is new? How much of it is duplicates? How much of it involves the platform facilitating crimes to produce it? One article noted something very alarming, that resources are diverted from more serious crimes to chase these ones.
Child pornography gets held up to the public a lot because it's a crime nobody can defend and walk away the same they were, no matter what you say. If you publicly contest this move for privacy reasons, you're automatically defending the worst child molester someone's mind can come up with.
It isn't just that. People will cherry-pick the worst incident that ever happened on a platform involving children and compare everything else to that and say that if you support privacy you're supporting this everywhere.
The one, admittedly terrible incident, will shock people and they will push exaggerated means to "stop" it. Ones which just so happen to feed tons of information into the NSA machine.
People come up with stories of live-streamed child pornography too but do these children live in some parallel universe where crimes can be committed against them without recourse? What is the police doing? Did they not find suspicious behaviour in a neighbourhood? Did a counsellor not pick up on it?
Yeah sure, child pornography is awful but why is this part of the equation the only one that is ever mentioned? Why is it always about encryption or anonymity?
You also signed up an account for banks, they collect a ton of data on all your payments, got a problem with that? You gonna say yeah Zoom is not a bank, but your prose is the data collection part
It's perfectly ok to be against data collection in any form even when you are subjected to it on another service. Just because someone is subjected to data collection knowingly, does not mean they condone it.
Discord recently demanded my cell phone number to be able to type messages. I declined, contacted customer service, who offered no other way to authenticate. I will not be using Discord anymore and will recommend to everyone I know to avoid it as well.
There is no need to use my cell phone or any telephone number when you already have a means of communication via email or any other channel.
It’s still only opt-in. Users have to submit an application (including text message verification and other personal info) to gain access to E2E encryption. Zoom has shown that it does not care about privacy.
Well to be fair if it was enabled by default it would break dial in (with traditional telephone) support as E2E doesn’t allow for that. This is a reason why even some large paying organisations haven’t enabled E2E
Agreed, to rephrase my concern: By default accounts don’t even have the option to enable E2E encryption in a meeting. There’s no button to press that will turn on encryption if nobody’s dialing in. Your user account has to go through a separate review process to get the “privilege” of encrypting your meeting.
Isn't it fair to say that this brings Zoom more-or-less exactly in line with the privacy vs law enforcement balance of a normal telephone call?
Writing from the UK, I'm reasonably sure that (a) all my phone calls are not recorded and (b) the phone number and duration of every call absolutely is recorded (this has to be shown on your phone bill!) and is available to the police when needed.
Speculating further, with the right court orders / warrants the normal E2E encryption algorithm for a particular user could be replaced with a "law enforcement decryptable" one and, hey presto, it's a Zoom equivalent of a proportionate wiretap that only covers future calls. Certainly a lot better than encrypting the calls of all users with such an algorithm "just in case".
Why on Earth would you trust Zoom, a company which has repeatedly done extremely sketchy things, to implement their closed-source proprietary platform in this specific way?
It would be easier to just lie about the encryption being end-to-end.
Personally, I will never use Zoom for anything, a decision I came to when my OS vendor (Apple) pushed a security update for my OS to get rid of Zoom.
I wasn't really trying to comment on their overall trustworthiness - I just don't think you have to stretch very far to imagine how a conversation between ≥1 Zoom employee who genuinely does care about privacy ("our users are demanding E2EE") and law enforcement agencies ("we demand or are entitled to certain powers") might have resulted in the offering being announced today.
I'm quite frustrated they are calling this end to end. I can't find it now but a tweet earlier indicated that they have the keys and can help law enforcement with investigations which means it's can't be end to end.
Any centralized E2EE service has the (public) keys; that's the only way to distribute them to users. You have to trust (or verify, in the case of Signal) them to deliver authentic keys rather than MitM'ing you.
My read on this is that they found a way to backdoor all supposedly E2E-encrypted calls and legal compliance is no longer a problem for them. Perhaps I’m being too cynical.
Why trust any company that put out the initial policy in the first place?
Have they had a fundamental turnover in management, indicating a new pro-privacy culture? Did they move their development out from under the thumb of the CCP?
No and no?
So what’s changed?
If they weren’t trustworthy before, they certainly aren’t now.
One thing that has changed is that their userbase broadened.
They were mostly focused on workplace meetings. If that's your focus, then most of your users are employees of some company whose contact information you have. Users with unverified identities are a corner case that you may not feel is worth trying to get right.
Thanks to the pandemic, they have millions of new users who use Zoom for personal purposes (meeting with friends and family, etc.). What once was a corner case isn't anymore. It might even be their most common type of user.
I'm not arguing that Zoom can necessarily be trusted, but I can see a plausible reason how they could have gotten to where they are on this issue.
I agree they should be cluing in by now. I'm just saying it could be growing pains from shifting from a B2B business to a B2C business. That difference has huge effects on product design and on your mindset. Being slow to realign your mindset with reality isn't necessarily the same thing as being dishonest or disreputable.
But yeah, while feeling that you can't trust them because they don't know what they're doing is not the same as feeling that you can't trust them because they're in cahoots with someone (governments, etc.) against your interests, in the end they're both forms of feeling that you can't trust them.
They have more users, but so what? They suddenly found (privacy) religion, so now they can be trusted? That certainly sounds like a leap of faith. A blind one.
Stop looking at the empty words they say, and start looking at their very intentional and malignant actions over the last few months/years.
I guess "broadened" could be interpreted two ways. I don't mean the numbers grew. I mean that userbase came to incorporate new, different types of users.
Updated their priors? Review their history. Their "real intentions" have been "revealed" multiple times over the past several months (or years). It's a litany of privacy-related blunders. This is pure PR; words to distract you from their many misdeeds.
Trust, but verify, yes? Well, they're verifiably full of crapola.
Is it though? End to end encryption doesn’t mean they don’t pass the key back to themselves.
It’s a bit of weaseling here. They say they’re offering E2E and that might be true, and it could also be true they are sticking with their original vision of cooperation with law enforcement because they “are aware criminals use the service”.
This wasn't the only problem with Zoom, and it was an egregious problem. Zoom has lost all presumption of good faith, and in fact earned the presumption of bad faith as far as I'm concerned.
Has Zoom ever had their application(s) audited for security? Without an independent, external audit I don't know why they should be trusted that they've actually done e2e completely or correctly.
Any E2E implementation is worthless if the service provider controls the keys and doesn't allow the user to verify it (or alerts the user in the event of a key changing). Otherwise the service provider can simply swap the keys when they want to eavesdrop on someone and the users would be none the wiser. I don't believe that zoom has such measures, so any audit into whether E2E was implemented properly is pointless.
> we will allow the
SSO IDP (Identity Provider) to sign a binding of a Zoom public key to an SSO identity,
and to plumb this identity through to the UI.
> Second, we allow users to track contacts’ keys across meetings.
This way, the UI can surface warnings if a user joins a meeting with a new public key.
> we will implement a mechanism that forces Zoom servers (and SSO
providers) to sign and immutably store any keys that Zoom claims belong to a specific
user, forcing Zoom to provide a consistent reply to all clients about these claims. Each
client will periodically audit the keys that are being advertised for their own account and
surface new additions to the user.
> In Phase IV, we look to the future where Bob should sign new devices
with existing devices, use an SSO IDP to reinforce device additions, or delegate to his local
IT manager.
All of this of course relies on a zoom client actually doing everything described in the whitepaper, but it certainly looks like a good faith effort to implement real, functional e2ee
I commend Zoom for listening to the outcry over E2EE being limited to paid users. Between this move and their quick acknowledgement of mishandling the shutdown of accounts when asked by China, they're doing a better job than most of responding to criticism.
Agreed. I am always confused about the smackdown following a reversal from an arguably bad decision. We should be welcoming in hopes other companies note that being responsive is a good thing.
Otherwise, it is just being stuck between rock and a hard place with no place to move.
I would argue that it is harder on us as it requires engagement and being a conscious customer.
Sadly, it is not really new. Companies will typically attempt to extract maximum amount of milk with minimum amount of moo. If they keep making mistakes, we need to keep making noise.
Exactly. And it's not like which video calling service one uses is a hill to die on. There are plenty of alternatives that aren't routinely bending the knee to authoritarian governments.
If they're actually encrypted, I don't care much security-wise, but I do performance-wise. Given that Zoom works reasonably well, I very much doubt that they're sending all my data to and from China. You don't run a service like this without servers in lots of places.
I'd hope that when I Zoom with my coworkers two miles south of me in Austin, we're using AWS/Azure/Google Cloud/whatever servers in Texas, or at least within a couple thousand miles.
As long as zoom is closed source from end to end, they could pretend to use quantum entanglement over IP, for all I care.
I still use it, don't get me wrong. My threat model for the use case that I make of zoom does not need strong encryption, only being script kiddies proof.
with closed source, hosted software E2EE is as much about trust as it is about technology since you can't verify its implementation. arguably, if trust is there, E2EE doesn't get you much anyway other than for scenarios where the company itself is breached.
in any case, if the trust isn't there, you can't validate the E2EE, so your risk profile with regards to using the software doesn't change much.
How would one know that this black box works the same for every user? What would stop Apple from distributing a compromised update to everyone or to selected users?
The protection against this problem is to have the app (or the platform it's running on) check before installing an update that the hash of the binary it has downloaded has been recorded in a public transparency log.
With closed source software, though, this doesn't give as much confidence, since a company could create a version which they send to everyone but which contains an "if (userId == NSA_TARGET)" conditional branch.
You can verify closed source E2EE as long as you can inspect the traffic going client-server. The problem is that most E2EE apps allow auto-updating, so baking in something that transmits info to a third party is easy (but detectable with enough eyes on the code).
But what's stopping the software from, say, having a backdoor that is only exposed under certain conditions? For example, if you are under an FBI investigation. I suppose you could automate the verification on a per-call basis. Unfortunately, every bit over the wire would need to be seen by a fool-proof algorithm to ensure your safety. Seems not tractable.
Agreed. You can only verify E2EE for the traffic you inspect, not for traffic you don't. If they open-sourced the client it'd help a lot, but I'd also like to point out that you probably have stuff in your current device that has DMA and network access that is not open source either (PSP, IME, 4G modem, and so on) and that could break that encryption too.
If you are under serious investigation I wouldn't trust anything "smart" manufactured in a country under that investigations jurisdiction.
Yup fair point. Circling back to Zoom, I think the trust part of this has been violated enough that such an inspector tool ought to be considered strictly necessary to use it if you are security minded. So in the end, there's not much of a point to the announcement imo.
If the closed source E2EE app is sending encrypted messages but leaking bits of the key in how those messages are padded, for example, how would you detect that?
As for the threat model of open source E2EE apps auto-updating to an insecure version, you're right that this needs some extra defences. One way would be to use a binary-transparency log[0] to make sure that the open source project had publicly committed to a specific binary at least 24 hours in advance of pushing the auto-update.
This system relies on there being auditors out there who would raise the alarm if a malicious update was released, or a hash was included in the log for which there was no corresponding (reproducibly buildable) source code.
I imagine you mean inspecting everything that gets transmitted besides the -2E part, but even if you could there are a thousand ways for not-really-safely-encrypting a communication without you being able to notice
Aside from whatever the Zoom news story of the day is, it's completely unsurprising that they're eating WebEx's lunch. I just tried scheduling a meeting and it was outrageously bad.
The bright green "Start" and "Schedule Meeting" buttons just pop up an error. The correct button to progress is the dark grey (as if disabled) "Next" button.
It prompts me to create a "personal conference number", whatever that is. This errors and tells that I need set a PIN in my preferences. I search for the preferences for a while and eventually find that I _do_ have a host PIN set...
At this point I gave up.
Gripes on the participant side: Why does it ask me to provide my name in the browser when joining a meeting before launching the app which already knows my name? Why do I have to manually press the refresh button to discover scheduled meetings?
Cisco pulled a Boeing with the development of one of their crown jewels, and Zoom swooped in, even with shady practices, and snatched up significant market share.
I think Cisco bought webex largely because Cisco's big expensive conferencing hardware / software were under threat and they wanted in on what would replace it.
Cisco itself has time and again bought its way into things that aren't their core competency and they fumble around with them.
They bought Flip video for 590 million years ago, despite the fact that every person in Cisco's office had a smart phone in their pocket that would render it relatively useless...
I think video conferencing applications are often doomed to turn into behemoth messes for some reason that I can't figure out.
Ugh. And Google Meet us even worse. My kids' schools use it, for supposed privacy reasons. Audio is absolutely terrible. Echoey as hell. UI is a disaster. You have to install a third party Chrome extension just to get grid view, which keeps breaking.
My work uses Zoom, and it's night and day and smooth everything is.
As a big ol' disclaimer, I work at Google. However, it's no longer necessary to install a 3rd party extension for grid view, it was added natively a few months ago.
Also IMO there's been some drastic improvements to audio quality lately. My very noisy fan that triggers my mic in Discord is totally inaudible in Google Meet, even when I'm talking.
To anyone who likes to argue Zoom is a US company, I'm sorry but that argument holds no water for me after this [1]:
> The statement raises questions about Zoom bowing to Chinese pressure. Unlike many Western social media platforms, it is not blocked in China. The company did not explain under what law the meetings – which were hosted outside mainland China – were deemed to be illegal.
For meetings outside of China where the Chinese government should have no jurisdiction, Zoom choose to cooperate.
Some obvious follow-up questions:
1. Where will the keys be stored? On servers in China or elsewhere? Will it depend on where the account holders are? Or are the private keys truly local?
2. What safeguards are in place to prevent further "cooperation" with Beijing in relation to supposedly encrypted traffic?
3. Zoom is not blocked in China, which is pretty rare for a supposedly US-based company. What concessions did they make to get this exemption?
4. Under what circumstances will any of your data be stored in, routed through or otherwise be accessible in mainland China?
Given China's philosophy that Chinese companies are nothing more than extensions of the state, these are entirely reasonable questions to ask. Were I the decision maker for any large company or government organization, I personally would consider use of Zoom to be too much of a security risk. And I don't think that's the slightest bit alarmist.
556 comments
[ 5.7 ms ] story [ 294 ms ] threadhttps://github.com/zoom/zoom-e2e-whitepaper
https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-...
Zoom, however, denies that it’s misleading users. The company told The Intercept, “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” and that “content is not decrypted as it transfers across the Zoom cloud.”
Whether the paper is any different is sort of irrelevant if they're starting off from a place of bad faith. One time after another this company has 'accidents' like this, while removing CCP distinguished nonpersons from the platform. A sense of skepticism is certainly justified.
https://twitter.com/alexstamos/status/1268061792527241216
He did not say they can't monitor calls.
https://twitter.com/alexstamos/status/1268061795572314113
If they can enter the meeting, either they have to get confirmation from the host who would send the keys to the person entering the meeting or they already have the keys and can enter the meeting and decrypt the stream.
Edit: Sorry for coming across a little brash, I'm quite a strong advocate of real encryption and this kind dilution of terms makes my blood boil because terms are being diluted and people have trust in something that betrays them.
Whoever controls key distribution can control the encryption channel; without a way to verify public keys, all bets are always off. You're right that auditing the client is one (if not the only?) way to do this.
[1]: https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exc...
To the contrary, you can pick the region for your servers, which presumably for 99% of people is precisely to avoid China:
https://blog.zoom.us/wordpress/2020/04/13/coming-april-18-co...
I'm not convinced that a setting alone should provide much confidence in terms of traffic routing considering that it can always be changed independent of what setting in the application you make.
Yes, zoom said it was unintentional.
For me, that's hard to believe. They weren't routing the call itself through China, they were just sending the encryption keys to a server in china. That seems pretty intentional. Even if they weren't routing the call through China from a user's perspective, their US server could still be sending the call data to China or recording the call for playback (from China) later. Their track record around security is so bad that I would stay as far away as possible.
Unfortunately for folks who are good actors in other non free countries countries... I find any sort of development or real world controls that are in a seriously non free country... automatically suspicious.
Even good individual developers who have the best of intentions in those places could be subject to pressure and the likelihood we'd ever hear about it is near zero in many of those places.
Granted that 'could' happen in more free countries, but I'll hedge my bets there as there's a great deal more likelihood I would hear about it.
If the CCP wants the keys, they'll get them.
Edit: One issue is the client can run out of entropy but I think that would only happen on modern operating systems if you had hundreds of thousands of clients to negotiate with.
[0]https://en.m.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_e...
Perfect instrument to collect more personal data.
Also, fun note - just noticed Eric Yuan posted that and also created Zoom.
https://en.wikipedia.org/wiki/Eric_Yuan
Eric S. Yuan (Chinese: 袁征; pinyin: Yuán Zhēng; born 1970) is a Chinese-American billionaire businessman, and the CEO and founder of Zoom Video Communications, of which he owns 22%.
No wonder why they have to play party with CCP.
1. zoom's application is sending data to Chinese servers separate from the application functionality servers.
2. the CEO is from china, I'm going to assume he has relatives in china.
3. we know CCP is a completely fucked up government with an absolutely horrible history of civil rights violations, genocide, etc.
I wouldn't put it past CCP to be pressuring the CEO by threatening relatives who live in china. this wouldn't be unheard of for CCP.
add the the unnecessary data transfer to chinese servers makes it look really bad.
its a fairly reasonable conclusion to draw that the CEO is compromised if all the above holds true.
more extreme conclusions could just as easily be drawn from that same data that he is literally a foreign agent for china.
https://www.nytimes.com/2020/06/11/technology/zoom-china-tia...
Edit: Let me also state that I'm not entirely sure what OP's argument was, considering the comment was deleted. I'm merely stating that there seems to be some cooperation with the CCP and Zoom.
What we have here is going from "CEO was born and raised in China" to "No wonder why they have to play party with CCP" and "inevitable ties and implicit subservience to the CCP". I can't see the logical connection in the absence of other information. Don't you see a problem with assuming someone's motives purely from their country of origin?
Or we need Xi Jinping's permission?
People suspected German Ambassador to USA for being a bosch spy.
Founder of a communications company isn't that far off. Huawei is a great example.
Founders of a company control the companies direction.
He is a naturalized American of Chinese ancestry.
In history, this kind of scapegoating was counterproductive.
Though I think the CEO is less relevant than the critical amount of developers Zoom relies on that are directly living under and subject to CCP malfeasance.
Could you give a few such cases?
https://www.hrw.org/news/2018/01/31/china-families-interpol-...
That's definitely one area the Chinese system is vastly behind the international standard. But this has not been conscious to me.
When I was a child, we had horror stories of people sentenced to death penalty and were executed on superficial charges that sexual misconduct. And my parents have witnessed detained thief were beaten like wild animals by policeman, and the thief's scream was heart far in the then poor village.
These measures can even escalate during "Yanda", a nationally-coordinated clampdown on criminal activities. In [1], it was noted: "China's execution rate increases dramatically during Yanda campaigns."
Such brutal national campaigns are dying down, the most recent one [2] has much less cruelty. And historically such campaigns enjoyed universal domestic support.
As of today, the Chinese government has a high degree of popular endorsement to use whatever not-too-out-of-line measures to bring back the corrupted businessman or former government officials, who are prosecuted by the public attorneys. Thanks a grain of national pride, i.e., "those corrupted bastard not only embezzled our money, and they escape to the country that is unfriendly and can be benefited from those fortune".
[1] https://www.jstor.org/stable/23639486?seq=1 [2] https://www.economist.com/china/2019/02/28/china-is-waging-a...
I will say... it's curious to me that you seem to be well aware of such practices but still challenged the parent to provide examples (the implication being, that they were misinformed).
Why did you ask the parent to provide examples if you knew of some already? What's your motivation?
#2 I was not aware of the details of harassing on corruption suspects' relatives.
#3 I think it was reasonable to not able to link these 2 facts automatically together as self-evident.
https://www.businessinsider.com/china-uses-family-members-to...
Just to be clear, I'm not suggesting that China is unique in doing this. They are simply much more openly aggressive and nonchalant about it.
EDIT: I also think it was both reasonable and correct for you to ask for examples. Superpowers do enough sketchy things that we don't need to be muddying the waters with made up claims.
Do you not understand the racism behind assuming someone is a CCP agent based on nothing more than their race?
It doesn't paint a great picture, especially with espionage and CCP tactics. Look at previous German and USA interference w/ GE, Bosch, -- it's the same story.
Except now it's highlight as "bad" to point out that connection.
The issue is national origin, not ethnicity. Japanese Americans were thrown into camps for the same reason, but we're not talking about jailing anyone here. We're talking about avoiding a specific product.
Another difference is that Japanese Americans were put into camps regardless of how many generations removed from being Japanese they were. No one is arguing that CCP has control over Chinese Americans whose ancestors immigrated here in the 1800s. It's about people who literally grew up in China and/or still have close family there for CCP to threaten.
``` Of 127,000 Japanese Americans living in the continental United States at the time of the Pearl Harbor attack, 112,000 resided on the West Coast.[9] About 80,000 were Nisei (literal translation: "second generation"; American-born Japanese with U.S. citizenship) and Sansei ("third generation"; the children of Nisei). The rest were Issei ("first generation") immigrants born in Japan who were ineligible for U.S. citizenship under U.S. law.[10] ```
From https://en.wikipedia.org/wiki/Internment_of_Japanese_America...
What do you suggest?
Should there be a upper limit on the generations to be considered not originated from a nation state? According to what happened to WWII Japanese ethnic Americans, that number seems have to be > 3?
And remember that what happened in WWII Japanese internment camp is an evidence that "national origin" as an association was plainly wrong, from the same wiki page:
``` In 1980, under mounting pressure from the Japanese American Citizens League and redress organizations,[30] President Jimmy Carter opened an investigation to determine whether the decision to put Japanese Americans into concentration camps had been justified by the government. He appointed the Commission on Wartime Relocation and Internment of Civilians (CWRIC) to investigate the camps. The Commission's report, titled Personal Justice Denied, found little evidence of Japanese disloyalty at the time and concluded that the incarceration had been the product of racism ```
Emphasis on the last statement: `the incarceration had been the product of racism`.
EDIT: Also sounds like you're saying that it's ok to avoid doing business with someone based on national origin, which I also find problematic.
Sure, it can be problematic. I've seen articles about how Russian people in the software industry are having a very hard time because of what Putin's regime does. It's not fair for the people who have nothing to do with Putin and no exposure to him.
But what is the alternative? Putin and Kim have assassinated dissidents in Western countries. Do we assume people can't be coerced just because they left the borders of the authoritarian country?
Should the US government also remove its nationality restrictions for security clearances?
I mean overall you really don’t find it an issue to blankedly judge an entire class of people based on what some people within that population does or could do?
It absolutely is not a protected class. There are no protected classes when I am deciding whom I trust with my personal data. I can discriminate for any reason, including national origin.
> I mean overall you really don’t find it an issue to blankedly judge an entire class of people based on what some people within that population does or could do?
I would find that an issue if anyone (including me) were proposing it. We are not. You're attacking a straw man.
Here are the facts, regardless of Yuan's citizenship, race, etc:
1. Yuan grew up in China. He still has Zoom employees and family there.
2. China is controlled by a regime that has no qualms about using physical threats and violence to maintain control.
That's it. That's all I need to decide that I don't trust Zoom, if all of their extreme dishonesty and malware installations weren't enough. They haven't shown good judgment, and even if they did, it would be easy for CCP to put pressure on Yuan (or any other employee living in mainland China).
If Yuan had no family in China, no employees, and enough bravery to speak against CCP, I would not feel this way. I am not judging an "entire class" of people.
By the way, every firm that requires security clearance does judge entire classes of people as security risks. The question I asked, which you didn't answer, is whether you think that's also inappropriate.
You listed 2 things. First is where he's from, the second is the politics of the country. You are then basing your judgement (at least in this comment) purely on those factors. The implication here is you wouldn't trust your data to anyone that was born, grew up and has family and / or employees in China. I mean most of the large tech companies have some employees in China. How is this not judging an entire class (or group if you'd like) of people?
As far as security clearance, they are at least in theory assessed based on established facts about a particular person. e.g. being born in China doesn't automatically disqualify you as far as I'm aware. If you know otherwise or can point to examples, I'm open to being corrected.
I mean if it's been established that Eric has connections to the CPP then that's a different matter and we can look at that. My objection is with "Eric is a Chinese-American billionaire businessman so we shouldn't trust him".
Not to justify atrocities happening in China or getting into Whataboutism, but just to give an analogy, would it be fair to consider any US expat an accomplice in or a proponent of separating migrant children from their families at the border?
It explicitly argues that he's evil because he has a Chinese name and Wikipedia describes him as Chinese-American. There's no equivocating about the software being China-based, or him having close family in China for the CCP to threaten.
And discriminating against people for national origin is considered so bigoted it was explicitly included in the 1964 Civil Rights Act. Your reasoning is sound, but you should seriously reconsider your basic ethical principles.
Yet.
At the risk of a slippery slope fallacy, institutional xenophobia ain't controlled by an on/off switch. Dehumanization is a gradual process, and establishing an attitude that people associated with an enemy are aligned with that enemy is part of that process. At first those associations might seem reasonable, going for officials and other important figures, and then perhaps their family, and so might the actions against them, like added scrutiny and surveillance of their communications and travels. The problem is that both ends of that are prone to scope creep - the target set broadens ever so slowly (citizens, ex-citizens, descendants of (ex-)citizens, their descendants, and so on, almost always excused with "well we need to be sure that $CURRENT_TARGET is not part of $PREVIOUS_TARGET"), while the actions worsen ever so slowly (surveillance, profiling, travel restrictions, property confiscation, imprisonment, sterilization, execution) as the rhetoric heats up from "we just want to make sure these people aren't the enemy" to "these people are the enemy and shall be treated as such".
Personally, I'd prefer to nip that in the bud rather than watch 1800's-era sinophobia reenact itself at the expense of my Chinese-American friends and colleagues. I also have enough self-awareness to know that if I would be upset by people writing me off as "will probably help oppress minorities and political dissidents if his government tells him to do so" simply because I happen to be a citizen of a country with a track record for oppressing minorities and political dissidents, then I should refrain from doing so to a citizen (let alone ex-citizen) of a different country with those same tendencies, even if those tendencies are, in my opinion, much stronger.
https://news.ycombinator.com/newsguidelines.html
It'd be one thing if there are actually some nefarious ties between Eric and CCP, but all we are going by is he's originally from China and there could be influence by CCP on people from China. It's not bad to point out a connection, it's bad to point out a possible connection based on nothing more than where the guy is from.
It is best to focus on these sorts of links rather than someone merely being from China.
When will this meme die?
Zoom is NOT a Chinese company. It is incorporated in and headquartered in the US. Like any American company ever, it follows US laws in the US, and local laws in other companies where it operates. End of story.
Yes their culture certainly has stronger cultural internal ties to China, due to the number of Chinese employees, but what has that got to do with anything? At the end of the day, they're a public, profit-driven corporation trying to make lots of money across the entire world.
It's not like they're secretly and nefariously doing the CCP's bidding, which seems to be the veiled suggestion people keep making.
Seriously, every time someone brings up that Zoom is "really" a Chinese company, it comes across as borderline racism or conspiracy-mongering or both. And while I'd usually never comment on someone using a throwaway account, in this case when you're pushing these kinds of shady "stronger than the more-commonly-discussed" insituations, I think using a throwaway here is representative of exactly the kind of astroturfing that spreads malicious rumors without evidence.
[1] https://news.ycombinator.com/item?id=23510886
A lot.
It's entire contents is an argument that Zoom is evil because Eric Yuan is Chinese-American. It doesn't say a single one of the things you're saying.
https://news.sky.com/story/zoom-disables-accounts-of-chinese...
>The suspension targeted Humanitarian China, an organisation based in the US, after it held a call with roughly 250 people, including a number who dialled in from China.
http://news.bbc.co.uk/2/hi/technology/4645596.stm
The same would be if they blocked Gmail of US citizens because of discussions related to China.
There's a pretty big difference IMO.
What they aren't doing is actively blocking users from China getting to www.google.com, and they aren't censoring searches Chinese users do on www.google.com because those resources aren't hosted in China and aren't subject to Chinese law.
Zoom on the other hand IS blocking users from China accessing resources in the US and while they may have "undone" the ban, they banned US users from their platform for breaking a Chinese law that they aren't subject to. Namely talking about the Tienanmen Square massacre.
Unless you've got a magic bullet to give Wall Street a conscience, that wasn't going to happen.
By the way, in general my understanding is that the "beholden to their shareholders as a public company" (and thus forced to make the most remunerative decisions) belief is a myth, a public company is free to make ethical choices (if its major shareholders don't oppose them).
They said it was wrong to do, reinstated those accounts, and are building the functionality to enforce those Chinese laws without ever impacting users outside China.
That's from their blog. https://blog.zoom.us/wordpress/2020/06/11/improving-our-poli...
They are actually admitting that they're going to prevent people IN CHINA from connecting to a meeting that is presumably hosted IN THE US. That doesn't make it better, it makes it WORSE. You're basically telling the world that China will dictate how you operate WOLRDWIDE not just in China.
Based on a complaint from china regarding non-Chinese citizens with non-china accounts, zoom cancelled the non-china accounts.
Full stop. Let that sink in.
If you are wondering who zoom will accommodate you have your answer. This is a fact. This is what we are calling "racism"?
We can be upset at power structures and at their effects. Taking that further to make assumptions about groups of people is racist.
You'll get a Liu Xiaobo once in a while, but much more often you'll have people that, while easily wonderful as people per se, are disgracefully forced, or have been convinced to, do some things that they shouldn't do.
Nationalistic and ethnic flamewar will get you banned here. So will personal attacks and insinuated slurs.
People have been hounded off this site in the past by comments along these lines. That's shameful, and we want no more of it.
No, we're not defending communism or the communist party. We're trying to defend Hacker News against (a) mob behaviors and (b) self-immolation. Here are some recent comments about this, which include other links to plenty of past explanations.
https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
The objective behind verifying accounts is to prevent spammers creating lots of spam accounts and using those to spam.
However, spammers rarely care if their spam is encrypted, so putting E2E behind verification won't do anything as far as spammers are concerned - they'll happily keep spamming using the unencrypted accounts.
There's some other reason behind this that isn't about reducing spam.
The public is willing trade away privacy in exchange for protection from certain categories of risk. Instead of denying that, one can lean into it by ensuring strict definitions and enforcement options within those categories while preserving full privacy for those without. Arguing pedophile rings and terrorism are a cost of a privacy policy is a good way to sink that policy.
My personal political answer to "how to have end-to-end encryption and prevent its use for child rape" would be to tax the companies which profit from E2EE, and use that money to fund death squads, which livestream dragging child rapists out of their home, anywhere in the world, and beating them to death with truncheons.
I'm joking, of course (or am I?) but I do consider this the general shape of a viable solution. E2EE is essential for a modern life which isn't a hellish surveillance dystopia, and the detection and prosecution of child rape is criminally underfunded.
Yup. This.
In which ways do you think it is underfunded?
CPS should be able to spot children in abusive homes and respond to reports of unusual activity. They should be able to spot clearly unstable caretakers.
Counsellors and teachers should be able to spot unusual behaviour from children. Mental health services can help someone escape falling into such a situation in the first place by keeping them from falling into depression which leads them to rely on such a person.
Local police shouldn't dismiss leads so readily. This is the it is impossible for him or her to do such a thing mindset which prevails so frequently.
Parents shouldn't trust their relatives so readily and should keep an eye out. 90% of cases happen at home.
If they stopped showing off their crimes online, would the entire system come to a crawl? I'm worried by how much of a reliance there is on divining crimes off the internet.
Now, I'm not saying there is nothing that can be done to reduce it. I very much hope there can be, especially if counsellors can find warning signs and we can better figure out how to spot the danger signs, both online and off.
Facebook took a good step forward by putting warnings up to minors when someone outside of their social circles has contacted many others, although there are other things which could be done.
Should they be allowed to contact them through onion routing during such situations? Where do you draw the line of when such technologies can be used? Is it better not to open this can of worms and risk a slippery descent? What are the chances of false positives, will it unfairly impact relatives? Will it give a black mark to privacy technologies and civil liberties to be associated with automatic blocks? What if minors want to engage in activism, should this be limited? At what point does pushing and pushing start the lie about your age shenanigans again?
This is about Facebook here but it ties back to arguments about doing this or that for the greater good.
Is a more grounded approach better? Ensure minors are well-educated of the risks and dangers online? Invest in mental health services to avoid minors falling into depressive slumps where they might be susceptible to such criminals? In the rare event they drag anyone back home, whether they think they're of a similar age or not, they bring them before the parents first?
I know this argument is often quickly dismissed on HN since people see child abuse or 'going dark' as an easy excuse for the government to leverage to get more control (and it has been used for this), but that doesn't mean the problem isn't serious or doesn't exist.
See this: https://www.nytimes.com/interactive/2019/09/28/us/child-sex-...
The resources fighting this are relatively small in comparison the scale of the problem: https://www.freethink.com/videos/child-exploitation
The people carrying out the abuse are sophisticated.
I have a friend that works at WhatsApp and their entire team is focused on trying to remove groups that exist to share child abuse imagery (via metadata since content is encrypted).
I fall on the side that secure encryption is critical for all of the reasons that technical people normally argue that it's critical and breaking it doesn't work/is a bad idea, but I also understand and empathize with the difficulty encryption by default causes for the organizations fighting this abuse.
That said, I have serious disagreements with Zoom unrelated to this particular e2ee issue (https://zalberico.com/essay/2020/06/13/zoom-in-china.html), I think they don't actually care about protecting the speech of their users or securing content from authoritarian governments. It's still good to avoid them for that reason alone.
In this case wouldn't they build their own solutions (potentially based on existing open-source solutions like Asterisk + Linphone or Jitsi Meet) or they might've built them already?
Phone numbers are also very easy to obtain anonymously, so I am not sure SMS verification would help track down abusers when it'll lead to a prepaid SIM or some innocent user's phone that happened to be compromised by malware.
I agree that these reasons are why it's not a good idea to break or outlaw encryption since bad actors can still use it and good people that need it are blocked, but this doesn't mean that making it the default doesn't enable more abusers to get away with it that might be caught otherwise.
There's a spectrum of sophistication, if it's harder more of them will make more mistakes that make them easier to catch.
Also to clarify, specifically a reasonable trade-off for Zoom (I don't think there should be a general law that requires IDs for video software use or something).
Zoom is not a company I would use at all if you're looking for secure communications (https://zalberico.com/essay/2020/06/13/zoom-in-china.html).
If you care about secure communication you should be using something else.
It depends on which country really. In some places in Europe it became almost impossible to do that (sadly).
Of course, criminals are ordinary people too. They care about convenience and network effects as much as anyone. Which is why I think it’s insane that governments want to jeopardize the trust people have in proprietary, huge E2EE platforms that actually have the means to aid them in investigations. Yes, breaking the crypto may not be an option, but at least collecting useful metadata for use in investigating, and potentially ethical hacking, is an option.
I fear the day when the trust is gone because there is a very real possibility that some day many will be using decentralized E2EE chats, maybe even P2P. It’s not just conjecture of course, Matrix exists today and is already very impressive (in my opinion) in terms of usability.
The internet is opening up the concept of having nearly private communication with pretty much any individual in the world. It isn’t free of implications, but also, as more of our lives move online I feel its absolutely crucial that every day people can feel confident they’re not being monitored. The problem of CSA and other criminal behavior existed before the internet and it will certainly exist after. It’s absolutely past time to re-evaluate laws surrounding child protection, which seem to me to mostly be reactionary at this point (in that many of them are spawned as a result of a specific incident.)
This is not the problem. The argument is hollow.
People need to take child protection laws out of political discourse, as it's now approaching silly.
There are no valid arguments against encryption
> And yes, law enforcement eavesdrops for law enforcement purposes
Lawful eavesdropping is an oxymoron
Put plainly, there will always be crimes you won't be able to catch. You prioritise resources on the most pressing ones and build up resources in the real world to tackle them in other ways. Dystopian lists on the client to control what you're allowed to say or think or report your thoughts back to the government still violates the principle E2EE is built upon.
There is no middle-ground. You either are secure or you are not. The genie is out of the bottle either way.
Individual child abusers aren’t part of a monolithic organization with training on how to secure their comms and practice OpSec.
The number of criminals who still create evidence against themselves on unencrypted platforms (SMS, phone, etc) is significant, despite E2EE options already being available. People are even being arrested for rioting after admitting on public TikTok videos to participating.
I think the only way criminals will standardize on E2EE is if every platform and communication mechanism is E2EE by default. Otherwise they will continue to make mistakes or think they can slip under the radar.
FWIW, I believe this is the future if lawmakers don’t prevent it. A look at some E2EE software today:
- WhatsApp
- Matrix
- Signal
- iMessage
- Firefox Send
- MEGA
- ...
The list will grow.
In my opinion, E2EE today is like TLS 10 years ago. TLS was once a nice-to-have when it came to communication that was not strictly necessary to encrypt. Today, TLS is more sophisticated, stronger, and easier to implement than ever, and damn near a necessity for anything, even toys.
Granted... E2EE is necessarily harder, since it requires application-level implementation of crypto primitives, things definitely get complicated. Still, I believe the state of the art will continue to improve and tooling with it. Eventually there will probably be defacto libraries and maybe even OS frameworks to deal with E2EE key management, trust, etc.
To be clear, I view this as strictly a good thing and an inevitability. I don’t think transport encryption and encryption-at-rest are good enough anymore for private communication. Of course for public sites like Twitter or Tiktok it’s all you would logically get, but for any group or direct communication I now believe E2EE is slowly becoming the new baseline, and it’s mostly the complexity of it that hampers adoption.
Now that iMessage and WhatsApp are E2EE though, there is a lot of messages flowing that, exploits notwithstanding, are “truly” private, today, and I think the number will only go up. The only real question in my mind is, who’s next?
As far as criminals making slip-ups, this is guaranteed; even the best make mistakes obviously. But assuming all criminals are foolish and stupid is a mistake; I believe there’s a lot of selection bias in there, since we don’t get to find out those who truly never get caught. Time will tell if any of this really matters, or, if, as usual, it’s just another panic that has no tangible effects. I vote on the latter, but I still do believe proliferation of E2EE will change the game in ways we can’t really anticipate 100%.
When a company says they want your phone number in order to use their resources, so they can take steps to avoid having their resources used for (certain) crimes, that's well within the bounds of reasonable.
The problem most people have is when the government tkes away the use of _super important feature_ from the populace as a whole (even using their own resources), because it _can_ be used for crimes.
Those are two VERY different things.
Lower privacy "because security" is not a reasonable trade-off. It should not be. See also: https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
It's not a reasonable trade off in countries where you get you legs broken, skin flayed alive, and head cut off: https://www.telegraph.co.uk/news/2019/11/18/russian-mercenar...
A likelier explanation, is they want an easy way to wash their hands off when being pressed.
What you're arguing is a strawman, we agree more than we disagree.
I read, and I think your argument is hollow, and, assuming your goodwill, you are not understanding the matter at all, and if not, I see an ill intent.
I do not appreciate all what you say at all. Any argument against encryption must be quashed without exceptions, and second thoughts.
It is only since the start of 21st century, the experience akin to "legs broken, skin flayed alive, and head cut off" has been a grim reality for far more than a million people by now, mostly for, really, nothing. What are talking about this! And what you talk about?
Attack this argument, not something not even having a passing genuine relation to the matter.
It seems any argument that you don’t already agree with (basically only your exact position) is classified this way.
The rest of your comment is basically incoherent, and the parts that do make sense are obviously wrong. It’s also a willful misinterpretation of my position.
People were flayed before the 21st century. Acknowledging the issues with encryption is a critical requirement in making an effective defense of it. I am not arguing against encryption.
If this is an issue you actually care about (which it sounds like it is), learning how to build consensus and honestly consider the positions of others would be a valuable skill to develop.
As it stands you’re doing more harm to the pro-encryption position (which is also my position) with how you’re attempting to defend it.
Child pornography gets held up to the public a lot because it's a crime nobody can defend and walk away the same they were, no matter what you say. If you publicly contest this move for privacy reasons, you're automatically defending the worst child molester someone's mind can come up with.
The one, admittedly terrible incident, will shock people and they will push exaggerated means to "stop" it. Ones which just so happen to feed tons of information into the NSA machine.
People come up with stories of live-streamed child pornography too but do these children live in some parallel universe where crimes can be committed against them without recourse? What is the police doing? Did they not find suspicious behaviour in a neighbourhood? Did a counsellor not pick up on it?
Yeah sure, child pornography is awful but why is this part of the equation the only one that is ever mentioned? Why is it always about encryption or anonymity?
Yes.
I believe Zoomed has earned the privilege of folks being highly skeptical of their actions / motivations.
https://en.wikipedia.org/wiki/Off-the-Record_Messaging
with added bonus of no central server
There is no need to use my cell phone or any telephone number when you already have a means of communication via email or any other channel.
Writing from the UK, I'm reasonably sure that (a) all my phone calls are not recorded and (b) the phone number and duration of every call absolutely is recorded (this has to be shown on your phone bill!) and is available to the police when needed.
Speculating further, with the right court orders / warrants the normal E2E encryption algorithm for a particular user could be replaced with a "law enforcement decryptable" one and, hey presto, it's a Zoom equivalent of a proportionate wiretap that only covers future calls. Certainly a lot better than encrypting the calls of all users with such an algorithm "just in case".
It would be easier to just lie about the encryption being end-to-end.
Personally, I will never use Zoom for anything, a decision I came to when my OS vendor (Apple) pushed a security update for my OS to get rid of Zoom.
With 5 / 14 eyes and no specific privacy doctrine in the UK, I have no idea why you would have that assumption at all.
Maybe not recorded indefinitely, but it seems very possible to voice to text and store that forever.
AB/BC link encryption is the correct way to refer to such a scheme.
"Unlike PGP and S/MIME, STARTTLS provides hop-to-hop encryption (TLS for email), not end-to-end."
[0] https://www.eff.org/deeplinks/2018/06/technical-deep-dive-st...
[1]: https://news.ycombinator.com/item?id=23399924
Have they had a fundamental turnover in management, indicating a new pro-privacy culture? Did they move their development out from under the thumb of the CCP?
No and no?
So what’s changed?
If they weren’t trustworthy before, they certainly aren’t now.
They were mostly focused on workplace meetings. If that's your focus, then most of your users are employees of some company whose contact information you have. Users with unverified identities are a corner case that you may not feel is worth trying to get right.
Thanks to the pandemic, they have millions of new users who use Zoom for personal purposes (meeting with friends and family, etc.). What once was a corner case isn't anymore. It might even be their most common type of user.
I'm not arguing that Zoom can necessarily be trusted, but I can see a plausible reason how they could have gotten to where they are on this issue.
Their userbase changed in the two weeks since they announced their policy?
But yeah, while feeling that you can't trust them because they don't know what they're doing is not the same as feeling that you can't trust them because they're in cahoots with someone (governments, etc.) against your interests, in the end they're both forms of feeling that you can't trust them.
Stop looking at the empty words they say, and start looking at their very intentional and malignant actions over the last few months/years.
Why do you believe their real intention was revealed a week ago, and not today?
Trust, but verify, yes? Well, they're verifiably full of crapola.
So why would you trust?
It’s a bit of weaseling here. They say they’re offering E2E and that might be true, and it could also be true they are sticking with their original vision of cooperation with law enforcement because they “are aware criminals use the service”.
There is no required mutual exclusion.
Good for them, but it's still going to be an uphill battle imo.
Some things that looked like good steps:
> we will allow the SSO IDP (Identity Provider) to sign a binding of a Zoom public key to an SSO identity, and to plumb this identity through to the UI.
> Second, we allow users to track contacts’ keys across meetings. This way, the UI can surface warnings if a user joins a meeting with a new public key.
> we will implement a mechanism that forces Zoom servers (and SSO providers) to sign and immutably store any keys that Zoom claims belong to a specific user, forcing Zoom to provide a consistent reply to all clients about these claims. Each client will periodically audit the keys that are being advertised for their own account and surface new additions to the user.
> In Phase IV, we look to the future where Bob should sign new devices with existing devices, use an SSO IDP to reinforce device additions, or delegate to his local IT manager.
All of this of course relies on a zoom client actually doing everything described in the whitepaper, but it certainly looks like a good faith effort to implement real, functional e2ee
Otherwise, it is just being stuck between rock and a hard place with no place to move.
Sadly, it is not really new. Companies will typically attempt to extract maximum amount of milk with minimum amount of moo. If they keep making mistakes, we need to keep making noise.
Not fun, but someone has to do it.
If you want privacy you simply have to choose another product or service.
You aren't entitled to use their service without paying for it.
Zoom seems to be a poster child for the surveillance state.
Does anyone reasonably want their "encrypted" conversation to route through servers physically in China?
I'd hope that when I Zoom with my coworkers two miles south of me in Austin, we're using AWS/Azure/Google Cloud/whatever servers in Texas, or at least within a couple thousand miles.
I still use it, don't get me wrong. My threat model for the use case that I make of zoom does not need strong encryption, only being script kiddies proof.
in any case, if the trust isn't there, you can't validate the E2EE, so your risk profile with regards to using the software doesn't change much.
With closed source software, though, this doesn't give as much confidence, since a company could create a version which they send to everyone but which contains an "if (userId == NSA_TARGET)" conditional branch.
If you are under serious investigation I wouldn't trust anything "smart" manufactured in a country under that investigations jurisdiction.
As for the threat model of open source E2EE apps auto-updating to an insecure version, you're right that this needs some extra defences. One way would be to use a binary-transparency log[0] to make sure that the open source project had publicly committed to a specific binary at least 24 hours in advance of pushing the auto-update.
This system relies on there being auditors out there who would raise the alarm if a malicious update was released, or a hash was included in the log for which there was no corresponding (reproducibly buildable) source code.
[0] https://wiki.mozilla.org/Security/Binary_Transparency
The bright green "Start" and "Schedule Meeting" buttons just pop up an error. The correct button to progress is the dark grey (as if disabled) "Next" button.
It prompts me to create a "personal conference number", whatever that is. This errors and tells that I need set a PIN in my preferences. I search for the preferences for a while and eventually find that I _do_ have a host PIN set...
At this point I gave up.
Gripes on the participant side: Why does it ask me to provide my name in the browser when joining a meeting before launching the app which already knows my name? Why do I have to manually press the refresh button to discover scheduled meetings?
Cisco pulled a Boeing with the development of one of their crown jewels, and Zoom swooped in, even with shady practices, and snatched up significant market share.
Cisco itself has time and again bought its way into things that aren't their core competency and they fumble around with them.
They bought Flip video for 590 million years ago, despite the fact that every person in Cisco's office had a smart phone in their pocket that would render it relatively useless...
I think video conferencing applications are often doomed to turn into behemoth messes for some reason that I can't figure out.
My work uses Zoom, and it's night and day and smooth everything is.
Also IMO there's been some drastic improvements to audio quality lately. My very noisy fan that triggers my mic in Discord is totally inaudible in Google Meet, even when I'm talking.
At work we have been looking at two fantastic "indie" alternatives:
https://whereby.com
https://team.video
> The statement raises questions about Zoom bowing to Chinese pressure. Unlike many Western social media platforms, it is not blocked in China. The company did not explain under what law the meetings – which were hosted outside mainland China – were deemed to be illegal.
For meetings outside of China where the Chinese government should have no jurisdiction, Zoom choose to cooperate.
Some obvious follow-up questions:
1. Where will the keys be stored? On servers in China or elsewhere? Will it depend on where the account holders are? Or are the private keys truly local?
2. What safeguards are in place to prevent further "cooperation" with Beijing in relation to supposedly encrypted traffic?
3. Zoom is not blocked in China, which is pretty rare for a supposedly US-based company. What concessions did they make to get this exemption?
4. Under what circumstances will any of your data be stored in, routed through or otherwise be accessible in mainland China?
Given China's philosophy that Chinese companies are nothing more than extensions of the state, these are entirely reasonable questions to ask. Were I the decision maker for any large company or government organization, I personally would consider use of Zoom to be too much of a security risk. And I don't think that's the slightest bit alarmist.
[1]: https://www.theguardian.com/world/2020/jun/12/zoom-admits-cu...