Zoom and Chinese-style privacy

Zoom and Chinese-style privacy

Cassandra Crossing / A statement from the CEO of the Chinese company excludes end-to-end encryption for free accounts.

Those who follow Cassandra in its multiple identities know that, having delved into the details and tests of various video conferencing platforms, considers Zoom qualitatively the most performing, both in terms of quality and flexibility of use, especially the entry level paid version.

Comparing them, freer, self-managing software like Jitsi, which is probably the best in its category, are much lower in both sectors.

For this reason, in a virtualized and completely public conference like the last e-privacy XXVII, Cassandra did not hesitate to use it.

ZOOM Security Issues

Yes, you can also use proprietary software when there is no free alternative. Yes, when the communication is completely public it is not necessary to deal with privacy, since neither data nor metadata are relevant for the purposes of privacy.

So holding a public conference using Zoom and live streaming on Youtube, in Cassandra’s opinion, even for a paranoid pessimist is certainly not optimal but is largely acceptable.

On the other hand, many of the technical objections regarding Zoom’s privacy issues (such as Zoombombing) were very little relevant in reality, since they were problems due to a lack of knowledge and misuse of the options available in the program and their defaults, or to promptly corrected bugs of a young and explosive growing software and infrastructure.

Among other things, sources, authors, intensity and timing of the articles that have been relentless against Zoom appeared, should be perfectly, rather suspicious; it was to be thought that they were inspired by competitors who were investing a lot in the video conference industry, and that, among other things, have a past that is evidently rather turbulent with regard to the defense of the privacy of their users.

But the announcements of the last few days from the chief executive officer of Zoom Eric Yuan, and the successive clarifications appear instead to show a clear drift of Zoom towards a management "Chinese" of the privacy of the users.

But let’s make it clear, even before going into the details of the matter, that the current management of privacy by other commercial superpowers of various democracy is not, well, at all better (thanks Edward).

Yuan, in essence, communicated the choice (corporate and therefore legitimate) to reserve the announced and newly introduced end-to-end encryption to paying customers only, excluding it instead for those free, which will benefit instead of channel encryption only.

In justifying this choice (which is, moreover, highly questionable), he also scored a great own goal, stating that "for free users certainly did not want to grant end-to-end encryption as they wanted to work with the FBI and local police in case someone used Zoom for evil purposes".

Since the time of the now historic demand for the introduction of the Clipper Chip, any attempt to weaken the encryption of software with the justification of protecting the security of honest citizens and democracy, was technically questioned until it was discarded.

From the beginning, the cryptographic community around the world has criticized and denounced these initiatives, up to the point of mocking those who periodically propose something similar (export of only "weak" software, key escrow, state backdoors and more).

ZOOM Privacy issues

This bell is what you hear echoing in the statement of Yuan who, considering the country of origin and the social techno-control there imposed and fully realized, should be a little more attentive to his public statements, avoiding at least to use justifications so old-fashioned and abused.

Better did not later, as Bruce Schneier reports, pointing out that: "Zoom does not provide information to authorities except in cases such as child abuse", ... "does not proactively monitor its users", ... "there are no backdoors that allow third parties to enter a videoconference without being seen". All of which, with very old prose, are very little reassuring.

Much more serious is to say that "Aes256 encryption is also available for non-paying customers" because it is a glaring attempt to hide the reality, deliberately confusing channel encryption, also available to free customers, with end-to-end, which ensures much greater confidentiality and is only available to paying customers. It is a very "Chinese" approach (but alas also "American", "English", "French" and "Russian") which is well to highlight and mock on this occasion.

So, as stated at the beginning, if you have to do good quality video conferencing for a conference, Zoom is definitely a good choice; but if you want to do it with a reasonable level of privacy or if it’s communication even slightly confidential, discard it, but discard all other commercial video conferencing software.

Instead, use free software like Jitsi and his kind, serenely burdened with the configuration, infrastructure costs and in general all that hassle that is essential to protect civil rights.

If you liked this article and want to stay informed with Today US  we suggest you to subscribe to the free Newsletter. You can also recommend the article using one of the buttons below, add a comment (even anonymous) or report a typo.