back to article As Zoom bans spread over privacy concerns, vid-conf biz taps up Stamos as firefighter in totally-not-a-PR-stunt move

Video-conferencing company du jour Zoom is desperately trying to head off a mass exodus of users by announcing a new advisory board – and hiring former Facebook and Yahoo! CSO Alex Stamos as a troubleshooter. In a roller-coaster few weeks for the tech upstart, it has seen its user base explode, thanks in large part to its …

  1. DavCrav Silver badge

    Nothing says you are serious about privacy like hiring an ex-Facebook guy.

    1. mickaroo

      Facebook Security...

      Isn't that an oxymoron?

    2. Dan 55 Silver badge

      Don't forget the ex-Yahoo guy. Half a billion accounts raided.

      1. BebopWeBop

        A rogues gallery.

        1. EnviableOne Silver badge

          Just the one rogue ... Stamos Himself

      2. tin 2

        100%. More than 1/2 of the phishing I get *purportedly* comes direct from the Yahoo accounts of people I know.

  2. Chris G Silver badge

    Stamos's self congratulatory blog post is on a medium that steals as much data from your visit as possible.

    So I am sure with his background and posting there, he is at least knowledgable about privacy hoovering.

  3. IGotOut Silver badge

    wow...

    The barrel must be pretty empty if you are having to scrape a security person from Facebook AND yahoo.

    Apparently his first hires will be former TalkTalk and Equifax security teams

    1. Anonymous Coward
      Anonymous Coward

      Re: wow...

      Which he'll outsource via Crapita

  4. NATTtrash

    Users...

    Don't want to state the obvious, or defend Zoom (although their call quality is better than "others"). But...

    Zoom users are highly encouraged to set a password on their meetings, which is a default setting; to not share these credentials publicly, or miscreants will spot them; to use the waiting room feature to vet participants; and to control who can share what during conferences.

    ...which we all know users don't. I mean, >90% of the calls I do, the hosts don't even use "click to allow entry" (thus allowing gate crashing). Users start/ join with video/ audio always on. If you question hosts/ users about this, reply is that it is "such a hassle to enter passwords and switch video/ audio on all the time". Really? Moving your finger? I mean, it's not like you're asking them to do Iron Man. Good thing though that people by now got the message that downloading and installing randomly found software from the interwebz isn't what you want to do.

    Oh...

    1. big_D Silver badge

      Re: Users...

      And data scraping on iOS, zero-days on Windows and macOS, last year they were running a webserver on macOS machines, even if you removed the Zoom app. Their security awareness and attention to details makes a goldfish look like a rocket scientist with a long attention span!

  5. Wiretrip

    Never mind zoom. It's poorly written and closed source. Jitsi is far better. https://meet.jit.si it is open source and you can even host the server yourself.

    1. Anonymous Coward
      Anonymous Coward

      Yeah. If there were only decent, well designed clients for all operating systems it would stand a chance in my book, mainly because of its interoperability. But alas..

    2. Stork Silver badge

      How do you know?

      If it is closed source, how do you know it's poorly written? Unless you are insider of course.

      You can argue it is poorly specified or thought out.

      1. big_D Silver badge

        Re: How do you know?

        Zero-days on all platforms, "not noticing" that they were sending everything to Facebook and so many programming-101 gaffs sort of speak for themselves.

    3. chroot

      Alternatives

      Has jitsi decent quality?

      There is also the Norwegian alternative whereby.com, formerly appear.in. They are not very good at choosing a catchy name, but their security may be better. They haven't had their "zoom moment", so it hasn't been scrutinised yet.

      1. davenewman

        Re: Alternatives

        whereby is for much smaller meetings (unless you pay for a very expensive account). 6 or 8 rather than the standard 100 for Zoom.

      2. big_D Silver badge

        Re: Alternatives

        I'd rather they spend the money on security than the coloured crayons department looking for a catchy name, but that is just me.

      3. Anonymous Coward
        Anonymous Coward

        Re: Alternatives

        I've had good experiences with veeting.com, but you have to go through the pain of making sure your browser works with it (it's WebRTC based, and not all browsers are equal in their support). On a Mac I found that Firefox with ad blockers and other things tended to be problematic, but Chromium works just fine, and there's an actual app for iOS.

        Despite a name that resembles *cough* a hair removal product but stands for virtual meetings, it does offer a very useful meeting environment that actually restrains the usual time wasters - it's very Swiss that way.

      4. Stork Silver badge

        Re: Alternatives

        Of course it also depends what it is for.

        Schools here in Portugal will use zoom after Easter (our youngest tested yesterday) and for that to be realistic it has to be free and work everywhere, including smartphones. No idea what alternatives exist.

        We will set up an old iMac with Linux.

        1. Fruit and Nutcase Silver badge
          Alert

          Re: Alternatives

          Schools here in Portugal will use zoom after Easter

          hmm..

          "Teachers in Singapore stop using Zoom after 'lewd' incidents"

          https://www.bbc.co.uk/news/world-asia-52240251

          "But one mother told local media that, during her daughter's geography lesson, obscene images appeared on screen, before two men asked girls to "flash".

          Zoom told the BBC the company was "deeply upset" about the incidents."

  6. BebopWeBop

    What a tangled web they have woven. Fort Meade, Shanghai, Beijing and others all in the mix!

    And no, we wouldn't use it either - although the interface is good - I did get a request to do so, and we did it via a clean machine with anonymous one time credentials over a VPN. What I find so bizarre is that Cheltenham allowed the government to use it!

    1. Steve Gill

      Allowed by Cheltenham?

      It was probably suggested by one of the special advisors and never checked if the security was adequate.

      Similar to the widespread use of WhatsApp groups by politicians to bypass using their secured email system.

    2. Pete B

      Cabinet office decision, not GCHQ.

    3. Kane Silver badge
      Black Helicopters

      "What I find so bizarre is that Cheltenham allowed the government to use it!"

      I'm not sure that was the case - as reported here by our diligent vultures;

      https://www.theregister.co.uk/2020/04/01/zoom_spotlight/

      Paragraph in question:

      Crucially, the use of the Zoom software is likely to have infuriated the security services, while also raising questions about whether the UK government has its own secure video-conferencing facilities. We asked GCHQ, and it told us that it was a Number 10 issue. Downing Street declined to comment.

      1. Fruit and Nutcase Silver badge
        Big Brother

        We asked GCHQ, and it told us that it was a Number 10 issue. Downing Street declined to comment.

        Any criticism by GCHQ would have resulted in punitive action by the new guard at the heart of government, like on appointments, budgets etc. Take for example the way they are restricting press access to favoured organisations

  7. Anonymous Coward
    Anonymous Coward

    Free?

    If you are using a free service for serious stuff, you should really be asking yourself "why is this free?"

    If you are paying for a service that rips off your private information then you have made a really bad choice.

    1. Stork Silver badge

      Re: Free?

      Free 101: if it is free, you are the product.

      1. Anonymous Coward
        Anonymous Coward

        Re: Free?

        Also if its paid for, you probably still are the product. Almost every company these days will try to monitise their user base whether they have paid for a product or not.

  8. Anonymous Coward
    Anonymous Coward

    I was surprised by Signal's video

    I sort of accidentally enabled video a while back during a call, and ended up being rather impressed by it.

    That obviously won't work for a conference, but one to one was far better than I expected to the point that I will use it more often.

    1. Anonymous Coward
      Anonymous Coward

      Re: I was surprised by Signal's video

      Oh

  9. Anonymous Coward
    Anonymous Coward

    "privacy policies can be tweaked at any time in future"

    Or they can say one thing in their privacy policy, and just do something completely different. In the absence of a whistleblower, who's to know?

  10. Doctor Syntax Silver badge

    Security is notoriously difficult to retro-fit.

  11. Malcolm Weir

    For many, many years the typical PC (WIndows or Mac or Linux) didn't bother with passwords. Oh, sure, you could set them, but why would you bother to protect files that were also sitting in the unlocked filing cabinet next to the PC?

    Zoom is very, very good for many use cases. In my orbit, it seems like individuals generally use the free accounts, and "meeting organizers" (akin the admin folks who schedule conference rooms) have the paid-for versions. Operationally, it's no more or less secure than Webex was (back when it was usable, before Cisco decided to jam all sorts of junk down your throat): if you create a meeting without a password, people can join if they know the number, and if they know the number and the password they can join even if you create it with one.

    Obviously, it's flaws have been thrust into the spotlight because of the sudden demand (and kudos to Zoom for scaling to meet it). But I'd guess that most of the alternatives have operational or architectural flaws that could be (theoretically) exploited...

    Overall, who really cares if a 5th form remote learning session might have some information gathered that theoretically be shared to the Chinese?

    1. gwp3

      Malware?

      I care very much if enables malware to infect my machine.

    2. Bandikoto

      <blockquote>Overall, who really cares if a 5th form remote learning session might have some information gathered that theoretically be shared to the Chinese?</blockquote>

      Sure, information gathered may seem worthless now, but you have various indicators of wealth and status as well as raw data for building psychological profiles of the persons in the "classroom" that may well prove invaluable at a later date.

  12. Fruit and Nutcase Silver badge
    Joke

    Snoop!

    Perhaps Zoom should rebrand itself so that the name reflects function

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021