1. 46
  1.  

  2. 12

    I like the effect Bruce Shneier has on communities. When he writes a post about a subject, it is like an adult suddenly entered that room, and everybody tries to avoid further spreading bullshit.

    1. 11

      Good article. I’m appalled to see many infosec folks claiming “Zoom isn’t that bad”; happy to note that Schneier doesn’t think so. Also happy to see Jitsi being talked about. It’s honestly fantastic.

      1. 3

        Good article :)

        I think the windows credentials issue isn’t particularly Zoom’s fault. Windows doesn’t have to use shit hashes and maybe doesn’t need to send credentials at all when users try to connect to remote shares. The attack also relies on you allowing access to remote shares on external networks, which I think is not the default.

        Everything else is fair enough.

        1. 1

          Many of the security and privacy decisions made by Zoom started in the need to simplify onboarding as much as possible, so really regular, non-technical folk could get on video chat quickly and easily. By the looks of it Zoom was never meant to be used in serious business environment, not to mention any governmental or national security settings. I think people really like to push the blame to the software instead of their poor choices. I think an automotive comparison is sensible. All cars can drive from A to B, but if you pick a sports coupe to take your 2+2 family on a roadtrip, you’ll end up with a lot of complaints from your passengers. Nobody will blame the sports coupe for not having enough boot space or backset legroom…

          1. 5

            By the looks of it Zoom was never meant to be used in serious business environment, not to mention any governmental or national security settings.

            Zoom is absolutely sold as appropriate for businesses. The similarity of the UI makes it an easy drop-in for Cisco WebEx, actually, and it generally works better (apart from the chronic security issues, of course).

            1. 1

              What I meant is it looks like the development design didn’t have business requirements in mind. What marketing is selling is a different matter. Zoom is indeed superior in UX over other solutions in many aspects, apart from group meetings on mobile where each screen only fits 4 participants…

              1. 1

                A lock nobody can open is only marginally better than a lock anybody can open, but useless if you need authorized people to pass through.

                WebEx is really hard to get working for regular people outside an office building.

              2. 3

                That’s a poor analogy, I think. Automobiles are very widespread, mature, standardized, regulated technology. So, nearly everyone can understand the issues involved in choosing a car for a family road trip, and trust that automakers must comply with certain basic safety standards. But not everyone understands the issues involved in choosing a video chat service. Even more significantly, Alice’s choice of family car has little effect on Bob’s choice. (I mean, leaving aside the ‘arms race’ aspect that pulls safety-conscious consumers into SUVs and other heavy vehicles, thereby making the roads more dangerous for everybody, but I digress…) Video chat on the other hand is dominated by network effects.

                People need good, clear, unbiased information to make good choices. Bruce is at least attempting to provide that.

                1. 1

                  Great point, I forgot about the network effect.

                2. 1

                  By the looks of it Zoom was never meant to be used in serious business environment,

                  And yet it has more advanced sharing and chatting functionality than most order options. It’s a shame but zoom is the best option currently out there.