<div dir="ltr"><div dir="ltr">On Thu, 2 Apr 2020 at 19:00, Scott Allen via talk <<a href="mailto:talk@gtalug.org">talk@gtalug.org</a>> wrote:<br></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 2 Apr 2020 at 18:39, D. Hugh Redelmeier via talk<br>
<<a href="mailto:talk@gtalug.org" target="_blank">talk@gtalug.org</a>> wrote:<br>
> And this, reported today:<br>
> <<a href="https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html" rel="noreferrer" target="_blank">https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html</a>><br>
<br>
And this:<br>
<<a href="https://www.reuters.com/article/us-spacex-zoom-video-commn/elon-musks-spacex-bans-zoom-over-privacy-concerns-memo-idUSKBN21J71H" rel="noreferrer" target="_blank">https://www.reuters.com/article/us-spacex-zoom-video-commn/elon-musks-spacex-bans-zoom-over-privacy-concerns-memo-idUSKBN21J71H</a>><br></blockquote><div><br></div><div>Bruce Schneier has collected together a bunch of the relevant Zoom issues.</div><div><a href="https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html">https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html</a> <br></div></div><div><br></div><div>It all suggests to me that we shouldn't consider it as more than a temporary stopgap measure.<br><br></div><div>Our security concerns aren't necessarily the same as others' concerns:</div><div>- Our meetings are comparatively public matters; we don't especially mind if more people listen in</div><div>- The special concern I'd have is if joining a Zoom meeting exposed members' personal information; we should certainly be wary of that</div><div>- One of the protections is somewhat troublesome to apply to us; we will be a bit more vulnerable than average to "Zoom bombing" because we have a need to publish the addressing information somewhat publicly<br></div><div><br></div><div>And I'd think that individuals should consider things like the following...</div><div>- Run the web interface atop a separate web browser from your 'usual' activity so that it doesn't have as much to collect data from (I keep a Chromium around for that sort of thing).</div><div>- Various considerations are mentioned here: <<a href="https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/">https://www.bleepingcomputer.com/news/software/how-to-secure-your-zoom-meetings-from-zoom-bombing-attacks/</a>></div><div><br></div><div>It's actually a mighty useful thing to arrive at a set of protective measures on this, as there are a lot of organizations using Zoom, and hence some value if we have a sufficiently terse set of measures that might be useful to others.<br></div>-- <br><div dir="ltr" class="gmail_signature">When confronted by a difficult problem, solve it by reducing it to the<br>question, "How would the Lone Ranger handle this?"<br></div></div>