On 06/04/2020 19:56, Brett Viren wrote: > Yasha Karant <[log in to unmask]> writes: > >> Zoom > Ignoring the recent news items and that the Zoom client for Ubuntu > hasn't been updated in forever and that the whole thing is > proprietary... And just to give a few of those pointers which gives a bit of overview: <https://urldefense.proofpoint.com/v2/url?u=https-3A__theintercept.com_2020_04_03_zooms-2Dencryption-2Dis-2Dnot-2Dsuited-2Dfor-2Dsecrets-2Dand-2Dhas-2Dsurprising-2Dlinks-2Dto-2Dchina-2Dresearchers-2Ddiscover_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=QTGgQqp_YQi80bxJpxOdwlvCtljfS_3Tuf4nQV5jeZA&e= > <https://urldefense.proofpoint.com/v2/url?u=https-3A__citizenlab.ca_2020_04_move-2Dfast-2Droll-2Dyour-2Down-2Dcrypto-2Da-2Dquick-2Dlook-2Dat-2Dthe-2Dconfidentiality-2Dof-2Dzoom-2Dmeetings_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=wkcm7VRzyscuILvgH-0Vv7dEMH1_itkW9s3TOkuZ8zU&e= > <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.washingtonpost.com_technology_2020_04_03_thousands-2Dzoom-2Dvideo-2Dcalls-2Dleft-2Dexposed-2Dopen-2Dweb_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=6CBG5nNvIPDGKkeo0sPxtDSI07J1pdZJqFM5K1crbAE&e= > I simply cannot recommend Zoom at any point. And this is pretty much a nasty example of how bad proprietary solutions can be and tackle challenges. They also sent out a mail to their users recently where they just password enabled all rooms and enabled "waiting room" for all rooms by default, with no roadmap of what they want to fix next or that they admit severe issues related to the non-existing end-to-end encryption (it is client-to-server encryption, marketed as end-to-end) or that their crypto implementation is just plain wrong (AES using ECB mode [1]). I struggle to see how this company can survive in the longer run unless they do some drastic changes. [1] <https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_Block-5Fcipher-5Fmode-5Fof-5Foperation-23ECB&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=vvNtt4Dql9SfAKVj3t6hpjNQDw7Q1NYwJMi0GZRZz1U&e= > So if you need a video solution capable of keeping secrets ... don't even consider Zoom. As Brett Viren already mentioned, Jitsi Meet [2] is a reasonable alternative, just as easy to use, open source. We've used it in my day-work for some time now, and we have had little issues with it. There has been a few times where it was a bit ugly, but those are more seldom incidents. The Jitsi project is also sponsored by 8x8 [3], which also has a Jitsi Meet instance [4] running with more phone dial-in numbers compared to meet.jit.si. Or if you want to host Jitsi on your own, there are plenty of ways to do that - all from installing it yourself [5] or use Docker containers [6]. [2] <https://urldefense.proofpoint.com/v2/url?u=https-3A__meet.jit.si_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=wOsHFawNzWtVw79_3lPEenE-lva4thInXO1V-bX0z6A&e= > [3] <https://urldefense.proofpoint.com/v2/url?u=https-3A__www.8x8.com_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=kql-mheLgQozWqv035Emi8puS4X8Zhzb-z_wH4sG_iY&e= > [4] <https://urldefense.proofpoint.com/v2/url?u=https-3A__8x8.vc_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=TRim6VYknt352GOYWjxaTcBgXNPX-yl4tgIrKA5pePM&e= > [5] <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jitsi_jitsi-2Dmeet_blob_master_doc_quick-2Dinstall.md&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=uj8ACbT8pZlUt5I4z6YCGGARZMI4lGHh1i1xO0NUWoM&e= > <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jitsi_jitsi-2Dmeet_blob_master_doc_manual-2Dinstall.md&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=nNV20VZF_7kP84JdM4A1l7fg2RlK5F0Tti_OV8tmGH4&e= > [6] <https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_jitsi_docker-2Djitsi-2Dmeet&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=thdvUJgju_ZAiKpQBZSaAsTWbmpElUjFL0-zUX1qsuI&s=AkG9eeeXWcZXfLjuvfgoIuEz5EDaSpD1T-V5FnWo8JM&e= > -- kind regards, David Sommerseth