Don’t use zoom.
End post.
Well, it could be right, it could be that easy just to stop there and tell you to not use that platform but you won’t because you are. .. .
- defiant and are not told what to do
- the company uses it so I have to use it
- everyone else is using it so let’s use herd immunity thinking
- popularity some how means security in your mind
- zoom is an OG so has thought about these things
- end to end encryption is something only the pros use anyway
No worries, you do you man, no problem, I get it. You like zoom, it’s easy, it has the features you love like phone numbers people can call in on because you know doing video chat with phone callers is so in right now in 2020 like a retro flash back from the 80’s with mobile phones that could kill you if dropped from a second floor flat.
Ok, but ok recording, because no other application that does video chat has video recording baked in right? (check out jitsy, whereby etc) — listen, I get it you are attached to the brand and the legacy. ..
Like the reason you’ll go and get all your food from one drive through but you’ll go just to park in the line to get a fucking milkshake because ‘they are better from xxxxxx’ — sure buddy, do you, let’s run that v8 for another 20 minutes because the milk and the shake are better from across the road.
But let’s look at the real reasons why I would not recommend using ANY popular product that ends up with a large number of news articles about it in a fortnight and why the red flags of sites listing calls and leaking ‘recordings’ should be enough to realise that it’s gonna take a complete re-write of the platform before you can trust it again (also, end to end m’kay?)
Let’s get in to it.
disrupting what’s popular
The internet loves to fuck over something that is currently popular as a form of rebellion against popular things. It’s the same for celebrity and anything extrovert that tries to foster attention.
It takes attention away from the metasploit micro penis script kiddy that wants to have power for a few minutes to make them feel they are in control of their world for five minutes instead of dealing with deeper rooted emotional issues that formed because of potentially bad parenting or closing down the local community centre.
you can’t reason, you can’t barter. You just have to take it.
Whilst the internet is amazing how connected it can be there is also a large subset of internet users that no1 goal is to shine a light on something to the point that the actual original point of frustration vanishes and ends up just becoming because they can.
do your research for previous issues
Zoom has a veritable back catalog of issues. It’s a big corp that’s been around for a long time, that gives them creditability of ‘surviving’ the internet and they have made a name for themselves for being around for so long as an internet OG service (think at least a decade for most web services)
The issue is that zoom have stopped innovating a long time ago, they have not moved with the times but are happy to let companies suckle at the slow moving corp teet of their software and will only update as and when things are highlighted due to usage and if their share price goes up — it did recently so suddenly they find some cash to get the developer to fix issues they did not give a flying fuck about for years.
https://www.bbc.co.uk/news/technology-52033217 — Coronavirus: Zoom is in everyone’s living room - how safe is it? (Going for the double threat here labelling it coronavirus and zoom for full SEO ability)
Mainly because they were losing to more up to date offerings when it comes to webrtc in the browser which require no software to be downloaded and installed — I don’t know if zoom have this ability but having to ‘install’ anything is always an attack surface vector.
Don’t get me wrong webrtc is bullshit too but hey, innovation requires progress and progress is what hackers and script kiddies love to debate on reddit until 4am about until they wake and bake and do it all over again.
the story of the apple quicktime attack vector
Once you are hit, they will be back again, because they got in once, they will try different exploits and overflows in different areas of the software. The thinking is well if that was poorly coded from this perspective other areas of the surface maybe just as bad.
For years apple secured and fixed, secured and fixed QuickTime but it was always an attack vector for people to escalate permissions on a system. I’m not saying Zoom is totally the same here but yeah, same ballpark, different pitcher.
Once hammered, most of the time unless you completely recode the way something works, which can take a lot of work, often times it’s just patches and sticking plasters which ends up in a zero day warez kinda headspace between developer and byte lord that wants to spam your protections to make them fall over.
https://www.bbc.co.uk/news/technology-52133349 — Zoom boss apologises for security issues and promises fixes — bbc
attention economies foster disruption economy
Wherever there is attention on the web there is always someone wanting to either hijack it, cut it off or use it for promoting their own things — be it their own products, their own views and opinions or just an ego play. You have to remember that the introverted bedroom hacker does not get much attention economy time so anything they can do to make it look like they are getting attention they are gonna do it.
Remember, a boiling pan of oil on fire on a stove can only keep bubbling on fire because it’s got air, suffocate that air, the fire goes out. There are a variety of ways in life to remove the air out of a situation.
the internet feeds on negativity for breakfast
It’s the no1 staple diet for a hungry fibre optic line.
hacked once, will be hacked again
They did it before, they will do it again, you fix it, they find another way, at this point it’s not even about the issue it’s about the fact that they actually just don’t like your software and the fact that a lot of people have decided to use that — take something like houseparty that tried to ride on the coat tails of the sudden video conferencing usage because of isolation in covid-19 times. … you literally have brands and users against each other for the king of the software and attention economy.. . it’s kinda pathetic! :)
Houseparty: How safe is Epic Games’ video chat app? — https://www.bbc.co.uk/news/technology-52112172
security researchers love attention and kudos
Wherever there is an issue you’ll find a twitter thread as long as your arm of a security researcher saying how something is malware and how it should not be used. Nothing get’s you more security work than documenting a popular talking point of an application that everyone is using — another red flag for you to reconsider your options about using zoom!
To be fair to zoom they did patch the installer issue recently but that’s only because everyone is using their software all of a sudden and because the share price is going up and investors you can be sure got on a call to make sure they could control that media narrative! :)
cycle conferencing choices, segment your network, dedicated machines & end to end encryption
Look bottom line here, don’t use something that’s popular, cycle around the choices you use, don’t share public urls to the software you are using, wrap it inside of obs as a theme, switch the platforms around, remember that if a url to a room can be see if they can’t get in the will potentially do everything to slow down that service.
Use separate machines for your video chats if you can, heck even on a separate network from your main machine, if you can use ARM chipsets instead of intel, use an iPad Pro for instance connected to a dedicated connection, even with a failover 4g/5g connection if you have it.
Always use a service that has end-to-end encryption between you and the user you are talking to via text, audio and video — current favs are things like wire, riot.im and jitsy.
on today, shodan.io tomorrow.
The world of today is full of internet of things devices, just sitting there in your house minding their own business. Reporting to amazon from the fridge, opening your car port doors, heating the drive way, detecting the air quality.
All of these things are often rushed, priced cheaply to get mass adoption and are a fucking threat vector to the rest of your house network.
Now think about 100,000 of these little white poorly made boxes (Chinese made often) around the world just waiting for someone to find a vulnerability in their firmware or public facing interfaces.
My point is, keep iterating, find new stuff, shut down services, keep abreast of news about a product you want to use, follow the bread crumbs, see how moves from which company and why, always invest time in security devs that sell a big product and then go and develop their own, chances are the thing they make is 10x better than the one they just sold for millions.. .
Anyway, rant over, was it a rant?
Zoom is bad, m’kay?
Give it a year, maybe it will get good again.. .
Cheers!
__humble x
pinterest epic wins pinboard → brand advocate for nokia, 1000heads, verisign → won vloggie for node666 (san fran 2006) → television for time team history hunters 1999 → sold me.dm to evan williams in april 2011 → went to phil campbell, alabama to help raise money after tornado (was on sky news, bbc news)→ CNN for sxsw 2013 about austin sxsw → video chat with robert scoble → music video can you spot me?
▶️ DTube
▶️ IPFS