FTC Announces a Settlement With Zoom Over Security Issues (protocol.com) 9
Zoom will implement new security practices as part of a proposed settlement with the Federal Trade Commission, the agency announced on Monday. From a report: "Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic," the FTC said in a press release.
Good news, of course, but... (Score:3, Insightful)
They should have been doing all of this on day 0 and after. Laziness has done more damage to security than just about anything else.
Re: (Score:3)
If you have a broken lock on your door in your house. You find this say after 10:00 at night, Chances are you will just close the door, and get a lock the next day. While you spend a night not being secure.
You are not going to spend a night trying to find and replace a broken lock, because with all things said and done, your home will be unprotected for the same amount of time, at least you will be home to guard your home, and only take a small amount of time, to get the lock and replace it when stores
Re: (Score:1)
By "Day 0" I meant "from the moment the project started."
If you donâ(TM)t work security in from the beginning, adding it in later is bunchteen times harder and bunchteen less effective.
Re: (Score:2)
Actually, I think it should contain no security at all. That should be the job of a lower layer. E.g. some kind of encrypted IPv6 multi-cast ... like ad-hoc group VPN ... And authentication should also be handled by the lowest level possible. As in: The OS should not even allow packets to be transferred without first making sure how you want it (secure or not, trusting who and who not, authenticated or not).
I'd probably go the route of having a Internet-wide web-of-trust-like RBAC that way, and the P9 proto
So, end to end encryption? (Score:5, Interesting)
Does that mean everyone is getting end to end encryption? Or do they just have to stop lying about it?
Re: (Score:2)
They'll lie BETTER.
Just implicitly redefine words, spin them, lie by omission (officially accepted as "not lying"). Never ever back down and become a decent human being!
Don't use Zoom. (Score:4, Informative)
Use Jitsi Meet.
There, all your problems solved.
And all you had to do is switch on your own brain and follow the herd towards the Flappy Bird of online conferencing. "Thinking? Eww! Freak!"
Re: (Score:2)
Tell the companies that use Zoom. :/