What's new with Zoom? Really nothing but the fact that the FTC are showing Zoom for what they are: lying, unfair, and deceptive.
Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.
"[S]ince at least 2016, Zoom misled users by touting that it offered 'end-to-end, 256-bit encryption' to secure users' communications, when in fact it provided a lower level of security," the FTC said today in the announcement of its complaint against Zoom and the tentative settlement. Despite promising end-to-end encryption, the FTC said that "Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised."
The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.
"In fact, Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC complaint said.
<footer>@arstechnica <cite><a href="https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/">https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/</a></cite></footer>
Let's not forget the malware web server they created to circumvent operating-system security features for macOS:
The FTC complaint and settlement also cover Zoom's controversial deployment of the ZoomOpener Web server that bypassed Apple security protocols on Mac computers. Zoom "secretly installed" the software as part of an update to Zoom for Mac in July 2018, the FTC said.
"The ZoomOpener Web server allowed Zoom to automatically launch and join a user to a meeting by bypassing an Apple Safari browser safeguard that protected users from a common type of malware," the FTC said. "Without the ZoomOpener Web server, the Safari browser would have provided users with a warning box, prior to launching the Zoom app, that asked users if they wanted to launch the app."
@arstechnica https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/
So, what conclusions does FTC reach?
Zoom will have to notify the FTC of any data breaches and will be prohibited "from making misrepresentations about its privacy and security practices, including about how it collects, uses, maintains, or discloses personal information; its security features; and the extent to which users can control the privacy or security of their personal information," the FTC announcement said.
Zoom will have to review all software updates for security flaws and make sure that updates don't hamper third-party security features. The company will also have to get third-party assessments of its security program once the settlement is finalized and once every two years after that. That requirement lasts for 20 years.
<footer>@arstechnica <cite><a href="https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/">https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/</a></cite></footer>
'The security of our users is a top priority for Zoom. We take seriously the trust our users place in us every day, particularly as they rely on us to keep them connected through this unprecedented global crisis, and we continuously improve our security and privacy programs.'
@arstechnica https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/
Considering how Zoom has integrated hiding their practices from, well, everybody who breathes, I think the FTC will have to rely on third parties to know what Zoom are up to.
What do Zoom say about this?
Zoom disabled the accounts of a group of Chinese dissidents in the US after they used its video conference service to commemorate the Tiananmen Square massacre. @svbizjournal https://www.ft.com/content/f24bc9c6-ed95-4b31-a011-9e3fcd9cf006
Well, there you go. Don't forget that they also censor Palestinians at the behest of the government of Israel and Israeli interest groups.
They serve capital. An FTC fine doesn't really mean much, just as it is for Google and other super-wealthy monopsonies.
Keep using Jitsi Meet and Element.
Posted from my blog with SteemPress : https://niklasblog.com/?p=25523