
Zoom banned from New York City schools due to privacy and security flaws - kerng
https://www.fastcompany.com/90486586/zoom-banned-from-new-york-city-schools-due-to-privacy-and-security-flaws
======
crazygringo
Honestly this feels bizarrely knee-jerk and media-driven to me.

First of all, Zoom has been used in education for a long time. The quote about
switching to Teams because it's FERPA-compliant is disingenuous -- Zoom says
they are too. [1]

Second, Zoom has been receiving _tons_ of scrutiny recently while e.g.
Microsoft Teams hasn't received any. (Nor has Google Meet.)

I'm really not sure how I feel about this. It's been hard enough already on
teachers to adopt remote learning, now they're expected to switch platforms
after a couple of weeks, presumably mostly because of sensationalistic media
reports of "Zoombombing" which a teacher can trivially prevent?

[1]
[https://zoom.us/docs/doc/FERPA%20Guide.pdf](https://zoom.us/docs/doc/FERPA%20Guide.pdf)

~~~
RHSeeger
> Zoom says they are too.

But, to be fair, Zoom has already been shown to be lying about e2e encryption.
Fool me once...

~~~
PunksATawnyFill
To be fair, they were already caught installing malware.

How many free passes are we going to give these jagoffs?

------
mrosett
I'm sensitive to complaints about Zoom's privacy/security shortcomings. I
wouldn't have an important conversation on the platform.

But Zoom clearly offers the best videoconferencing product along many
dimensions: ease of use, quality of video, etc. Students are already receiving
subpar instruction due to the unceremonious transition to remote learning by
schools that clearly aren't prepared. So unless the privacy/security issues
are actually impacting learning on a large scale, perhaps it makes more sense
to stick with the product people are already using.

------
hiisukun
I find it incredibly uncommon to see real repercussions (even temporary ones)
resulting from cyber security failings of companies.

In this case, some large part of the issue was in deceptive (at best)
promotional material. Does that mean people understand messaging, even if they
don't understand encryption?

I'm sure many readers here have seen incredible breaches of trust and
security, such as Equifax, go almost entirely without punishment. This is an
interesting case in the opposite direction. It is worth noting for balance
that Zoom does appear to have favoured usability, and successfully so.

~~~
Spooky23
I couldn’t imagine trying to get elementary kids using Teams... it’s way too
convoluted.

------
koolba
Is there any browser based P2P web conferencing software? WebRTC seems like a
perfect fit for this. Especially as in the suburbs students will almost
certainly be on the same single broadband provider so the traffic will be
local.

~~~
tehlike
Hangouts etc are using webrtc, but p2p doesn't scale beyond a few
participants.

~~~
koolba
Not even to a standard 20-30 person class size? Surely there’s enough
bidirectional bandwidth for a continuous audio feed and a token based video
feed.

~~~
detaro
In my experience, WebRTC peer-to-peer solutions often struggle keeping a room
of 15 in a state that everyone can hear everyone else. Many upstream
connections are tiny, and the p2p session management tricks to get through NAT
slightly wonky.

And NYC is going to have many students with only a mobile phone plan or
similarly bad internet (and a bunch with no internet at all, but that's
another discussion). Efficient is important.

~~~
fock
did you ever try it with such a real low bandwidth connection? I somehow doubt
that it's really that nice to transmit WQHD desktops as is... Also I don't
really get the thing about a 30 person, all hands video-conference. The only
thing coming out of that (on the average 1080p screen) is gratifying the host:
"all these people show up, because of meeee" (and yeah, school kids could do
whatever they want in an audio conference. but kids can do that also with zoom
(unless you are spying on them with the integrated spyware...) and they also
can sit through one session and then replay their face all the time...

~~~
detaro
How does "P2P can't even maintain audio for large-ish groups in my experience"
translate to "transmitting WQHD desktops"?

One of the large strengths of tools like Zoom over the typical WebRTC-P2P
thing is that they can avoid exactly that, and e.g. maintain a _stable_ audio
only (or extremely low-quality video) conference for people on slow
connections.

~~~
fock
I suppose you can stop transmission of all video in jitsi as well (or at least
it should be possible, given that it supports landline dial-in as well)? low
quality video of heads is not that interesting for me personally (and for all
purposes except keeping a literal headcount).

~~~
detaro
Jitsi is not an example of a peer-to-peer system for group calls. The default
UI doesn't expose that many configuration options for this sadly from what
I've heard.

------
thosmos
What are some good alternatives to Zoom that are actually true end-to-end
encrypted? I know of one: [https://www.crypho.com/](https://www.crypho.com/)
and Crypho is offering free audio and video conferencing for the next 3 months
due to Coronavirus demand.

~~~
upofadown
From the Crypho website:

>Key management and encryption happens automatically.

That implies that they could do MITM if they chose to do so because of the
lack of a way to ensure you are actually talking to who you think you are
talking to. If that is true then you still have to trust them and e2ee is in a
sense pointless.

------
tictoc
What a fall from grace.

~~~
adrr
They 20x their users in one month. 10MM to 200MM

~~~
ashleshbiradar
yep, I come from a really small town in India, and I see everyone using Zoom
suddenly, the mobile app is all over the town, all business meetings, family
meetups, schools, everyone is using Zoom all of a sudden.

------
longcommonname
Rash decisions like this aren't going to do anything but hurt the students.

~~~
tw04
How is it a rash decision? There are multiple alternatives that respect
privacy and do more than pay lip service to security.

~~~
contravariant
Although if I'm honest I wouldn't really know if the alternatives are going to
be that much better. All alternatives that I know off still follows the same
general pattern of letting all connections go through a central server where
everyone with the right URL can participate. Sure I wouldn't trust a company
that claims to have better security than they actually have and who add weird
privacy violating features, but any of the common alternatives are by
Microsoft and Google, which I don't trust either.

So in the end I'm not sure what good will come of this decision, while it will
definitely cause some confusion.

It's possible I missed something and that Zoom truly is notably worse than any
of the common alternatives. I'm partially posting this in the hopes that
anyone can point out whether this is the case.

And yes Zoom is definitely worse than a self hosted OSS solution like Jitsi
(or even Jitsi without the self hosting) but we all know that that's not going
to happen.

~~~
Spooky23
NYC schools have like a million students. How is jitsi going to scale to that?

~~~
__s
By having each school's IT setup a separate server

School's have IT. It isn't always competent IT (I speak from experience), but
clear instructions from up high can lead it

~~~
godelski
While I believe this will work for NYC, I'm not sure how it'll work for
Pumpkintown TN

~~~
Spooky23
Pumpkinland, TN will use Zoom. It’s exponentially easier, except for older
kids already using Google Classroom.

~~~
godelski
That's kinda my point. That the IT in a major city can use a custom system but
that discludes a lot of people. I would wager that most schools don't have a
decent IT department. I know that when I was in high school they weren't great
and I grew up in a fairly affluent area. Not everyone has the ability to "roll
their own"

