
New York City bans Zoom in schools, citing security concerns - fyrefoxboy12
https://techcrunch.com/2020/04/05/zoom-new-york-city-schools/
======
irjustin
As the previous discussion already noted it seems disingenuous.

Spacex has real security concerns with national security secrets and trade
assets.

Schools primary goal should be accessibility when it comes to teaching and
Zoom arguably with its better video/audio has the best even with glaring
security flaws (that do not necessarily seem decidedly worse than Hangouts).

Banning Zoom seems to be getting on the negative news train and applying the
old adage, "everything looks like a nail."

~~~
simonh
We're talking about videos of children in their homes, in many cases probably
their bedrooms. If they have to use it for school, they may also use it with
their friends other than for school work as they will have it set up and know
how to use it. I think the risks of illicit access to that material are pretty
clear, and there are several serious vulnerabilities in Zoom that can grant
direct access to video chats and saved videos, plus numerous other
vulnerabilities.

~~~
arcticbull
None of that, while distasteful seems to signal any national security or
personal security risk. This seems pretty hyperbolic. Why on earth would the
Chinese government want access to videos of children in bedrooms? Ridiculous.

~~~
est31
There are more reasons to not give access than personal or national security.
Privacy is one. We shouldn't be in a situation where you need to explain why
you need privacy. It should be the default.

~~~
arcticbull
I don't disagree, I'm just tired of the (in this case blatant) "but think of
the children" in situations where it's totally irrelevant.

~~~
simonh
"Think of the Children" is when an issue that is only tangentially or
tenuously anything to do with children, and may not even be a legitimate
concern anyway, uses a notional impact on children as emotional leverage to
gain undeserved attention.

This case is literally and specifically about the protection of specific
children from a proven risk.

~~~
arcticbull
Is the proven risk that China is snooping on American children? If so, I'm
sure I'd have read it everywhere. If not, it's sensationalism. The case is
literally and specifically about Zoom having the ability to snoop. Children
are ancillary.

~~~
simonh
I'll reluctantly repeat the below from another post of mine on this thread:

There are two vulnerabilities in particular that can grant access to videos to
anyone. One is that Zoom video chat IDs are short enough and low enough
entropy to be guessable so it's possible to crash meetings. Also saved videos
have a standard naming scheme that makes their file names guessable and
therefore accessible publicly, as anyone who knows the file name can access
any saved video.

Both of these are deliberate choices. They made meeting IDs short and
memorable, which makes them guessable. They also wanted saved videos to have
meaningful names derived from meeting and user metadata, but again that means
they are guessable, and easy to access without annoying security controls.

------
nihil75
"I bet Microsoft is behind this" I thought, and sure enough - found the
obligatory Teams push in there.

~~~
addicted
Maybe because MS has a good solution that isn’t riddled with privacy issues?

What’s actually behind this is the threat of a mountain of lawsuits that are
gonna come descending on school systems that compromise little kids’ privacy
by forcing them to use Zoom.

If the images of one child during their private moments show up on the
internet because Zoom has so many vilnerabilities and a malicious actor was
able to control the students camera school systems are gonna get sued out of
their existence.

~~~
Krasnol
You mean besides the usual privacy issues in the operating system or Office
365?

[https://thenextweb.com/privacy/2019/07/15/german-schools-
ban...](https://thenextweb.com/privacy/2019/07/15/german-schools-ban-
microsoft-office-365-amid-privacy-concerns/)

~~~
thawaway1837
Comparing an operating system to a video conference app...SMH. Anyways the
article you list is more about privacy policy issues, the kind of which even
ZOom is subject to because the US govt forever it on all their companies.
Zoom, in addition to that, was also routing the video through Chinese
servers,making you vulnerabl not only to the NSA but also the Chinese
services.

More specifically, Teams has been in use for several years now, without a
faction of the security issues that Zoom has had in the last couple of years.

Edit: The US government regulations are the problem there which is why the
article mentions that Google and Apple also do not meet the same privacy
standards. In other words, all the OS makers fail to do so, and not just
Microsoft.

The only solution that would probably work for the German standards (and is
something the EU should be investing heavily in anyways) would be Linux.

~~~
Krasnol
It's not "just" the OS, it's O365 too. Teams is a part of it.

And yeah, this is MS' attitude to privacy issues. The fact that nobody cares
about that or doesn't want to write an article about it every day doesn't mean
that it's less worse or somehow good. Zoom has been there for years too, just
like those problems. The fact that now everybody DOES want to write an article
about it is a result of the fact that it became so popular and it became so
popular because it just works. Acting now as if MS is some kind of privacy
heaven compared to Zoom is plainly wrong.

> The only solution that would probably work for the German standards (and is
> something the EU should be investing heavily in anyways) would be Linux.

This is not true. There were guidelines by the Federal Office for Information
Security for Win7 that would work just like for certain versions of Office.
Windows 10 is the first one where they plainly say: it's so ridden with
privacy issues that it's just bad (data protection and privacy accident) and
you should avoid it.

------
mwnivek
Previous discussion:
[https://news.ycombinator.com/item?id=22782302](https://news.ycombinator.com/item?id=22782302)

~~~
fyrefoxboy12
Ah, sorry, didn't see it'd been submitted before

------
bsimpson
I recently discovered there's a Chrome app:

[https://chrome.google.com/webstore/detail/zoom/hmbjbjdpkobdj...](https://chrome.google.com/webstore/detail/zoom/hmbjbjdpkobdjplfobhljndfdfdipjhg)

Gives you most of the featureset of the Mac app (unlike Zoom's crappy web
app), but has a much narrower permission set which should mitigate most abuse.

------
fsh
After trying out a few solutions, I found
[https://bigbluebutton.org/](https://bigbluebutton.org/) by far the best for
classroom settings or even for general meetings. Being able to upload a
presentation as a collaborative white board is much better than simple screen
sharing (which is also possible). Video quality is not the best, but audio is
rock solid and we had zero connection problems with tens of people in a
conference. Getting started is simpler than Zoom, since no installation is
required and both Firefox and Chrome are fully supported. It is also pretty
easy to self-host and there is even a load balancer for large installations:
[https://github.com/ICTO/BBB-Load-Balancer](https://github.com/ICTO/BBB-Load-
Balancer)

------
eagsalazar2
Been evaluating Jitsi all day, pretty good! I'm actually kind of impressed.
Anyone have more experience who can elaborate on limitations and weaknesses we
should be aware of before expanding to a larger internal pilot?

