Stream: social
Topic: Zoom security questions
Dave deBronkart (Apr 19 2020 at 22:11):
@Vassil Peytchev asked whether Zoom is considered safe. I'm not an expert but I know Zoom acknowledged the problems and took actions. Here's one of many stories about it in the past couple weeks https://zoom.us/docs/en-us/privacy-and-security.html
Wayne Kubick (Apr 19 2020 at 22:15):
The question is "safe for what"? As a collaborative meeting tool for HL7, I feel it's safer than other options we've explored, and Zoom is more capable for avoiding interlopers than GoToMeeting and FCC, which we've also used. But I wouldn't post my ATM PIN on Zoom. Most of the problems are due to inexperienced users (for example, sharing meeting IDs on social media). We've posted another article (along with tips to preserve security) at https://confluence.hl7.org/pages/viewpage.action?pageId=78678343
Grahame Grieve (Apr 19 2020 at 23:01):
maybe, if we're lucky, the chinese will snoop on our teleconferences, and learn something ;-)
Diana_Ovelgoenne (Apr 22 2020 at 08:24):
my company has prohibited the usage of Zoom and our guideline is to use Teams instead
Grahame Grieve (Apr 22 2020 at 10:23):
For companies with trade secrets at play, I can see why you would do that. HL7 doesn’t deal in trade secrets
Lloyd McKenzie (Apr 22 2020 at 13:59):
True, but if companies disable Zoom, it make it difficult to participate in HL7 sessions.
John Moehrke (Apr 22 2020 at 14:01):
one should check with their company to separate policy of that company using zoom from the perspective of them hosting meetings using the platform, from members of the organization participating in meetings hosted by other organizations using the zoom platform. This is a distinction that is important, although it is hard to express and hard to persuade.
Michael Donnelly (Apr 22 2020 at 15:34):
There are also difference security ramifications of installing native Zoom software on your computer vs. using a Zoom web client or just dialing in to a conference.
Michael Donnelly (Apr 22 2020 at 15:35):
For just participating in a conference, I'd operate under the assumption that someone else could eavesdrop, but for the calls we have (like Grahame said above) that's fine, what we're doing isn't a secret.
Michael Donnelly (Apr 22 2020 at 15:37):
Here's a good overview of the Zoom situation: https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html
Michael Donnelly (Apr 22 2020 at 15:39):
So, as long as you don't
- put any Zoom software on your device
- give Zoom any information about you that you wouldn't want to be public
- say anything in a Zoom meeting that you wouldn't want on the Internet
I think you're fine.
Jose Costa Teixeira (Apr 22 2020 at 16:16):
So, as long as you don't
- put any Zoom software on your device
- give Zoom any information about you that you wouldn't want to be public
- say anything in a Zoom meeting that you wouldn't want on the Internet
I think you're fine.
I'm possibly out of context, and we are all discussing in the open, so here is something I don't mind putting on the internet:
Looking at the above points is just scary with regards to privacy.
Jose Costa Teixeira (Apr 22 2020 at 16:18):
This to me reads: "expect no privacy".
To me it's not about having someting to hide. It's about having some control about where information ends up , in or out of context, and for what purpose.
Jose Costa Teixeira (Apr 22 2020 at 16:20):
(I just uninstalled zoom, and I am not sure if that is sufficient)
Matt Zajack (Apr 22 2020 at 16:28):
The bigger privacy issues, besides sharing meeting IDs on social media, were:
1) Zoom does not implement end-to-end encryption when they said they did and
2) Zoom was (is still??) using Facebook APIs that would share data to Facebook, even if you didn't have a Facebook account.
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
John Moehrke (Apr 22 2020 at 16:50):
The context here is around HL7 use of zoom, not around all possible uses of zoom.. zoom is evil overall, but the issues are mitigated for HL7 use.
Matt Zajack (Apr 22 2020 at 17:02):
John Moehrke said:
The context here is around HL7 use of zoom, not around all possible uses of zoom.. zoom is evil overall, but the issues are mitigated for HL7 use.
Good point around context. No arguments from me there...
Robert McClure (Apr 22 2020 at 22:30):
I've seen jitsi offered as a better alternative. Anyone know it works well with the jitsi folks doing the hosting? @Grahame Grieve
Rob Hausam (Apr 22 2020 at 22:35):
I'm starting to do some work with Jitsi. I'm not sure about the security comparison with Zoom if you use the 8x8 hosting. But you can host it yourself.
Peter Jordan (Apr 22 2020 at 22:35):
Zoomaphobia appears to be gaining ground and already affecting WGs where co-chairs don't appear to have Zoom on personal devices and it's blocked on their work ones. Teams appears to be restricted to those in the Microsoft eco-system and it will be interesting to see how the other alternatives 'scrub up' when subjected to the same level of scrutiny that's been applied to Zoom.
Michael Donnelly (Apr 23 2020 at 04:49):
Jose Costa Teixeira said:
This to me reads: "expect no privacy".
To me it's not about having someting to hide. It's about having some control about where information ends up , in or out of context, and for what purpose.
This is a beautifully concise argument in favor of privacy.
Michael Donnelly (Apr 23 2020 at 04:50):
Matt Zajack said:
John Moehrke said:
The context here is around HL7 use of zoom, not around all possible uses of zoom.. zoom is evil overall, but the issues are mitigated for HL7 use.
Good point around context. No arguments from me there...
I agree that it's fine for HL7. I'm still careful how I use it.
René Spronk (Apr 23 2020 at 05:51):
For on-line training courses we had to go back to WebEx. Just like in the old days 'it never hurts to go with IBM er.. WebEx'. It doesn't have all the nice features that Zoom has, but it does the job and has avoided being involved in security scares up to now. Personal accounts are currently free, with unlimited duration for sessions.
John Moehrke (Apr 23 2020 at 13:15):
I prefer the old school for HL7 (gotomeeting, webex, etc).. we do NOT need the face sharing that zoom is preferred for. We just need a voice and screen sharing. Chat is nice, but not critical. but emphasis that I do not need to see that you have a nice clean and organized corner of your house that you sit in front of for zoom meetings.
Michael Donnelly (Apr 23 2020 at 13:35):
John Moehrke said:
...you have a nice clean and organized corner of your house that you sit in front of for zoom meetings.
It's like you know me.
David Pyke (Apr 23 2020 at 13:42):
I have a green sheet and a false background
John Moehrke (Apr 23 2020 at 13:48):
we all have heard about your false background... :-P
James Agnew (Apr 23 2020 at 17:27):
My biggest worry in this whole debacle is that Teams will become even more commonplace.
I always look forward to the game of "does this particular client use a version of Teams that is completely broken on Mac, and if so have they also disabled the web client for 'reasons'". What a nightmare of a platform...
David Pyke (Apr 23 2020 at 17:30):
I'm just waiting for the death of Skype for Business (Lync).
James Agnew (Apr 23 2020 at 21:13):
oh god yeah....
I kind of assume that when Microsoft bought Skype and proceeded to ruin it, they figured they'd salvage that by iteratively making successively worse platforms that make the O.G. skype look good in comparison.
Peter Jordan (Apr 24 2020 at 00:28):
An alternative career path in Microsoft Sales & Marketing awaits you @James Agnew :)
Last updated: Apr 12 2022 at 19:14 UTC
