> I understand the security advantages of using zoom on a laptop not
> much used for anything else. I suppose the sercurity conern is files
> being accessible to intruders. Someone made the interesting suggestion
> of settin up a new account just for zoom.
The concern about using any gratis commercial videoconferencing
service is that quite a bit of biometric information can be
collected from you - in particular your voice and your face.
Your personal files are just a bonus.
Recall a while ago some company called clearview.ai made the
news - given a picture of a person it finds all the other
photos of that person online, and does a good job of it too.
Any videoconferencing service is remarkably well positioned to
generate an excellent facial model of you - given that there
is a bit of motion and much data of you staring at the camera,
a high-quality 3D model of your face can be constructed easily.
This biometric information can be abused in so many ways, most
of which are still to be invented. But recall the cambridge
analytica scandal. It was supposed to have used rubbish online
personality quizzes to generate custom ads to fix elections and
referenda - with some success. Reportedly it is the reason brexit
actually happened ...
Now instead of having to rely on "do you like cats or dogs",
the propaganda developers get to actually check out your
microexpressions and changes in voice pitch... while A/B
testing their evil on you.
Anyway, if you value your free will then not using closed
source video conferencing systems is a must.
Similarly if you value your ability enter a store without
hostile marketing logic giving you digital patdown... Remember
the occasional news article showing off the big chinese control
centres monitoring the cameras in some far away city, with
a neat little onscreen name following every person walking down
the street ? Odds are quite good that your video conferencing use
will make it possible to add your name to that list.
Some people are going to say "not possible, the call is
end-to-end encrypted". Actually no. Illustrative example: The
intercept reported that zoom claimed end-to-end encryption,
but instead had one shared key, and used ECB (a really poor
way of using a cypher). That is why it works so well, as a
single lost packet doesn't garble the rest of the stream. More
importantly, unlike Balsamic Vinegar or Zero Percent Fat,
there is little enforcement of what these terms mean, and
governments are keen to weaken encryption further. So if you
ever hear "end-to-end video encryption" it is wise to
assume "encrypted from your end to their data centre end". It is
fashionable to use zoom as an example, given their strong
connections to mainland china, but odds are excellent that
this is happening on services too, where it is probably done
better and more discretely.
It is probably also the reason why tiktok is in the news
regards
marc