Issue 77

Zoom is secure enough

Regular readers should be well aware of the privacy and security revelations that plagued videoconferencing platform Zoom last month. It was a long list:

What wasn't clear was whether or not Zoom would be able to recover from the public relations disaster. Throughout its 9-year existence it prioritised features and flexibility at any cost, including its users' privacy and security. As I wrote in Issue 72,

...one of the lasting post-coronavirus impacts is likely to be remote work, with Zoom well placed to capture at least some of that market (Microsoft - which acquired the market leader Skype back in 2011 - really dropped the ball here). There are enough people that don't care about privacy or security - hello Facebook - for Zoom to still do quite well in the post-coronavirus world. Its next move will be its most important.

Well Zoom has now made its next move, and it's a good one in terms of improving security: it acquired Keybase, a secure, end-to-end encrypted messaging and file-sharing service that, up until I heard the news, I used and encouraged others to use. It is essentially the polar opposite of Zoom, in that the security of its users' data were always put first.

The acquisition of Keybase will give Zoom 25 top-notch security and cryptography experts that should be able to plug the gaping holes that were revealed last month. It's a sign that Zoom is serious about making its service at least as secure as any of the other mainstream competitors, i.e. secure enough for the vast majority of users.

Unfortunately, the acquisition likely spells the end for Keybase. There was always an element of trust involved as it never open sourced its server code (probably in the hopes of eventually monetising the service), and joining Zoom has destroyed that trust. While Zoom has now moved up a bracket and I would use it for day-to-day collaboration if an organisation for which I worked was paying (end-to-end encryption will only be available on paid accounts), Keybase - given its purpose - will now effectively become vapourware.

If anyone is looking for Keybase alternatives, your best bet is to use some combination of Signal/Riot.im for chat and any mainstream cloud provider with Cryptomator. I haven't tried it yet, but keys.pub looks promising as a signing and validation service.

Enjoy the rest of this week's issue. Cheers,

— Justin

Other bits of interest

We Chat, They Watch

No one but the most hardened Communist Party of China supporter could with a straight face claim that WeChat does not spy on people. But what does it do with the data it collects? Uses it to train algorithms to better censor its own citizens:

Everyone knows that Chinese chat apps do blocking, and sometimes monitoring. But the discovery that the rest of the world is being surveilled in order to train and refine censorship in China shows just how far private companies go to comply with Beijing's self-censorship demands.

It makes sense. Foreigners are an annoyance but Chinese citizens, properly motivated, could bring down the entire regime.

More contact tracing app news

India's is atrocious. The UK is building two apps, one centralised (although unlike Australia it has open sourced it) and one decentralised based on the Apple and Google framework, but it hasn't decided which one it will use. Then there's the United States, many of which won't use an app at all and have instead hired a bunch of... people.

Open floor plans might finally die

Good riddance:

Many companies are realizing that the open office—once considered forward-thinking for the way a lack of separation between workers fosters collaboration—is unsustainable. “Maybe that was innovative,” said Andrew Holmes, the director of marketing at Loftwall, a Dallas, Texas-based maker of room dividers and desk partitions. “Now it just feels like a place for germs to run wild.” Sales of Loftwall dividers have at least doubled since the coronavirus outbreak. Apple, Google, Microsoft and Tesla Inc. are among the companies that have placed orders with Loftwall in the last 18 months, Holmes said.

That's all for now. If you enjoyed this issue, feel free to share it via email


Issue 77: Zoom is secure enough was compiled by Justin Pyvis and delivered on 11 May 2020. Feel free to send feedback, suggestions for future issues, ideas, insults, or pretty much anything that crosses your mind to their Riot.im account.