Zoom Video Conferencing - Completely Untrustable, Falls to Government Surveillance Demands, keybase

grarpamp grarpamp at gmail.com
Thu Jun 4 00:26:15 PDT 2020



Zoom recently bought some cryptosec sellout called Keybase.io
(which btw was started by Chris Coyne and Max Krohn,
the same sellout duo that sold out and wrecked OKCupid
over to Match/IAC which owns many other fuckall spy
and peoplemining garbage piles),
ostensibly to fix Zoom's right fucked up system.
Now Zoom removes all guise of crypto from free unpaid (anon) calls
presumably due to Government pressure to surveillance
spy the fuck out of Zoom's users, which it is giving away
free to ensnare millions of more unwitting users worldwide.
Expect any strong crypto services at keybase to get
backdoored and wrecked over the next few years too.

"for sure, we don’t want to give that [end-to-end encryption]." --Eric
Yuan (Chinese National re any programmed favor spy regimes), meme rt
by Alex Stamos (affil Google Facebook etc spy corps)

Zoom has been criticized for "security lapses and poor design choices"
that have resulted in heightened scrutiny of its software.[52][13] The
company has also been criticized for its privacy and corporate data
sharing policies.[53][54][55] Security researchers and reporters have
criticized the company for its lack of transparency and poor
encryption practices. Zoom initially claimed to use "end-to-end
encryption" in its marketing materials,[56] but later clarified it
meant "from Zoom end point to Zoom end point" (meaning effectively
between Zoom servers and Zoom clients), which The Intercept described
as misleading and "dishonest".[57]
The video conferencing company boasts about end-to-end encryption on
its website, and in a separate security-related white paper.
However, The Intercept’s report found that the service uses transport
encryption instead.
In March 2020, New York State Attorney General Letitia James launched
an inquiry into Zoom's privacy and security practices.[58]
In April 2020, Citizen Lab researchers discovered that a single,
server-generated AES-128 key is being shared between all participants
in ECB mode, which is deprecated due to its pattern-preserving
characteristics of the ciphertext.[66] During test calls between
participants in Canada and United States the key was provisioned from
servers located in mainland China where they are subject to the China
Internet Security Law.[17]

More information about the cypherpunks mailing list