Zoom rolled out ITS OWN ENCRYPTION SYSTEM and included an algorithm with known serious issues, say University of Toronto researchers

04.Apr.2020

Administration / Server, alternatives, android, Apps Android Smart Phone, encryption, General / Allgemein, Mail / Communication / Groupware, OpenSource, PGP and Cryptography, Privacy / convenience vs surveillance / Orwell

https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

hm…. let me think where one has seen this before:

TELEGRAM!

Zoom’s service is “not suited for secrets”

“The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries”

“Zoom’s Chief Product Officer Oded Gal later wrote a blog post in which he apologized on behalf of the company “for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.”

src https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/?utm_medium=email&utm_source=The%20Intercept%20Newsletter

so whenever some company rolls “ITS OWN ENCRYPTION SYSTEM” it is basically meant to:

make it look secure
while implementing backdoor into encryption (master key) that enable certain parties to decrypt all the traffic

what are the alternatives?

according to this: https://dwaves.de/2016/01/25/electronic-frontier-foundation-secure-messaging-scorecard-is-there-any-half-way-secure-and-private-messaging-possible-in-the-snowden-era-of-2016/

the only chat systems that one can use safely are:

audio conference software:

open source (once more) safes the day: throw away Skype:

Mumble the 100% Open Source server AND client:
- Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming. (src)
- “Mumble uses encryption for both control messages as well as voice data. Mumble’s control channel is encrypted using TLS-negotiable cipher suites and Mumble’s voice channel is encrypted using OCB-AES128. OCB is used to provide both secrecy and authentication while maintaining low latency. This encryption is mandatory and cannot be disabled.” (src)
- so mumble: “USING EXISTING PROOFEN ENCRYPTION SYSTEMS” X-D

messaging/chatting:

x86:
- https://pidgin.im/
ARM / Android / Apps / Mobile:
- https://signal.org/blog/signal/
- https://www.silentcircle.com/
untested: https://about.riot.im/
- yes one can setup one’s own server: https://gist.github.com/attacus/cb5c8a53380ca755b10a5b37a636a0b9

social networks:

https://diasporafoundation.org/

https://en.wikipedia.org/wiki/Diaspora_%28social_network%29

liked this article?

only together we can create a truly free world
plz support dwaves to keep it up & running!
(yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
really really hate advertisement
contribute: whenever a solution was found, blog about it for others to find!
talk about, recommend & link to this blog and articles
thanks to all who contribute!

admin