https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/

hm…. let me think where one has seen this before:

TELEGRAM!

Zoom’s service is “not suited for secrets”

“The researchers also found that Zoom protects video and audio content using a home-grown encryption scheme, that there is a vulnerability in Zoom’s “waiting room” feature, and that Zoom appears to have at least 700 employees in China spread across three subsidiaries”

“Zoom’s Chief Product Officer Oded Gal later wrote a blog post in which he apologized on behalf of the company “for the confusion we have caused by incorrectly suggesting that Zoom meetings were capable of using end-to-end encryption.”

src https://theintercept.com/2020/04/03/zooms-encryption-is-not-suited-for-secrets-and-has-surprising-links-to-china-researchers-discover/?utm_medium=email&utm_source=The%20Intercept%20Newsletter

so whenever some company rolls “ITS OWN ENCRYPTION SYSTEM” it is basically meant to:

  • make it look secure
  • while implementing backdoor into encryption (master key) that enable certain parties to decrypt all the traffic

what are the alternatives?

according to this: https://dwaves.de/2016/01/25/electronic-frontier-foundation-secure-messaging-scorecard-is-there-any-half-way-secure-and-private-messaging-possible-in-the-snowden-era-of-2016/

the only chat systems that one can use safely are:

audio conference software:

open source (once more) safes the day: throw away Skype:

  • Mumble the 100% Open Source server AND client:
    • Mumble is an open source, low-latency, high quality voice chat software primarily intended for use while gaming. (src)
    • “Mumble uses encryption for both control messages as well as voice data. Mumble’s control channel is encrypted using TLS-negotiable cipher suites and Mumble’s voice channel is encrypted using OCB-AES128. OCB is used to provide both secrecy and authentication while maintaining low latency. This encryption is mandatory and cannot be disabled.” (src)
    • so mumble: “USING EXISTING PROOFEN ENCRYPTION SYSTEMS” X-D

messaging/chatting:

social networks:

https://diasporafoundation.org/

https://en.wikipedia.org/wiki/Diaspora_%28social_network%29

admin