Re: OpenChain Zoom room tested - complete success


Gilles Gravier
 

Hi!

Also, Zoom has started a complete overhaul process on its security and privacy recently: https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/

Which shows that they're taking this very seriously. You might already have noticed some tightening on conference rooms default settings starting this week-end. They've removed the IOS facebook SDK from their iPhone builds (so no leaking data to facebook anymore)... And they fixed the UNC issue which was pretty bad in itself (that was done in the last update of the client - if you haven't updated, you're still vulnerable - on Windows)...

Yeah. I wouldn't discuss strategic government issues on Zoom... or corporate sensitive IP... but for an open source project, I think we're pretty safe indeed, as Shane says.

Regards,


Gilles Gravier
Director, Senior Advisor
Open Source - Blockchain
M: +41 794728437
in/gillesgravier  @gravax
Wipro Limited


From: main@... <main@...> on behalf of Shane Coughlan via lists.openchainproject.org <scoughlan=linuxfoundation.org@...>
Sent: Monday 6 April 2020 13:05
To: OpenChain Main <main@...>
Subject: Re: [openchain] OpenChain Zoom room tested - complete success
 
** This mail has been sent from an external source. Treat hyperlinks and attachments in this email with caution**

Hi Alan, McCoy, Gilles!

Here is my take:

The recent revelations about Zoom privacy probably mean that we do not want to continue having any sensitive one-to-one calls on the platform, perhaps using Skype, Signal, Teams or other services instead. I concur with Gilles about WebRTC. It works fine but it is not super secure.

However, for the general OpenChain calls, we record and share everything, so security is not our key concern. Therefore, unless we get trolled, I suggest we continue. If we move off Zoom we will need to split between several services (UberConference has stopped working effectively in China).

Of course, we need to monitor the situation...

Regards

Shane

> On Apr 4, 2020, at 2:31, Gilles Gravier via lists.openchainproject.org <gilles.gravier=wipro.com@...> wrote:
>
> But you want to be careful with Jitsi also... WebRTC leaks things like device IP address... even when you are behind a VPN. This means that if you are in a country where the government isn't as nice as you want... and you are trying to communicate with your peers on a subject that is not fully aligned with state dogma you can get in trouble... Zoom will not do the same.
>
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.cvedetails.com%2Fvulnerability-list%2Fvendor_id-18145%2FWebrtc.html&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367628957&amp;sdata=DgxO3HPHjvTDNxJ9RqpDAUyzPbKBxT94BVa0Ndye5ug%3D&amp;reserved=0
>
> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.channelfutures.com%2Fmssp-insider%2Fwebrtc-security-real-time-data-flaw-leaks-endpoint-ip-addresses&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367628957&amp;sdata=tR1ccyF5NHCvkvb5HT1FmHyUQ2ck2aK92Eh74jaTwuM%3D&amp;reserved=0
>
> Because Zoom is fast taking over Cisco's Webex, we see all kind of FUD spread against Zoom (Zoom went from 10M to 200M users in 3 months - that's got to tickle Cisco)... But if you search for Webex security issues on Google, you'll find just as many...
>
> I don't want to bash on Jitsi. I use it. And it's open source. But if we're going to make a choice, let's make sure its for the right reasons. Zooms scales massively, has a stellar set of features, and costs that are extremely accessible... has native clients on Windows, MacOS, Linux, Android and IOS, as well as a web client for machines were one can't install apps. It's user friendly. Session recordings are automatically in MP4 which is very convenient. And A/V quality is really good.
>
> Regards,
> <Outlook-tl3rqzis.gif>
>
> Gilles Gravier
> Director, Senior Advisor
> Open Source - Blockchain
> M: +41 794728437
> in/gillesgravier  @gravax
> Wipro Limited
> From: main@... <main@...> on behalf of McCoy Smith via lists.openchainproject.org <mccoy=lexpan.law@...>
> Sent: Friday 3 April 2020 19:12
> To: main@... <main@...>
> Subject: Re: [openchain] OpenChain Zoom room tested - complete success
>
> ** This mail has been sent from an external source. Treat hyperlinks and attachments in this email with caution**
>
> LibrePlanet used jitsi this year when they had to go 100% virtual in the space of about a week
> I presented using it and seemed to work pretty well
> Might be worth a try; it’s definitely free as in beer and speech as FSF is very particular about that for their events (I had to use a Linux system for my preso as they don’t allow A***e or W*****s systems to run persos at their events
>
> > On Apr 3, 2020, at 10:06 AM, Alan Tse <Alan.Tse@...> wrote:
> >
> > Shane and others,
> > Thanks for all your hard work on setting up Zoom. However, I'm a bit concerned given all the negative privacy and security press about Zoom this last week.
> >
> > I just learned that there is an open source alternative called jitsi. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fjitsi.org%2F&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367628957&amp;sdata=YfpTmiRWyIy5%2F4NIPxdirC91vYUsqyJxN160i0fEQNo%3D&amp;reserved=0  Specifically, I saw it on one of the security blogs I follow. https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.schneier.com%2Fblog%2Farchives%2F2020%2F04%2Fsecurity_and_pr_1&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367628957&amp;sdata=8clG8EOvdBaEqIsP544ROPh3RBF1jc7c6KgwKnmtEts%3D&amp;reserved=0.
> >
> > I just learned about it so don't have any specific experience with jitsi but perhaps it's worth investigating particularly given it's open source (Apache-2.0)?
> >
> > Anyone used it before or have thoughts?
> >
> > On 3/31/20, 9:44 PM, "main@... on behalf of Shane Coughlan" <main@... on behalf of scoughlan@...> wrote:
> >
> >    CAUTION: This email originated from outside of Western Digital. Do not click on links or open attachments unless you recognize the sender and know that the content is safe.
> >
> >
> >    Thank you JongBaek! I believe we may have solved our remote working challenge :)
> >
> >> On Mar 31, 2020, at 16:54, Jongbaek Park (BKL) <jb.park@...> wrote:
> >>
> >> I am sorry that I could not have joined you on Zoom conference due to unexpected matter to attend to.
> >> Zoom seems very nice to use and it’s use is explosively being expanded.
> >> I also hope we could be connected with each other more easily and often thanks to this service.
> >> Best regards,
> >> Jongbaek
> >>
> >> From: main@... <main@...> On Behalf Of Shane Coughlan
> >> Sent: Tuesday, March 31, 2020 2:07 PM
> >> To: OpenChain Main <main@...>
> >> Subject: [openchain] OpenChain Zoom room tested - complete success
> >>
> >> We connected China, Japan, Germany and Switzerland with video, no issues detected. Check out our discussion here:
> >> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzoom.us%2Frec%2Fplay%2Fv5MsIu2qrzs3SIKWsASDC_8oW421L6-shyUdrvpZyEfjU3JVYVDzN7QTMeNLafiyMCld9CuJHaulF28c%3FcontinueMode%3Dtrue&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367638954&amp;sdata=2paa9XQpQ%2BfWu1%2FxIuLpE5bothDwZOUuiS5DWL6Mqzo%3D&amp;reserved=0
> >>
> >> What is coming next?
> >>
> >> (1) guidance will be provided to help all our international groups use the room at any time
> >>
> >> (2) we will transition our online meetings to this service moving forward
> >>
> >> (3) our new video capabilities allow us to connect 100 people with video, screen sharing and recording...leading to the ability to host webinars for our community
> >>
> >> Watch this space.
> >>
> >
> >
> >
> >
> >
> >
> >
> >
> >
>
>
>
>
> The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.wipro.com%2F&amp;data=02%7C01%7Cgilles.gravier%40wipro.com%7Cbb179d171edf429c6a9908d7da1a6d4a%7C258ac4e4146a411e9dc879a9e12fd6da%7C0%7C0%7C637217679367638954&amp;sdata=s3jCpy2flrCsYae7izB1Jlil62RXkVnbdNt%2FaVtg49k%3D&amp;reserved=0
>




The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com

Join main@lists.openchainproject.org to automatically receive all group messages.