Well, that escalated quickly
The platform experienced a dramatic increase in usage when it offered free unlimited usage. COVID-19’s spread prompted stay-at-home orders to sweep across the country, closing non-essential businesses and schools.
Education, in particular, jumped onto the Zoom wave as the platform is easy to obtain and runs on multiple Operating Systems, including apps for smart devices on iOS and Android. Most importantly, an individual can have a session up and running in mere moments.
The ease of use is where a good number of concerns start. The news has been aflutter with breathless reports of individuals ‘zoomjacking’ the meetings to insert inappropriate and sometimes downright dangerous content. There is especially high anxiety about the potential for this to happen with school-age children getting live instructions.
Paging Captain Obvious
These incidences are disturbing, and there is no amount of spin that could justify these noxious interruptions. Humans are an especially rancid species where each member must often operate under the assumption that another is out to do them harm -(just ask any woman what they fear about just walking down the street, day or night). It is a curiosity to me that many ignore this fundamental concept when using online social spaces, communication apps, or conferencing tools.
There has been a long-standing golden rule of the internet (no, not rule 34), which, when ignored, is the root of horror stories. The rule: Presume that any information you put online anywhere will become public is one that every person above the age of eight should have drilled into them as the ultimate commandment. Or, to be more pop culture relevant, if you upload it - ‘they’ will attempt to find it.
This is on you, mostly
The recent news of the FBI suggesting that educational institutions, businesses, and local governments avoid Zoom for security concerns is one that is spot on and misses the point altogether. Many officials have rushed out hyperventilating statements declaring a ban on the use of Zoom. Regrettably, they fail to declare that most of the problems are their own fault.
What’s Wrong with the Panic:
A good number of pundits have been quick to lather up some good hysterics insinuating that the platform pretty much invites interlopers to wreak havoc on unsuspecting users.
Zoom does or rather did, download, with most security modes defaulted to an ‘off’ position. This made the process of getting up and running a bit simpler and provided a first-time user with a successful feedback loop. If one can get onboarded and running once, they are more likely to do it again and explore more features.
The platform,(as do most app-based conferencing tools), has a host of security-based features that can help mitigate easy access to malcontents looking to be jerks. In particular, there are tools that every single user should be looking for before setting up a real meeting.
To not make these options your first priority as a facilitator is a grievous mistake that cannot be defended with a plea of ignorance (‘I am not technical’). Frankly, if you are on the Internet (willingly or as required by work), knowing the fundamentals of protecting your information is not optional. In general, you should be looking to set the following:
Set Sharing to Only Host - This may not work for all meetings, but as an initial setting, it can help prevent malicious material from being shown. You can change this once all the participants are confirmed -(for example, a school class with presentations).
Make the Meeting Private - Do NOT publish the link on open social channels. Send links only to specific individuals. If you must use social - send via Direct Messages methods.
Require a Password to enter- This can be mildly annoying to participants, but the added layer prevents undue access.
Enable a ‘Waiting Room’ or ‘Lobby’- Participants must wait for approval before entering the meeting. It is easier to remove, refuse, and block someone before they get to an audience.
Mute Participants on Entry- Setting the first entry to a session as muted can help prevent the quick outbursts. This also gives you an additional layer to identify an interloper.
Lock Meetings - This is a heavy-handed option. The feature allows you to prevent any new participants, effectively making the meeting a silo.
Do not allow participants to join prior to host- Using the schedule feature allows you to set when folks can join the meeting. When it opens only after the host arrives, the management of participants is more effective.
What’s Right about the Panic:
There are a number of issues inherent to Zoom (and other conferencing tools) that should be considered.
The recent news of the FBI suggesting that educational institutions, businesses, and local governments avoid Zoom for security concerns is one that is spot on and misses the point altogether. Many officials have rushed out hyperventilating statements declaring a ban on the use of Zoom. Regrettably, they fail to declare that most of the problems are their own fault.
What’s Wrong with the Panic:
A good number of pundits have been quick to lather up some good hysterics insinuating that the platform pretty much invites interlopers to wreak havoc on unsuspecting users.
Zoom does or rather did, download, with most security modes defaulted to an ‘off’ position. This made the process of getting up and running a bit simpler and provided a first-time user with a successful feedback loop. If one can get onboarded and running once, they are more likely to do it again and explore more features.
The platform,(as do most app-based conferencing tools), has a host of security-based features that can help mitigate easy access to malcontents looking to be jerks. In particular, there are tools that every single user should be looking for before setting up a real meeting.
To not make these options your first priority as a facilitator is a grievous mistake that cannot be defended with a plea of ignorance (‘I am not technical’). Frankly, if you are on the Internet (willingly or as required by work), knowing the fundamentals of protecting your information is not optional. In general, you should be looking to set the following:
Set Sharing to Only Host - This may not work for all meetings, but as an initial setting, it can help prevent malicious material from being shown. You can change this once all the participants are confirmed -(for example, a school class with presentations).
Make the Meeting Private - Do NOT publish the link on open social channels. Send links only to specific individuals. If you must use social - send via Direct Messages methods.
Require a Password to enter- This can be mildly annoying to participants, but the added layer prevents undue access.
Enable a ‘Waiting Room’ or ‘Lobby’- Participants must wait for approval before entering the meeting. It is easier to remove, refuse, and block someone before they get to an audience.
Mute Participants on Entry- Setting the first entry to a session as muted can help prevent the quick outbursts. This also gives you an additional layer to identify an interloper.
Lock Meetings - This is a heavy-handed option. The feature allows you to prevent any new participants, effectively making the meeting a silo.
Do not allow participants to join prior to host- Using the schedule feature allows you to set when folks can join the meeting. When it opens only after the host arrives, the management of participants is more effective.
What’s Right about the Panic:
There are a number of issues inherent to Zoom (and other conferencing tools) that should be considered.
Zoom Link structure - The links include six to eight digits meeting numbers. The structure is small and consistent enough that a simple brute-force attempt at guessing them has happened. Again, do not rely on just the link - secure it with the tools mentioned above.
Encryption claims - Zoom's technical details often stated that the meetings were encrypted ‘end-to-end’. The truth is that the content is only encrypted ‘in transport,’ which means that it is unencrypted at a mid-point and then encrypted again to the recipient.
That mid-point is where a third, unintended party could gain access to the information. This does not mean someone can enter the meeting from this point, but they could see what you are presenting. Expect an end-to-end standard very soon for Zoom.
True security- Most State and Federal level government agencies and the military forbid the use of Soft Codec applications such as Zoom, Skype, Slack, etc, because of security concerns. If the information is of a truly sensitive nature, then the only real solution is software with a dedicated independent hardware package. These have long-established track records and a hefty price tag.
Privacy: Yes, the platform has been known to send data to Facebook (regardless of whether or not you have an account). This is troubling, but the product is not an outlier - find me a modern app that does not do this. Data manipulation is rampant with online applications; this is an industry and global issue.
Hacks: Zoom has made standard a number of commonly used workarounds, i.e. hacks, to make the implementation smoother. There is a chance this could be used as an exploit for unintended parties to gain access to the device's laptop camera/mic. Again, good management of your devices and general safety practices is in order.
Man in the Mirror
Zoom and the other platform-based conference systems are not perfect. Honestly, as a person who lives in both the Audio Visual installation and Information Technology world, they all should have done better.
Yet, why do we act shocked when someone gains access to our private messages, interrupts a meeting they are not part of, or hacks a social media account. We know these things happen, and most often, the blame rests on our own refusal to take precautions. If we clicked on the link promising illicit pleasure and monetary reward, whose fault is it that a hacker gained access?
If you do not secure your Wi-Fi router, whose fault is it when a neighbor steals the bandwidth?
The simple fact is that too many want to compromise your private spaces, some for fun, others for profit. This is not a ‘Boys will be Boys’ apologist statement, rather it is a recognition that we must own the responsibility of protecting our sessions. There is no room for the willfully ignorant if you want to enjoy the benefits of modern technology - you must be proactive in making it secure.
Encryption claims - Zoom's technical details often stated that the meetings were encrypted ‘end-to-end’. The truth is that the content is only encrypted ‘in transport,’ which means that it is unencrypted at a mid-point and then encrypted again to the recipient.
That mid-point is where a third, unintended party could gain access to the information. This does not mean someone can enter the meeting from this point, but they could see what you are presenting. Expect an end-to-end standard very soon for Zoom.
True security- Most State and Federal level government agencies and the military forbid the use of Soft Codec applications such as Zoom, Skype, Slack, etc, because of security concerns. If the information is of a truly sensitive nature, then the only real solution is software with a dedicated independent hardware package. These have long-established track records and a hefty price tag.
Privacy: Yes, the platform has been known to send data to Facebook (regardless of whether or not you have an account). This is troubling, but the product is not an outlier - find me a modern app that does not do this. Data manipulation is rampant with online applications; this is an industry and global issue.
Hacks: Zoom has made standard a number of commonly used workarounds, i.e. hacks, to make the implementation smoother. There is a chance this could be used as an exploit for unintended parties to gain access to the device's laptop camera/mic. Again, good management of your devices and general safety practices is in order.
Man in the Mirror
Zoom and the other platform-based conference systems are not perfect. Honestly, as a person who lives in both the Audio Visual installation and Information Technology world, they all should have done better.
Yet, why do we act shocked when someone gains access to our private messages, interrupts a meeting they are not part of, or hacks a social media account. We know these things happen, and most often, the blame rests on our own refusal to take precautions. If we clicked on the link promising illicit pleasure and monetary reward, whose fault is it that a hacker gained access?
If you do not secure your Wi-Fi router, whose fault is it when a neighbor steals the bandwidth?
The simple fact is that too many want to compromise your private spaces, some for fun, others for profit. This is not a ‘Boys will be Boys’ apologist statement, rather it is a recognition that we must own the responsibility of protecting our sessions. There is no room for the willfully ignorant if you want to enjoy the benefits of modern technology - you must be proactive in making it secure.
No comments:
Post a Comment