I've recently been sent this Twitter thread by persons who've not stated anything about sending it to me nor criticized it. I'll do it for you; first, the first tweet in the one-person thread:
Most of it is plainly weird; he's using some gibberish language, for example 'testing an application that is now fundamentally used by a large percent of the world'—for which there are no statistics, right?—and 'we are a formal industry', from a person calling himself 'HackingDave (ReL1K)'.
He's right in noting that companies commit mistakes. We're humans. We build stuff. The stuff will be flawed unless the builders make an effort to make sure the stuff is not flawed.
'ReL1K' downplays Zoom's mistakes to the point where one cannot take his speech seriously.
It's interesting to note how he says this: 'Most of these exposures wouldn't even bubble up to a high or critical finding in any assessments a normal tester would conduct' when Zoom themselves refer to their latest batch of interference as 'critical'.
I've no idea why he downplays bugs and former nefarious practices by Zoom, as in portending that calling Zoom malware is 'extreme' unless he doesn't know the meaning of the word; if he does, he's making readers ask more questions than he poses 'facts', which shouldn't be the case in a 'formal industry', right? Extreme neglect to security is something inherent with malware. Then there are two other things that Zoom have done which malware manufacturers care for while conscientious software-development companies don't:
- Installing a web server on your Mac that Apple had to build a tool to erase (which Apple had to build a tool to remove from Macs)
- Abuse how installation works on macOS
- Hide how they've taken user data to sell on or de-anonymise people
Wait. Did I say de-anonymise? This came out yesterday:
[...] what many people may not know is that, until Thursday, a data-mining feature on Zoom allowed some participants to surreptitiously have access to LinkedIn profile data about other users — without Zoom asking for their permission during the meeting or even notifying them that someone else was snooping on them.
Krolik, Aaron, and Natasha Singer. 2020. “A Feature On Zoom Secretly Displayed Data From People’s LinkedIn Profiles.” The New York Times. April 2, 2020. https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html.
Reporters also found that Zoom automatically sent participants’ personal information to its data-mining tool even when no one in a meeting had activated it. This week, for instance, as high school students in Colorado signed in to a mandatory video meeting for a class, Zoom readied the full names and email addresses of at least six students — and their teacher — for possible use by its LinkedIn profile-matching tool, according to a Times analysis of the data traffic that Zoom sent to a student’s account.
Krolik, Aaron, and Natasha Singer. 2020. “A Feature On Zoom Secretly Displayed Data From People’s LinkedIn Profiles.” The New York Times. April 2, 2020. https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html.
It's more than interesting to see how—moments after Zoom's CEO notes that their privacy policy was bad and they shouldn't have data-mined stuff for use in Facebook (for sales purposes, i.e. to make money without letting their users know about it)—they data-mine what anonymous Zoom users have for LinkedIn, to make more money.
Fool me once...
Zoom can either prove their worth or, at this stage, remain bad liars who use their users badly. It's a dire state of affairs when the biggest Zoom whistleblowers are the ones who Zoom make money from.
Posted from my blog with SteemPress : https://niklasblog.com/?p=24544