Yes, shared by the Prime Minister, number and all. What a time to be alive.
Thorentis 1469 days ago [-]
I'm surprised they're even allowed to use Zoom for a national cabinet meeting. Wouldn't the Gov have its own video chatting software that is self hosted?
Zenst 1468 days ago [-]
Number 10 has had Video Conferencing since 1998 (I set it up with college and received first call from there), was H320 via ISDN2 affair and had dedicated black box encryption unit GCHQ supplied and dealt with.
DOH (Department of Health) also had dedicated VC rooms as did all the regional officers and MCU bridging for multi point conferencing was outsourced when needed. All main DOH sites could do upto 384 with bonded ISDN line (UK ISDN was 64k per channel and seperate D channel, no bit stealing going on here).
That without a doubt all changed many times and somewhat supprised they are using Zoom, and would of thought at least would of contracted to run their own private server connected via VPN. Very supprised and when American politicians all loved their blackberry's, they had their own dedicated servers they controlled access to, supplied by RIM.
But the DOH and all the other government departments are entities unto themselves, and I'm not that up on anything the last couple of decades, but suspect that there isn't any common solution to enable what they need to do for remote working in isolation. I'm sure much will change after this. Also fairly sure GCHQ probably bashing their heads on the table.
But I can see how they got to where they are, knowing aspects of government workings and departmental fencing, still - does kinda make you go WTF still.
cs02rm0 1468 days ago [-]
They'll undoubtedly have new iterations of that, based on the same premise that they install and own the kit at each end.
I suspect Zoom just happens to be the choice this particular group has settled on. While across government people have been scrabbling to just make something work now that security's previous modus operandi is being trumped by the need to let people work from home.
Government even more than the private sector have been slow to allow for home working. I'm hopeful this will change that.
whazor 1468 days ago [-]
I think video chatting with normal citizens would be quite difficult if you expect them to install VPN's and special video conference software that probably only works with gov.uk accounts. Grabbing a random laptop, connecting to the internet and using zoom sounds a lot easier.
ben_w 1468 days ago [-]
The link shared by @verytrivial to Boris Johnson’s twitter account isn’t showing “normal citizens”, it is showing the executive branch of the UK, plus an account identified only as “iPhone” who has their camera and microphone switched off.
tadhgf 1468 days ago [-]
Dominic Cummings?
tomcooks 1468 days ago [-]
In 2020 open source conferencing software requires ZERO software apart from any recent browser or login.
>Also fairly sure GCHQ probably bashing their heads on the table.
Not nearly hard enough. Not even close to hard enough. They need help with that, possibly with heavy machinery.
flir 1468 days ago [-]
I worked on a minor, non-secure, tangentially GHCQ-aligned project. They're the most risk averse organisation I've ever met. Like, pathologically risk averse. I'd bet a small mortgage they had no oversight of that call.
flurdy 1468 days ago [-]
> > Also fairly sure GCHQ probably bashing their heads on the table.
Core parts of GCHQ might love the potential honey pot. But their offshoot NCSC [1] will be table-flipping big time.
There is absolutely now way GCHQ signed off on this.
harry8 1468 days ago [-]
And yet they are powerless. Back to recording private conversations like the Stasi then. What a wonderful institution. They're useful how, exactly?
Not smacking their heads into the table nearly hard enough. Not even close.
ben_w 1468 days ago [-]
That hyperbole might be an improvement.
Literally copying the literal Stasi approach to spying (not the rest, just spying) would simultaneously improve the quality of the data and reduce the negative side effects relative to the UK’s Investigatory Powers Act 2016.
simonh 1468 days ago [-]
By definition, in their line of work if you knew exactly how useful and effective they were they would not be doing their job properly. They report to the UK government, not to you and not to me even though I am a UK citizen (as you may be, I don't know). They have worked for governments lead by or including all three main political parties in the UK and they all decided they were useful enough to them to keep, in pursuing their goals on behalf of the people who elected them. That's good enough for me.
harry8 1468 days ago [-]
But we do know how effective they aren't. And we do know that they have placed themselves above the law. If that doesn't concern you it really should.
The macho pose that comes out everytime someone suggests they should be subject to, you know, the law and behave better than Stalin's henchmen is very worrying.
So who is the politician who will is effective enough to provide true oversight and rein them in when required.
Name that politician. Any party.
Do you see the problem now?
simonh 1467 days ago [-]
>...and behave better than Stalin's henchmen
Yes see, this is why almost nobody in the general population takes opinions like yours at all seriously.
girvo 1468 days ago [-]
A hydraulic press could be useful here, I think.
jorvi 1468 days ago [-]
In general (moreso focused on the EU than the Brits) I've never understood why the EU doesn't pump a billion a year, or a billion worth of dev hours a year into open source. That's an absolutely tiny, almost infitismal amount of EU budget (and even tinier for most member states their budget) and it would allow them to get out of the noose of closed source corporate support contracts and being beholden to foreign companies.
Imagine how much a billion a year would accomplish spread over projects like LibreOffice, Matrix/Riot, an EU Linux distro, etc.
barrkel 1468 days ago [-]
Whenever the government doles out money, the incentives are to do it in return for political favours. To counter that, various processes and institutions enforce checks and balances and accountability. In practice, that takes the form of grant applications, tendering, and the like. That then attracts a bunch of grifters who want to effectively steal the government's money, so the grant process get longer and more complex, and things get more bureaucratic with heavy-handed checks and balances.
If a government anointed any given handful of OS organizations as preferred benefactors of donations, I'd expect grifters to infiltrate those organizations and parasitically siphon off the funds one way or another.
Incentives matter. Government incentives are to be popular, or attract the support of other people who are popular or influential. Being efficient or effective is only a small part of that. I don't know that there's a good solution to the incentive problem.
mcny 1468 days ago [-]
> If a government anointed any given handful of OS organizations as preferred benefactors of donations, I'd expect grifters to infiltrate those organizations and parasitically siphon off the funds one way or another.
I’d expect companies like Raytheon, Cerner, Lockheed Martin, Boeing, and HPE/CSC/DXC to win a supermajority of those contracts.
bdavis__ 1467 days ago [-]
They probably would not even bid. Working on an OS project is fundamentally providing labor hours. Not high margin, no lock in, no investment and high profit tail on the business. It would end up going to little companies providing bodies at a low labor rate.
gonzo41 1468 days ago [-]
No way if those companies had to OS their code.
You could pump money into OS slowly by making government departments pay a royalty to the maintainers/projects they work with. Things such as Drupal, Tomcat etc.
hartem_ 1468 days ago [-]
Maybe because it wouldn’t solve the problem? Building a great product requires so much more than just the money needed to do it. If money was the only thing required, no startup would probably exist and everything would be built by either governments or large corporations.
_ph_ 1468 days ago [-]
Well the idea would of course be to use the budget to invest into suitable European startups. To create a market, where startups could operate and innovate.
tomcooks 1468 days ago [-]
EU already does more than that, together with funding they get in touch with FOSS developers.
The reason the "year of the Linux desktop" hasn't happened yet and open source hasn't conquered the consumer world isn't because of the lack of money. It's because none of the projects have a goal per-se; everyone works in their corner, on their own time, mostly just scratching their own itch. Donating money to them won't solve this problem. There's also a lack of certain skill sets like user experience design, project management, branding, etc.
If the EU wants an open-source conferencing solution they have to do it in-house (whether from scratch or fork an existing solution) and treat it like a business with a clear objective and actual employees (instead of benevolent devs donating their time & effort) including positions which open source projects often deem unnecessary like UI & UX design, and so on.
Yeah, but you have take your computer to the IT team.
blahedo 1469 days ago [-]
Also interesting about that photo: Five of the 25 have portrait-oriented video feeds. Tbh this may make more sense for this kind of thing (shows more of the person rather than more of the space they're in) but I'm thinking about the hardware—am I correct in inferring that those five are zooming from their mobile? Do high-level UK cabinet ministers not have laptops?
sc11 1469 days ago [-]
I'm speculating, but they might find it more convenient to use a separate device for the video chat? Especially if you're using your laptop a lot during the video call, it's quite convenient to have the chat open elsewhere.
dexterdog 1469 days ago [-]
Esp considering I have had the zoom app completely crash my laptop multiple times.
dhosek 1469 days ago [-]
Given how cavalier zoom is about privacy and its history on the Mac, the only place I'd be willing to use it is on my phone or ipad where it's boxed in by Apple's restrictions and has undergone app review. Apple had to push a silent OS update to remove zoom's insecure secret web server.
Zoom claiming it's compliant has nothing to do with it actually being compliant.
kemotep 1468 days ago [-]
If they have filed the paperwork[0] then they are. (Whether their solution to be compliant is or is not enough would have to be audited.)
Apple's FaceTime is not HIPAA compliant because they haven't filed the paperwork.[1]
(Obviously, there are a lot more steps to it than signing a Business Associate agreement, but I would bet FaceTime is probably a little more secure than Zoom)
Microphone quality is still not a solved problem on laptops, and Windows' sound preferences UI does not make it easy to switch to a Bluetooth headset (that is, if you even have one on you).
blntechie 1468 days ago [-]
Works for them I guess but when screensharing especially for code, mobile phones and tablets don’t work well.
orthoxerox 1468 days ago [-]
I doubt they code for a living.
_-___________-_ 1468 days ago [-]
I only ever use Zoom on my phone - it frees up my laptop to be used during the call, and I refuse to install anything developed by that company on my laptop.
distances 1468 days ago [-]
You can join Zoom meetings on your browser too. It's behind these twelve easy steps:
1. Go to zoom.com
2. Click "Join a meeting"
3. Enter meeting id and click Join
4. Ignore the automatic app download
5. Go back
6. Click "Join a meeting" again
7. Enter meeting id and click Join again
8. Ignore the app download again
9. Click at "If nothing prompts, click here"
10. Click "Join from your browser"
11. Agree to terms of service
12. Enter password and name, click Join
Yes, it actually requires you go back and try again at step 5. What dark pattern?
flir 1468 days ago [-]
That's.... a thing of beauty. Honestly, it brings a tear to my eye.
tsimionescu 1468 days ago [-]
If you are in awe of that, take a look at the official article about doing find and replace in MS OneNote:
> Johnson, on his doctor’s recommendation, has withdrawn into his chambers for seven days and will forgo all public appearances and in-person group meetings. He will have his food left at the door to his apartment, his aides said.
> “He’s self-isolating in his flat,” said his official spokesman.
gowld 1469 days ago [-]
Quaranteam
JCharante 1469 days ago [-]
This sounds like a name for a suite of team collaboration software.
callamdelaney 1469 days ago [-]
Every UK MP has his or her address listed publicly. In fact, this is a requirement to stand at election even at the town council level.
Traster 1469 days ago [-]
Yes, and every MP has a public email address that is staffed by slaves/interns/SpAds, they also have personal private emails that have much more sensitiive political information in them.
kolp 1468 days ago [-]
Doesn't have to be the candidate's home address. Some use the local constituency office address, for personal security and/or to avoid stalking by nutters.
HenryBemis 1469 days ago [-]
On a couple of pictures you can see balcony doors, house layouts, ceilings, vents, etc, doors. Every now and then CNN shares photos of the houses of rich and famous. They must be taking them from some magazine. Anyway, I remember looking at Cara Delevingne's amazing home, and I noticed that apart from walls with decorations, furniture, bathtub, etc there was NO view of doors, windows, balcony doors. Basically anything that would give away the location of the rooms (e.g. photo of bedroom with trees outside that would help identify floor and where in the building that room is). I am sure that these people have far more important things (documents) in their homes than Cara (but far worse taste).
gonzo41 1468 days ago [-]
The woman in the bottom left corner has the right idea.
A white wall!
And you're right about their houses. However with everyone home and the plods out on the empty streets. Now is not the time for a B&E
thinkingemote 1469 days ago [-]
What else?
GordonS 1469 days ago [-]
For one, Michael Gove's username appears to be the first part of an email address...
chaps 1469 days ago [-]
Why is the exposing of a government employee's email address a security risk to you?
Edit, because downvotes: government email addresses can be retrieved easily through public records laws, and is done routinely, and can easily be scraped or inferred. I've done both many, many times, and it's trivial.
Traster 1469 days ago [-]
Well at the very least it presents a soft target for hacking into his personal email adddress (it's gmail not govenrment) and secondly, compromising it literally gives you access to dial into cabinet meetings.
Read my edit. Email addresses can be received through public records requests routinely. It's a public record!
GordonS 1468 days ago [-]
This email address could be at any provider - perhaps it's his personal gmail address, for example.
chaps 1468 days ago [-]
And like one of the other comments in this chain points out - his personal email address was being used for government affairs, and that made it open to public records law suits. The public already has access to it.
FPGAhacker 1469 days ago [-]
Posting something like that on Twitter is like a dare.
billfruit 1468 days ago [-]
Whose role in the Cabinet is as the 'Chancellor of the Duchy of Lancaster', which today essentially means a minister without portfolio.
1468 days ago [-]
softwaredoug 1469 days ago [-]
Maybe covid-19 will get them actually grok e2e encryption
_-___________-_ 1468 days ago [-]
e2e encryption for multi-party videoconferencing that works well enough to use for something like this is basically an unsolved problem at this point.
jedieaston 1468 days ago [-]
Was it not solved in FaceTime group chats? I can’t see the Apple Security Guide right now, but I know they claim that FaceTime 1-to-1 is e2e, and with their whole marketing thing being privacy, I bet they did it for group conversations too (not that it’s Enterprise ready since there’s no user management or SSO or whatever).
I’ve noticed over the years that FaceTime is much more likely than other video chat software to drop the video connection and move to audio only in case the connection is unstable whereas most others will hitch and lag for 30 seconds before looking into it, so maybe they got around it by only shipping the video in one or two resolutions?
_-___________-_ 1468 days ago [-]
Yeah, there seem to be multiple statements by Apple saying they can't access the content of FaceTime calls, without any qualification that it only applies to one-to-one calls. So it's probably a reasonable assumption that even the group ones are e2e encrypted.
How many participants can you have in a FaceTime group call?
I have also noticed that FaceTime drops the video much more often that other software.
Operyl 1468 days ago [-]
You can video call up to 31 people (32 if you include yourself).
opless 1468 days ago [-]
How would it be any different from any other e2e group chat?
viraptor 1468 days ago [-]
You have to send all available qualities of the stream yourself. Normally the server does the recompression for lower qualities. That means: more processing power and more bandwidth needed. Where normally you'd be able to send 720p, now your device may not be able to handle doing both that and lower quality (2-3 streams) at the same time. This multiplies again with screen sharing.
Basically it's doable, but if you can prevent people complaining about the fans taking off and the CPU usage... why would you risk it?
michaelt 1468 days ago [-]
H.264 has a spec for 'scalable video coding' [1] where one stream can contain multiple quality levels, allowing a video's quality to be reduced by just selectively dropping packets.
(No idea how widespread encoder/decoder support is compared to vanilla h264 though)
That's pretty cool. I wonder how well does it work with bidirectional communication. It sounds like for just sending/receiving where you can saturate the link, that would be awesome.
_-___________-_ 1468 days ago [-]
Wow, that is awesome. I know what I'll be spending some coronatime doing!
opless 1468 days ago [-]
Ugh. Multiple compression streams? Why? 720p would be too much IMHO.
jdietrich 1468 days ago [-]
>Multiple compression streams? Why?
Zoom automatically switches between quality levels based on your connection speed, who's talking and the size of the viewport. 720p would look fairly rough when fullscreened on most non-mobile displays, but it's orders of magnitude more than necessary when viewed as a thumbnail on a mobile device. Making multi-user video work in a mostly seamless fashion is a surprisingly hard problem.
Using a single stream would substantially degrade the experience, which may be a worthwhile tradeoff for high-security environments but certainly wouldn't be a worthwhile tradeoff for most users.
simonh 1468 days ago [-]
It's not just about the resolution, but also the bitrate and fps. Perceived video quality is a big deal to companies like Zoom. I don't blame them for not using E2E, it's a tough technical issue, but I do blame them for lying about it.
viraptor 1468 days ago [-]
720p is the standard laptop camera these days. You notice if anyone streams less. Next, desktop sharing is going to be at least 1080p. Then you need to have lower resolutions for anyone who can't handle that much on their connection. Same for desktop share.
nonninz 1468 days ago [-]
> 720p would be too much IMHO.
I may be spoiled with a good real 50/10 Mbit connection but for me in 2020 720p is the bare minimum. Expecially when screen sharing.
generationP 1468 days ago [-]
Where's the troll?
Ah, the guy at the top left.
bambataa 1469 days ago [-]
More importantly, why does Liz Truss have a flagpole in her house?
blahedo 1469 days ago [-]
Possibly a Zoom background?
Doctor_Fegg 1469 days ago [-]
Pork markets
consultutah 1469 days ago [-]
I like that the Press HQ is not there... Makes perfect sense...
mturmon 1469 days ago [-]
I wonder if the Zoom TOS allows them to monetize this kind of conversation in any way?
tqi 1469 days ago [-]
It feels like the tech news cycle is so predictable...
Stage 1: This company you probably hadn't heard of before is blowing up / changing the world!
Stage 2 (current stage): Actually it turns out this company has some unexpected problems!
Stage 3: Actually this company is actively contributing to society's One Big Problem!
Stage 4: Actually here is why Zoom actually isn't as bad as everyone thinks!
Stage 5: This OTHER company you probably hadn't heard of before is blowing up / changing the world!
syockit 1469 days ago [-]
I am out of the loop as to why Zoom is suddenly "blowing up". Even my workplace is using it now. Previously, we were using either Skype, Webex, or Jitsi. What does Zoom offer that the other three doesn't?
hn_throwaway_99 1469 days ago [-]
1. The gallery view (aka 'Brady Bunch' view) works significantly better than any other system, with a large number of users. Especially now where everyone is working remotely and you have large group chats IMO this is the biggest factor.
2. Related to the above, I have rarely, if ever, had a problem with Zoom quality.
3. The onboarding for new users (basically just share a link) is dead simple. Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier (of course, with lots of security/privacy issues to boot, but your average Joe isn't aware of those).
4. A smaller factor but perhaps a bigger one for people using Zoom for personal reasons (e.g. teenagers and college kids) are the 'fun' features like virtual backgrounds.
bartread 1468 days ago [-]
> 2. Related to the above, I have rarely, if ever, had a problem with Zoom quality.
Massive factor here. You can use it and it mostly works extremely well. Much better than almost anything else, including the previously beloved Google Hangouts. In fairness to Microsoft, Teams is probably up there for quality nowadays too, but does lack a good gallery feature.
Compare this with WebEx. I can only assume Cisco are gradually winding it down to EOL because I haven't been on a WebEx call that was anything other than an absolute shitshow since around 2014. Even before this it was really just the best of the worst.
> 3. The onboarding for new users (basically just share a link) is dead simple. Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier (of course, with lots of security/privacy issues to boot, but your average Joe isn't aware of those).
Again, agree. Zoom "just works"(TM) for most people, most of the time. And for most people, most of the time, that outweighs any security concerns.
It frustrates me that a certain segment of IT security professionals do not understand this. If you're one of these people, you need to realise that security is necessary but not sufficient. Security is a minimum requirement, but it is not even close to the bare minimum.
Your product actually needs to be good within the context of what users are trying to achieve with it. It needs to do exactly what it's supposed to without drama and fuss. The product is the means, not the end and so, by implication, is the security product.
Human nature is generally to choose things that reduce friction over those that add it, so find a way to build a product that is both secure and gets out of the way.
Vinnl 1468 days ago [-]
> 3. The onboarding for new users (basically just share a link) is dead simple. Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier (of course, with lots of security/privacy issues to boot, but your average Joe isn't aware of those).
I really don't get why Jitsi hasn't taken over the world yet, given that it's even simpler: just share the link, and the receiver doesn't even have to install anything.
(Also, doesn't the gallery view exist in every major videoconf platform? I've seen it in at least Jitsi, Whereby and Gotomeeting... And Zoom's browser mode (which is less accessible than Jitsi's) doesn't even support it.)
hn_throwaway_99 1468 days ago [-]
The gallery view in other videoconf platforms doesn't even compare. I've had flawless experiences with 12-16 people, all in a grid across my screen. Every other system I've used had some version of rotating people in/out when there are more than 4 people. Was a night and day experience.
Vinnl 1467 days ago [-]
Really? Did the ones you tried happen to be other ones than those I mentioned? Because they just showed all 12-16 at the same time, IIRC.
josteink 1468 days ago [-]
> Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier
Yes. By installing a local web server on every users PC, which was prone to remote execution exploits.
They really don’t give a shit about security and actively try to subvert every security measure put in place by browser and OS-vendors.
Why anyone would trust them with anything is beyond me.
blntechie 1468 days ago [-]
I’m still not convinced these incremental improvements make it a $40 billion company.
neuronic 1468 days ago [-]
Maybe ask Uber regarding senseless valuation, they oughta know about it.
Also gallery view + image/whatever recognition = ad tech heaven.
gnulinux 1469 days ago [-]
My therapist tried a whole bunch of different services with different clients. We first tried doxy.me which is a HIPAA approved tele-medical service. But the quality was HORRIBLE, it was unusable, so she asked me if I would be ok using Skype (since Skype is not encrypted) I said ok (since I need the session more than it being secure). It was fine. Then we tried Zoom next time around. I thought Zoom was better in terms of quality and "just works out of the box". Just a datapoint. Getting video streaming correct is actually pretty hard, it's part of what I'm working on for my day job, and it's a very challenging problem.
jfkebwjsbx 1469 days ago [-]
Why is it hard? Video streaming has been a thing for a couple decades. I am genuinely curious.
jonex 1468 days ago [-]
It's hard because it's dependant of other systems that are often not fully functional.
The things that needs to work for a video call is: The network must be reasonably reliable and not overloaded. The camera must be configured and not privacy blocked. The correct recording device must be used, it must be recording (opportunity for both user error and OS issues here). If hardware codes are used (a requirement on lower end devices) it must support low enough bitrates, must have the right options.
Typically all these things are slightly different between different devices and operating systems. It's typically easy to build a proof of concept with great quality and reliable connections between two given devices over a given network. It's super hard to make a product that is reliable enough that millions of users only rarely run into issues.
michaelt 1468 days ago [-]
When you stream a Youtube or Netflix video, you can download several seconds ahead over boring old HTTP. It's a one-to-one link, you don't have to upload anything, and you don't need access the user's camera or microphone.
To be competitive in videoconferencing these days, you need:
* Low latency, so people don't talk over each other
* Video and audio compression that doesn't get confused by dropped packets.
* Setup so easy first-time users won't be late to their video job interview.
* Group calls for 10+ people
* HD quality
* Adaptive bitrates, for users on different speed links
* Skip-free audio even if a user's link goes from uncongested to heavily congested.
* Reliable support for every webcam and USB headset on the market, and hot-plugging them during the call, and changing OS permissions during the call.
* Reliable support for unreliable bluetooth headsets and unreliable bluetooth dongles.
* Echo cancellation that works with every device and room configuration going. Including devices that have their own built-in echo cancellation.
* Audio that's clear even in the presence of background noise, and different people at different distances from the microphone.
* Users behind every type of misconfigured firewall you can imagine.
* Roaming between different Wifi access points, and between wifi and cell data while on a call (including links with no connectivity sometimes)
* Never (or almost never) forcing a user to update their software at the moment they're trying to join an important meeting or job interview.
* Update support (or long-term compatibility) for users who don't have administrator rights.
* Graceful recovery if the user sleeps then resumes their device.
* Screen sharing that retains good readability, even if a user has unwisely made the text on their presentation a bit small.
* Screen sharing of Youtube videos without making them blurry or choppy, even if they're embedded in presentations.
* CPU and battery efficiency.
* Free of charge
* All the above on iOS, Android, Windows, Mac, Linux and WebRTC.
Loughla 1468 days ago [-]
>* Free of charge
It seems like, in the current use case, this one isn't as important? Institutions would pay for something that does everything else really well. Source: All the paid accounts my institution shelled out for on Zoom in our transition to remote work. So I guess n=1.
michaelt 1468 days ago [-]
There are certainly features you can charge corporations for, yes.
But Skype, Discord, Google Hangouts, Facetime and Whatsapp all have a generous free tier. I haven't tried Zoom or Webex but it looks like they do too.
jfkebwjsbx 1468 days ago [-]
All the hard bullets are already handled by existing math (codecs), protocols/libraries (reliable networking), operating systems (hardware support), etc., no?
This is not to say it is easy at all, of course; there a thousand things to do to implement it, but I think other fields face similar constraints, like videogame engines and distributed simulations.
TwoBit 1469 days ago [-]
The companies selling video streaming and conferencing have other issues, such as service costs. And they typically don't retain very good engineering teams.
2rsf 1468 days ago [-]
> since Skype is not encrypted
"All Skype-to-Skype voice, video, file transfers and instant messages are encrypted"
It works, the quality is decent, and it doesn't max out 4-8 cores for a simple video call.
The others don't work, are Microsoft UI dumpster fires (Skype), or consume vast amounts of CPU (anything WebRTC for some reason).
fyfy18 1469 days ago [-]
On Linux (Skylake u-i7) Zoom maxes out my CPU :-(
api 1469 days ago [-]
I meant it works relatively speaking. To be fair Google meet is usable too, but Zoom does better with huge numbers of participants.
There seems to be a law that states that all messenger apps must be bloated slow junk and must accumulate cruft over time until they turn to mush.
slavik81 1468 days ago [-]
I found that making the window smaller greatly reduced CPU usage. It seems to be doing the video decoding on the CPU.
aledthemathguy 1468 days ago [-]
I came to the conclusion that if you want to run Linux, you must run Windows as well :) Sucks, but true.
silon42 1468 days ago [-]
Hopefully in a VM (sandbox), like all proprietary software should be ran.
aledthemathguy 1468 days ago [-]
-->it doesn't max out 4-8 cores for a simple video call
Why did no one else crack this issue? Google has some smart people and so does MSFT. Perhaps just lack of caring?
I don't get it.
lmm 1468 days ago [-]
> Why did no one else crack this issue? Google has some smart people and so does MSFT. Perhaps just lack of caring?
They're probably not huge revenue drivers (if at all). Why would they be a priority for either of those companies? And I can't imagine they're particularly inspiring projects to work on, which can be a self-reinforcing cycle if the best people don't want to work on them.
true_religion 1469 days ago [-]
What would Zoom use when it’s working in the browser if it’s not WebRTC?
They use WebRTC data channels, but nothing else. I'd speculate that this is the reason why they try to push people into using the desktop client.
godelski 1469 days ago [-]
I've been using it for a few months and the group I work with has been using it much longer. The reason is because:
It is easy
It just works
It works cross platform (why the hell is this such an issue!)
Quality is good
You can record meetings
aledthemathguy 1468 days ago [-]
My professor uses the whiteboard when giving lectures. Useful as well. Also, he shares his screen and just shows us his pdf files :)
The Uni tried a different software before Zoom (forgot the name but it started with a K, from a company I never heard of before). And it was VERY GOOD but the video was choppy.
Zoom isn't 10x better, it's just enough though.
jonathanstrange 1468 days ago [-]
There is one huge difference, if I'm not mistaken. In our tests neither Skype nor Google Hangouts allowed the speaker of a talk to view the audience while screen sharing. It's annoying and feels very odd to give a two-hour lecture to your laptop with zero feedback from the audience.
Maybe we did something wrong, though, and missed features in Hangouts and Skype. If that is the case I'd be very happy if someone could point it out to me. (Our whole university is using Google Hangouts right now, because our administration doesn't want to pay for additional Zoom subscriptions.)
interestica 1467 days ago [-]
jitsi meet should allow it.
free. open source.
university could self host it too...
starpilot 1469 days ago [-]
Cisco certainly isn't using Zoom. My old school corp employer is on Webex, along with using SAP and other bullshit represented by good sales teams.
organsnyder 1469 days ago [-]
Cisco owns Webex, so of course they'd use it. I've suffered through Webex with a previous employer and a current client, and it's just horrible. GoToMeeting is much better, and Zoom is better yet.
sah2ed 1468 days ago [-]
The founder of Zoom (Eric Yuan) used to be a respected leader at Cisco but he eventually quit to focus full-time on Zoom.
Cisco didn’t fully understand the opportunity he saw to reduce the amount of friction needed to use most video conferencing (VC) software tools, including the tools by Cisco, which is understandable since Cisco was afraid they might cannibalize sales in their VC hardware business.
malandrew 1469 days ago [-]
It just works. Never used Jitsi, but the experience is far superior to Skype and Webex.
distances 1468 days ago [-]
My attempts at Zoom meetings were met with distorted audio, and the organizer quickly changed to Jitsi in both cases. It worked much better for whatever reason.
pmoriarty 1469 days ago [-]
Could you elaborate on this? In what way is it superior?
Linkd 1469 days ago [-]
From experience with many options, and having used zoom for over a year now: Video quality is better, audio quality is better, video and audio are streamed separately and during low bandwidth situations audio takes priority over video (video starts lagging but audio remains as perfect as possible), seamless to join meetings even when youre not a 'user' of their ecosystem, and has neat UX like informing you that your microphone is soft-muted when it notices you speaking, etc etc.
nutshell89 1468 days ago [-]
Whenever I've used Zoom from my home connection during the last few weeks, I've experienced laggy, blocky video, occasional audio dropouts (with frequent alert messages within the app to restart the Zoom client's audio), disturbingly high CPU usage, and meetings which take minutes for everyone to join.
Honestly in my experience, there's no real benefit when compared with Skype, Hangouts, or Discord except for the frequently mentioned large 50 person+ video streaming.
blondin 1469 days ago [-]
same.
known zoom for a while... the "it just works" and "it has better quality" comments are very surprising to me and got me skeptical. are skype, slack, gotomeeting, hangouts, meet, webex, &c. all really crashing on people now? in a huge conspiracy?
things i thought could be the real reason: novelty (for some/most people), popularity (someone online famous/influencer mentioned it), shadow marketing, luck.
but wikipedia told me is actually going on: schools have decided that zoom will be the de-facto remote schooling platform. a bunch of young people appropriated the platform it seems.
hope that helps. the superiority talk is just that. but now they are in a good position to become better than any other video conferencing software.
markmark 1468 days ago [-]
I've been working at remote-first companies for about the last four years, my current and previous company independently tested a bunch of video conferencing apps and both settled on zoom. It just works better than the alternatives. Yes better than skype, slack, gotomeeting, hangouts, meet and webex (and teams, since that's the other big one).
Sometimes it's call quality, sometimes it's stability, sometimes it's usability, sometimes it's features.
blondin 1468 days ago [-]
good for you but i respectfully disagree. i have also used many video conferencing software, including zoom for many years.
Larrikin 1468 days ago [-]
So zoom sucks and you've tested the alternatives but don't offer one?
lmm 1468 days ago [-]
> are skype, slack, gotomeeting, hangouts, meet, webex, &c. all really crashing on people now? in a huge conspiracy?
It's astonishing how so much low-quality software gets distributed, but: yes. Hangouts and Slack are a pain to get everyone logged in / invited to. Everything else on your list just breaks a lot.
> but wikipedia told me is actually going on: schools have decided that zoom will be the de-facto remote schooling platform. a bunch of young people appropriated the platform it seems.
That's a non-explanation. Zoom is popular with young people, sure. Why? The same reason it's popular with everyone else, because it works better.
Loughla 1468 days ago [-]
I've used everything on that list, except meet, in an institutional setting. 1-on-1, small groups, large groups. The only one that our institution has used that works straight out of the box 100% of the time for everyone who has access to data, is zoom.
nemacol 1468 days ago [-]
My short time working in higher education taught me that zoom is baked into some education software. If I recall it is part of the barns and noble cloud education suite.
With the lock down, more online classes, more people seeing the Zoom logo?
randycupertino 1468 days ago [-]
> What does Zoom offer that the other three doesn't?
We switched to Zoom from Skype and Webex simply because it was cheaper.
golergka 1469 days ago [-]
It haven't spent 10 years being slowly killed by Microsoft's worst product practices.
vosper 1469 days ago [-]
Facebook must be enjoying getting a few weeks off
malandrew 1469 days ago [-]
Journalists are like locusts. They move on to the next juicy victim, but time to time return to ravage those few cash cow targets.
prawn 1469 days ago [-]
The journalists cover all sorts of material. We're the locusts consuming and posting the juicy bits to HN?
Kiro 1468 days ago [-]
Yes, HN is toxic.
prawn 1468 days ago [-]
HN is people. People can be toxic.
thaumaturgy 1469 days ago [-]
...and the even more predictable, dismissive, contrarian response: "Look at how silly and repetitive all the critics are. They always point out problems, haha."
Fortunately, we have really enlightened people among us who point that out.
Every time.
Razengan 1469 days ago [-]
And most of that perception of hype (positive and negative) is likely paid for.
JKCalhoun 1469 days ago [-]
Almost like we should vet them before we all jump aboard.
j-wags 1469 days ago [-]
I attended a PhD defense yesterday that got zoom bombed. They quickly moved it to an actively managed call and the presenter did a fine job of keeping their composure and getting back on track. Now we're circulating guides about how to set up secure rooms and webinars, so I don't anticipate this will happen again.
Normally I'd wave this off as a childish prank, but both the URL and loading screen prominently indicated the name of a major medical school, and the contents of the presentation were proteins and chemical structures. Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
christianmann 1469 days ago [-]
> Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
For what it's worth, it likely wasn't targeted. My understanding is that the search space is so short that you can just cycle through it until you find something.
jchrisa 1469 days ago [-]
This happened to a local political debate I was attending. Disturbing to say the least. It's not hard to defend against as a power-user host, but the default case might be better locked down. Maybe this preference should prominent in account setup.
woliveirajr 1468 days ago [-]
In general PhD defenses are open to public, I mean, in some places it isn't even valid if it wasn't public announced (by a printed paper glued to some wall, for all it's worth) and the access is restricted to the public.
Of course different times require different actions but I think that some challenges remain for the _formal_ part of it.
roel_v 1469 days ago [-]
"Now we're circulating guides about how to set up secure rooms and webinars, so I don't anticipate this will happen again."
My sarcasm calibration is a bit off lately, you surely didn't mean this seriously (I mean, you don't really think this won't happen again)?
Alupis 1469 days ago [-]
> Bombing this meeting in particular seems to be in especially bad taste during a pandemic
Either that... or it's a way to get high profile attention to blatant security issues in a commonly used business meeting tool where sometimes sensitive information is shared.
tptacek 1469 days ago [-]
People are not trolling Zoom meetings as part of a high-minded awareness campaign.
Alupis 1469 days ago [-]
Maybe... maybe not. It sure is bringing about awareness though, isn't it?
edoceo 1469 days ago [-]
Ahh yes, the old ends justifying the means.
buzzkillington 1469 days ago [-]
I too am much happier when Chinese/Russian/French spies quietly infiltrate a presentation on power grid weak points from a mid sized private firm with no security to speak of.
Trolling is gods way of teaching basic opsec to idiots.
Alupis 1469 days ago [-]
Not going to defend a bunch of trolls, if that's what you're implying.
However, if we don't secure our systems, what do we expect? If there were no bad-actors in the world, people like tptacek would be out of work. What a glorious world it would be, no need for locked doors, fences, passwords, pin codes and more - but that's not the world we live in.
Instead, we're in a world where Zoom has laughable security for barging into potentially sensitive meetings being conducted by businesses and world leaders[1].
If it takes a few meetings getting trolled for Zoom to finally take action, I'm not going to feel much sympathy. Just be glad trolling is all they're doing right now.
So, while I'm sorry your meeting got trolled, it will just continue to happen until you get mad at the people that made it possible - Zoom.
I'm a software developer. I would just work on some other problem amenable to software.
Alupis 1469 days ago [-]
Forest and trees?
YarickR2 1469 days ago [-]
I hope you're wearing a hard hat at all times; if not - then it's your fault when complete stranger smashes you with a brick. Who you will be mad at after that ?
c22 1469 days ago [-]
On the other hand, when I get smashed with a brick and the hard hat I'm wearing crumples like a paper bag I guess I'm still a little mad at the hard hat company?
buzzkillington 1469 days ago [-]
When you walk into a crocodile pit do we blame the crocodiles for eating you?
HarryHirsch 1469 days ago [-]
Come on, Adolf Hitler has participated in Kahoot games ever since Kahoot was invented.
Razengan 1469 days ago [-]
I lost track of which analogy is in favor of what and which is against.
HarryHirsch 1468 days ago [-]
I'm just saying that kids have been signing into Kahoot with names as Naughtius Maximus and Biggus Dickus since forever. There used to be a kahootbombing subreddid that eventually got banned. If you just have a username and no password there's problems. Why is that even news?
No clue what everyone else is saying.
EamonnMR 1469 days ago [-]
More like second order side effects justifying obviously deviant ends.
tptacek 1469 days ago [-]
No, not maybe.
anigbrowl 1469 days ago [-]
Trolling is not a security advisory. If it were intended that way it would be sufficient to hold up a sign saying 'warning, this meeting is not secure'. Instead people are using it abuse others. Stop making excuses for that behavior.
mmhsieh 1469 days ago [-]
As a poor man's red team, the reward of being a jerk is the compensation paid to the troll.
anigbrowl 1468 days ago [-]
No.
mmhsieh 1468 days ago [-]
Yes.
anigbrowl 1467 days ago [-]
No. That's an asshole's charter.
1466 days ago [-]
Alupis 1469 days ago [-]
Or we stop making excuses for companies that enable this behavior?
Seriously, if people can troll, they'll troll. It doesn't matter how offended someone else is.
Make it impossible to troll, and guess what happens? No trolls. It's really that simple.
And with systems that apparently world leaders are conducting business with... It really ought to be impossible to troll!
So while it might feel good to get mad at the trolls, you're misdirecting from the actual problem here:
People can dial into unprotected meetings and listen into sensitive conversations that are assumed to be private!
That's scary. Really scary. And we're pretty darn lucky it's just trolling for laughs so far.
crazygringo 1469 days ago [-]
This is a feature not a bug, to make joining meetings frictionless. (And in videoconferencing there's little distinction between meeting ID and password anyways -- they form a single access credential.)
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
Overall I'd say the system works pretty well.
wlesieutre 1469 days ago [-]
You could have a second access code included in the invite but not printed right on the window in screenshots.
It would be similar to how a credit card number and CCV code are functionally the same as one longer number, except that you don’t go writing the CCV code alongside the credit card number, and that keeps it more secret.
Still not as frictionless as “anyone with the number can join,” but if this continues to be a problem it might be worth doing.
topher515 1468 days ago [-]
I believe Zoom has the exact feature you’re describing—passwords for meetings.
If the trolls are just guessing the ID then it seems to be too low-entropy to serve as an access credential.
pjkundert 1469 days ago [-]
I just set up passwords on Zoom rooms for a little room automation project I'm building. There's no drawbacks; you can send out a link that includes the password, so nobody gets left out (no matter how technically challenged). And, someone who "stumbles upon" the room can't just get access.
All in all, Zoom has done a lot of things right, given the extremely challenging competitive environment they're in.
kart23 1468 days ago [-]
The password doesnt do anything for teachers who dont know how to use zoom. And people are not stumbling upon links. What happens is one kid sends the link to a bunch of other people, with the password, who can then join since zoom doesnt require accounts. There are obviously ways to alleviate this like the waiting room feature, or muting everyone and turning chat off, but the problem is that most teachers arent trained well with zooms capabilities and weaknesses.
bostonvaulter2 1469 days ago [-]
Is including the password in the link always enabled? If you're looking at a link is there a way to tell if it has a password or not? I've had issues in the past where people with the link were unable to join since they didn't know the password.
rmccue 1469 days ago [-]
Yes, it has a ?pwd query string (which appears to be a base 64 encode of the password)
eat_veggies 1469 days ago [-]
The pwd parameter is always 32 characters long, so I assume it's either a hash or a random nonce, rather than a direct encoding of the password.
rblatz 1469 days ago [-]
Total pain in the ass to join from a zoom room though
ljm 1469 days ago [-]
Zoom has open conferences by default. Even if you host one on your business plan, anyone who has the number can dial into it. You could be paying a shitload of money for that, including their 'Zoom Rooms' where they fit out your meeting room with cameras and mics and their special app... and any fuckwit can dial in if they grab the phone number, which is also a US-based one.
I don't like to join company calls on an anon or personal account but Zoom makes absolutely zero effort to identify who you are and even if you're welcome. Most of the time I drop out and re-join under my corporate account. I cannot force other people to do the same, and their settings UI is insane.
By all accounts, Zoom deserves this intense scrutiny and I hope they take it seriously. All I see them trying to do is get their software on as many machines as possible.
luckydata 1469 days ago [-]
I had a quick feedback call set up by a common investor with Eric, Zoom's CEO a few years ago. I remember I pointed out a few of those issues, and his reply was that the only problem he could see with the app was that it wasn't "pretty enough" and it needed new icons.
I hope Eric is learning something from this situation and will pay more attention in the future, every business gets those moments, maybe not that publicly.
solidasparagus 1468 days ago [-]
Seems like Zoom was right that they were better off focusing on the UX aspects over the privacy ones?
luckydata 1468 days ago [-]
If you stretch the definition of UX and ignore the clear lesson in this story, sure.
solidasparagus 1468 days ago [-]
What clear lesson? Zoom is not in a bad situation right now.
guessbest 1469 days ago [-]
They don't implement security by default to gain traction, both the service and the user groups. The expected happened unexpectedly.
brianpan 1469 days ago [-]
The inevitable happened expectedly?
guessbest 1469 days ago [-]
I believe Chief Technology Offices will be reformed as Chief Security Offices since so many features are built-in that automated common sense is what sells.
jacquesm 1469 days ago [-]
It's a pretty low bar for the word 'break'. By the same token you could walk up to a bunch of people in a restaurant and start yelling at them while they're having dinner. That's also not a break. It's just a nuisance and proof that you're a jerk, and if you did it in person you'd likely end up with some dental work.
DarkWiiPlayer 1468 days ago [-]
Except users don't realize that. They think they're sitting in a locked room that nobody else knows about, when in reality they're sitting at a restaurant table and most people just don't care to go bother them.
Wowfunhappy 1469 days ago [-]
I know it's beside the point, but who are these people heartless enough to break into Alcoholics Anonymous meetings to tell them how good Alchohol is?
There isn't even any monetary benefit. Who the heck thinks this is funny?
zionic 1469 days ago [-]
4chan
Wowfunhappy 1469 days ago [-]
I should have phrased that differently.
I know it's largely parts of the 4chan crowd. But who are those boards? Why are the people who go there so nuts?
Do you ever wonder if you've unknowingly met these people in real life? Chances are we all have, right? How do they manage to be so terrible and then go on with their lives?
snazz 1469 days ago [-]
I recently finished reading We Are the Nerds, which is about the history of Reddit (the company) and its community. One of the interesting parts was about the moderator of a bunch of subreddits that were full of all kinds of borderline illegal and definitely illegal content (u/violentacrez, if you feel the need to Google for yourself).
If you're a long-time Reddit user, you probably already know this, but here goes: He was eventually exposed by a journalist. Surprisingly, he is actually a pretty normal middle-aged man. He worked as a programmer (and was immediately fired when the news aired). He has a disabled wife for whom he is the sole financial support. If I remember correctly, he has adult children, who were aware of what he did on Reddit and had usernames that referenced their relationship with him. Apparently, he used his time on Reddit as a way to relieve stress, or something like that.
I'm not entirely certain what motivates people to act like that online when they're relatively normal offline, but it seems to be a somewhat common occurrence.
gnulinux 1469 days ago [-]
> I'm not entirely certain what motivates people to act like that online when they're relatively normal offline, but it seems to be a somewhat common occurrence.
Anonymity probably?
I'm a pretty normal dude offline, your average American programmer. On reddit I'm in all socialist/communist subreddits talking about revolution 24/7. Intellectually I agree with intersectional Marxism, but I don't feel comfortable enough to discuss these in real life, and I don't care enough to (or am too lazy to) act upon these ideas in real life. So, when I go to reddit I become "a different person", not because I try to be this person, but the comfort of anonymity allows me to express my ideas easier.
anigbrowl 1469 days ago [-]
Territorial aggression.
There is trolling-as-prank which is inclusive of others in the forum where it takes place (although it may involve mockery of individuals) and raiding behavior, which is designed to damage the forum itself. The latter is area denial which is meant to gain leverage over a platform and (ideally) to take it over. This originated in rivalries (friendly not-so-friendly) between bulletin- and image-board operators, but has since been weaponized to quasi-political ends.
randycupertino 1468 days ago [-]
> But who are those boards? Why are the people who go there so nuts?
I mean, in my darker, misanthropic side of my personality I think it would be pretty funny if someone Zoom-bombed my really, REALLY boring monthly electronic Database system update training I have to go to on Thursday morning at 7am for 90 minutes, and like... played videos of puppies or something. But I get a chuckle out of that thought and drink my coffee and pay attention to the training like I always do.
deoxxa 1469 days ago [-]
4chan is a big place with a long history. It's kind of like 50 different websites and communities under one domain, where there's surprisingly little overlap between them all. I think you'd find that most people who visit the less notorious boards on 4chan are your totally normal geek crowd.
matz1 1469 days ago [-]
Is it really surprising ? Not everyone wired the same. For some people they think its fun. Its just human.
rabuse 1469 days ago [-]
It's crazy to me that people seem dumbfounded that young people love to piss off and troll (online and offline). Do they not remember being young, or were they raised around angels?
blondin 1469 days ago [-]
this is mostly due online anonymity. or being confident you will remain so. a person who displays these traits in real life has bigger issues.
the8472 1468 days ago [-]
Are you not aware of people's great capacity for compartmentalization?
erikbye 1468 days ago [-]
I ponder these same questions when I think about who voted for Trump, turns out, 4chan has many Trump supporters.
anon9001 1468 days ago [-]
/b/tard here. If you do public stuff on the internet, it's practically the obligation of the internet to show up and do something stupid.
As far as I can tell, somewhere over the last 15 years, people began to confuse "the internet" with "real life". It's important to know that hosting a public space on the internet is not the same as hosting a public space in real life.
I don't think this is even a so terrible example of trolling. A well run AA group could use it as a teachable moment to reinforce their message. It's certainly memorable.
And the people trolling are probably all hanging out on discord, making friends, having the modern equivalent of old-fashioned fun. Just a bunch of bored people seeing what they can get away with to entertain themselves on the internet.
When I was a kid, the neighborhood boys got caught throwing rocks at cars just because they wanted to see what would happen. They also stuck firecrackers in things. Once some teenagers took a baseball bat to every mailbox on the street while hanging out of a car window. Trolling an AA zoom meeting is significantly less bad than any of that.
I would argue that trolling is actually a bit higher-minded than previous generations of trouble-making. When you're restricted to operating only online, outside of physical space, you have to be a bit more clever in your trouble-making. Clever probing of the world to see how it responds is fun, especially with the constraint of "must be done entirely online". It's also largely harmless, because nobody can get physically hurt, and it leads to better safeguards in our online systems.
If you view trolling in that way, I think it's really a sign that our culture is advancing. If a successful troll is possible, it indicates some kind of weakness that needs to be patched. You can't stop the trolls, so you might as well extract what value you can from their work. Also what and how they troll is a sign of the times. The Trump presidency was fairly predictable if you watched the steady increase in what we'd now call "alt-right" ideology on 4chan. As goes /b/, so goes mainstream culture. I guess, in a way, you could say that trolling is a art.
lm28469 1468 days ago [-]
"aha XD I owned alcoholics look at how clever and advanced am I, you normal human beings wouldn't understand, this is actually a societal critique aimed at bettering the world, we're artists" - /b/
> you have to be a bit more clever in your trouble-making
Or you know, once you're not 14 years old anymore you can reassess your life and decide it's not ok to DDOS hospitals during an epidemic, or call the swat on someone who beat you in a video game.
anon9001 1468 days ago [-]
DDoS'ing hospitals and swatting are both crimes. The groups involved do have a lot of overlap, but /b/ does not allow illegal content or conspiring to commit crimes.
Trolling AA isn't criminal, it's just stupid. The only impact it's going to have is that AA organizers will learn how to run an online meeting with a little more security.
boomer_joe 1469 days ago [-]
You have a source on that?
Who is this 4chan anyway?
gnulinux 1469 days ago [-]
Is this a joke? 4chan is the well-known internet forum/image board. https://www.4chan.org/
Nonsense; 4chan doesn't hate women. They hate everyone. Every race, every gender, every religion, every nationality, every profession, every socioeconomic status. No matter who you are, 4chan will find a slur for you.
bigfudge 1468 days ago [-]
They seem more practiced at it if you are a woman though.
gnulinux 1469 days ago [-]
4chan is a huge website with a lot of different communities like reddit.
boomer_joe 1469 days ago [-]
Ughh, you sure sound like someone who knows a lot about the place.
Yikes.
imron 1469 days ago [-]
Trolling is a art
lostgame 1469 days ago [-]
Bless your innocent soul that has clearly never visited the murky waters of 4chan or worse.
There are literally people on the internet who claim white supremacy, and that the Earth is flat.
There certainly exists similar scum/ignorant idiots who would find this funny.
wolco 1468 days ago [-]
Alcoholics know. SomeoneAp doing that in a zoom conference wouldn't upset someone as much as smelling it
throwaway5752 1469 days ago [-]
Zoom lets you require passwords or require the host admit guests in meeting settings. This is the same as anything else you might find on Shodan. Secure defaults hurt mass adoption, and insecure defaults result in this. Zoom is part of one of our oldest industry traditions in this respect.
freepor 1469 days ago [-]
The fact is that with these meeting/group products, the one that makes it easiest to join is the one that succeeds, because there's always one bozo who can't figure out how to type a password, so there's an incentive towards insecure product behaviors.
mikorym 1469 days ago [-]
I think the progression here is "Zoom has privacy concerns" -> "Zoom operates like macOS malware" -> "Zoom gets trolled".
The progression is "People start doing a ton of things over an insecure system" -> "trolls start harassing people". This isn't some sort of reaction to anything about Zoom the company or the software.
annoyingnoob 1469 days ago [-]
Vigilantes are not helpful.
Traster 1469 days ago [-]
I think it's more Microsoft in the early 2000s. "What do you mean there is an internet and people on the internet might not have your best interests at heart!"
csunbird 1469 days ago [-]
This is like 5th topic about Zoom today.
Uehreka 1469 days ago [-]
When your product goes from being "a videoconferencing tool used in some workplaces" to "the primary way people communicate and gather for personal or professional reasons", it makes sense that there will be a lot of stories about it (good, bad and neutral) in the press.
slg 1469 days ago [-]
>"the primary way people communicate and gather for personal or professional reasons",
I would be curious to see an article about why this happened? Is Zoom better than their countless competitors? They all seem pretty similar in my experience so why is it Zoom that is blowing up because of this and not any of the other companies?
Uehreka 1469 days ago [-]
Part of it is that, (at least in my experience, maybe this has changed) Zoom can scale to a couple hundred people in a way that tools like Google Hangouts can't.
But like, if we're being honest, it probably has a lot to do with how easy it is to start a Zoom call and invite people. You can host a 40 minute meeting for free. No one needs to sign up anywhere. It's super easy to install but also works in the browser if you can't install it. Computer on the fritz? You can call in from your phone. And yeah, they've also used some dirty tricks to make it as easy as possible, and some of those measures (like the auto-reinstall thing) were probably unnecessary. But they've clearly focused on being super super easy to start using, and when their moment came they were primed to seize it.
Last weekend my family had a "month's mind mass" in memory of my grandfather who passed a month ago. We were able to get dozens of people, many of them very non-technical, into the call, and we started basically on time. There was no "it doesn't work on my old phone" or "you mean I have to sign up for gmail?" or "whoops I couldn't get in because I signed in with my work email". That's why Zoom is winning the game right now.
ThePowerOfFuet 1469 days ago [-]
It doesn't work for shit in the browser; it's deliberately crippled (compare browser-based Zoom to Google Meet or Whereby).
And even then the browser interface is hidden behind multiple attempts to make you install and use their client instead.
dylan604 1469 days ago [-]
Zoom tells me browser isn't modern enough and that I should use Chrome. Even in Chrome that still push to install their app. Thanks, next
mavhc 1469 days ago [-]
Skype meeting is just 1 url and no software or sign up, so that's even easier.
toss4732 1468 days ago [-]
so, exactly the same as default zoom? not actually easier
avip 1469 days ago [-]
You don't need an article to estimate the direction from which The sun will rise tomorrow.
Zoom is better than the alternatives on most verticals and has good PR. In fact, justified privacy concerns aside, it's hands down the best vid. conference app I've ever used.
freepor 1469 days ago [-]
I carefully evaluated all of the major players here (at least 2 hours in each one) and Zoom definitely has the 2nd best video/audio quality/latency after FaceTime (and you can't use FaceTime for meetings where even one person doesn't have an Apple device).
r00fus 1469 days ago [-]
Probably because it was so easy to use. In my professional capacity I have used probably a dozen different conference software, and Zoom is by far at/near the top in terms of stability, usability and client install experience.
EvanAnderson 1469 days ago [-]
I've used a fair amount of WebEx (hosting and attending "meetings"). I don't particularly like WebEx, but Zoom feels like a cheap knockoff in comparison. I think Zoom is doing a better job marketing to individuals than the older players in the market.
r00fus 1469 days ago [-]
WebEx is challenging - I work with industry partners who use WebEx and it just seems clunky.
I do think WebEx does some things better than Zoom (I like to share 2-3 apps - for Zoom it's 1 at a time or entire desktop) but Zoom has led to better client adoption for us.
kyawzazaw 1469 days ago [-]
it just works and works so well. especially for our use cases as virtual college classrooms.
dragonwriter 1469 days ago [-]
> why is it Zoom that is blowing up because of this and not any of the other companies?
I suspect it seems that way because Zoom was already more aggressively seeking media spotlight as a growth startup, and experiencing more rapid growth in terms of multiples because it had a much smaller install base to start with than established competitors. Also, Zoom is the center of it's company’s business whereas Slack and Webex are just part of a large stable for their respective firms.
yoda222 1468 days ago [-]
Several people in other comments explain that you could have a password protected session, or a session in which users must be waiting in a lobby until someone approves their admission. This seems pretty normal, and I think here Zoom may not be able to do much more.
But I have the feeling that this is difficult in pratice to use for a AA meeting. I'm actually lucky enough to not to have the need to participate to such a meeting, but from what I understand from it, the anonymous part is important, as well as the possibility for newcomers to participate. I doubt for these reasons that AA meeting groups have a list of participant clearly identified, to whom they can send a password protected link, or that they could use such a list to check that people are someone part of the group.
Unfortunately, I'm not sure that this kind of problem can be fixed (technologicaly. On the non-technology side, we could hope for a world without asshole, but that's only a dream)
kzrdude 1468 days ago [-]
Why has Zoom picked up so much? Hangouts, Skype, facebook all are established with video group calling functionality
mlyle 1468 days ago [-]
Few things that are "free" handle massive numbers of participants well. Yes, Skype for Business etc can, but those options are commercial. There's also less usable, obscure stuff that does OK.
orthoxerox 1468 days ago [-]
Skype for Business is a dumpster fire. We use it at work and it's terrible at graceful degradation, even for voice.
kzrdude 1468 days ago [-]
Skype for business + outlook integration doesn't even manage to handle chat history correctly, not without glitches that lose you the history for chats ever so often. Not fit for purpose.
overgard 1469 days ago [-]
I'm not really sure this should be called trolling, it's more just harassing/bullying/trespassing. When I think of trolling, at least when it's done well, it's more taking on overly self serious people to get a funny reaction (even if it's obnoxious). It's like a cousin of pranking, it shouldn't be cruel. There can be cruel pranks of course, but that's not the fundamental nature. Like Ken M leaving a really oblivious comments on facebook, or Something Awful forum members joining an online game chatroom as a weird cult ("the path is grey" :D ). Weird, funny, mostly harmless. I mean things like that are obnoxious sometimes but they can be funny and work as satire or social commentary. There's no cleverness to this.
(probably the wrong thing to write on HN since this place is uh not known for its sense of humor)
Someone sent me a meeting URL and I clicked it, to see if everything was right.
Little did I know that people just get one Zoom URL for ALL of their meetings.
auscompgeek 1468 days ago [-]
Each meeting gets its own ID. Of course, nothing prevents someone from reusing a meeting ID though.
tikkabhuna 1468 days ago [-]
You get a "Personal" meeting room, which keeps the same ID. You can then create other "named" meetings which gets a separate one. That then lets you have different passwords for different meetings.
alexcpn 1468 days ago [-]
happened to my elder sister who is a teacher hosting video class due to lockdown in India. Some idiots think it is fun and the worst thing is that they put a video grab of this in their youtube channel - themed disruption or something - to drive traffic - yuck , the state of minds! and those who follow such channel. ( It is reported to local cybercell , but it left my sister who is bit older to all this technology very rattled)
1469 days ago [-]
sys_64738 1469 days ago [-]
The news stations here are saying make your zoom session private and make sure desktop sharing is host only.
buboard 1468 days ago [-]
this happened repeatedly and badly in a conference with 2500 people. The root of the cause was that zoom invite links, by default, contain the password, which then people share, making the password useless. otherwise it worked great
dzonga 1469 days ago [-]
if FB didn't have privacy nightmares. They're well equipped to providing the solutions to the enterprise market. given that they probably have the most stable live video platforms which could be modified to support secure meetings
consultutah 1469 days ago [-]
Right now zoom is going through a honeymoon phase. Only us geeks care about its security and privacy. After this is over though, people will start thinking it through and things will look a lot more like how FaceBook is viewed right now...
solidasparagus 1468 days ago [-]
I'll happily trade my privacy for a video call that works properly. None of the various Zoom issues have been privacy problems that I really care about.
void445be54d48a 1468 days ago [-]
I dunno. My boss is an incredibly tech savvy developer and he loves Zoom and thinks it's fantastic so I don't really see it going anywhere for a while.
spsrich2 1469 days ago [-]
Making fun of people in AA. Beneath contempt.
thrownaway954 1468 days ago [-]
my homegroup switched over to zoom a couple of weeks ago and i have to say, i love it. like most of you, i'm sitting all day and to be able to join in an aa meeting while walking outside is AMAZING! i can finally get some exercise and not feel like i have to sacrifice one or the other.
to the people of zoom, thank you for making this time in our life a lot more pleasurable.
1469 days ago [-]
CobrastanJorji 1469 days ago [-]
Ah, that is problematic. I saw a documentary on Netflix about the British IT crowd. They were not an impressive bunch.
It is of course a comedy. The Brits in IT that I've met can compete with anyone on the planet.
bschwindHN 1469 days ago [-]
Yes that is the joke.
jshevek 1468 days ago [-]
The culture and character of this site is being increasingly damaged by attempts at humor in a style common on another popular site, but the site rules discourage us from discussing this.
strategarius 1469 days ago [-]
4 chan exist like 20 years or something. Does anyone ever thought about a legal way to shut it down and lock up couple of admins? I'm sure their stupid troll raids cost billions since it started.
cc-d 1469 days ago [-]
> Does anyone ever thought about a legal way to shut it down and lock up couple of admins?
Why on earth do you feel like this is an appropriate response to some people joining random zoom meetings?
strategarius 1468 days ago [-]
Read my message again. I have serious concerns about your cognitive abilities.
fl0wenol 1468 days ago [-]
15 years old. Admins grip the banhammer tight on raiding threads, comply with warrants, so it stays up. That activity was driven to other sites set up for that purpose.
strategarius 1468 days ago [-]
I guess. After all, there's Telegram, fortress of privacy
Kayou 1468 days ago [-]
Yes, and don't forget to shutdown Discord too! They will never be able to use another tool to organize these raids, this is genius. (this is sarcasm, of course)
Yes, shared by the Prime Minister, number and all. What a time to be alive.
That without a doubt all changed many times and somewhat supprised they are using Zoom, and would of thought at least would of contracted to run their own private server connected via VPN. Very supprised and when American politicians all loved their blackberry's, they had their own dedicated servers they controlled access to, supplied by RIM.
But the DOH and all the other government departments are entities unto themselves, and I'm not that up on anything the last couple of decades, but suspect that there isn't any common solution to enable what they need to do for remote working in isolation. I'm sure much will change after this. Also fairly sure GCHQ probably bashing their heads on the table.
But I can see how they got to where they are, knowing aspects of government workings and departmental fencing, still - does kinda make you go WTF still.
I suspect Zoom just happens to be the choice this particular group has settled on. While across government people have been scrabbling to just make something work now that security's previous modus operandi is being trumped by the need to let people work from home.
Government even more than the private sector have been slow to allow for home working. I'm hopeful this will change that.
e.g. https://meet.jit.si/hellozoomhowareyou
Not nearly hard enough. Not even close to hard enough. They need help with that, possibly with heavy machinery.
Core parts of GCHQ might love the potential honey pot. But their offshoot NCSC [1] will be table-flipping big time.
* [1] https://www.ncsc.gov.uk/
Not smacking their heads into the table nearly hard enough. Not even close.
Literally copying the literal Stasi approach to spying (not the rest, just spying) would simultaneously improve the quality of the data and reduce the negative side effects relative to the UK’s Investigatory Powers Act 2016.
The macho pose that comes out everytime someone suggests they should be subject to, you know, the law and behave better than Stalin's henchmen is very worrying.
So who is the politician who will is effective enough to provide true oversight and rein them in when required.
Name that politician. Any party.
Do you see the problem now?
Yes see, this is why almost nobody in the general population takes opinions like yours at all seriously.
If a government anointed any given handful of OS organizations as preferred benefactors of donations, I'd expect grifters to infiltrate those organizations and parasitically siphon off the funds one way or another.
Incentives matter. Government incentives are to be popular, or attract the support of other people who are popular or influential. Being efficient or effective is only a small part of that. I don't know that there's a good solution to the incentive problem.
I’d expect companies like Raytheon, Cerner, Lockheed Martin, Boeing, and HPE/CSC/DXC to win a supermajority of those contracts.
Please check https://joinup.ec.europa.eu/collection/eu-fossa-2/news/how-c...
If the EU wants an open-source conferencing solution they have to do it in-house (whether from scratch or fork an existing solution) and treat it like a business with a clear objective and actual employees (instead of benevolent devs donating their time & effort) including positions which open source projects often deem unnecessary like UI & UX design, and so on.
I think France is also funding/developing Matrix.
There's also EU Public License (EUPL). One notable example of software that uses it is Pi-hole.
One more interesting thing I can think of is Joinup, whose idea is to share solutions between administrations in the EU: https://joinup.ec.europa.eu/
https://support.zoom.us/hc/en-us/articles/201363093-Deployin...
> HIPAA/PIPEDA plans start at $$200 per month per account, which comes with 10 hosts.
https://news.ycombinator.com/item?id=22735746
Apple's FaceTime is not HIPAA compliant because they haven't filed the paperwork.[1]
(Obviously, there are a lot more steps to it than signing a Business Associate agreement, but I would bet FaceTime is probably a little more secure than Zoom)
[0]:https://www.hipaajournal.com/become-hipaa-compliant/
[1]:https://www.hipaajournal.com/facetime-hipaa-compliant/
1. Go to zoom.com 2. Click "Join a meeting" 3. Enter meeting id and click Join 4. Ignore the automatic app download 5. Go back 6. Click "Join a meeting" again 7. Enter meeting id and click Join again 8. Ignore the app download again 9. Click at "If nothing prompts, click here" 10. Click "Join from your browser" 11. Agree to terms of service 12. Enter password and name, click Join
Yes, it actually requires you go back and try again at step 5. What dark pattern?
https://support.microsoft.com/en-us/office/find-and-replace-...
Or do these guys just post this kind of stuff without even running it by their security folks?
To me, this sounds like a security 101 type issue.
The current UK PM is not the type to ask experts about whether it's a good idea, anyway.
https://www.washingtonpost.com/world/europe/boris-johnson-co...
> Johnson, on his doctor’s recommendation, has withdrawn into his chambers for seven days and will forgo all public appearances and in-person group meetings. He will have his food left at the door to his apartment, his aides said.
> “He’s self-isolating in his flat,” said his official spokesman.
Edit, because downvotes: government email addresses can be retrieved easily through public records laws, and is done routinely, and can easily be scraped or inferred. I've done both many, many times, and it's trivial.
I’ve noticed over the years that FaceTime is much more likely than other video chat software to drop the video connection and move to audio only in case the connection is unstable whereas most others will hitch and lag for 30 seconds before looking into it, so maybe they got around it by only shipping the video in one or two resolutions?
How many participants can you have in a FaceTime group call?
I have also noticed that FaceTime drops the video much more often that other software.
Basically it's doable, but if you can prevent people complaining about the fans taking off and the CPU usage... why would you risk it?
(No idea how widespread encoder/decoder support is compared to vanilla h264 though)
[1] https://en.wikipedia.org/wiki/Scalable_Video_Coding
Zoom automatically switches between quality levels based on your connection speed, who's talking and the size of the viewport. 720p would look fairly rough when fullscreened on most non-mobile displays, but it's orders of magnitude more than necessary when viewed as a thumbnail on a mobile device. Making multi-user video work in a mostly seamless fashion is a surprisingly hard problem.
Using a single stream would substantially degrade the experience, which may be a worthwhile tradeoff for high-security environments but certainly wouldn't be a worthwhile tradeoff for most users.
I may be spoiled with a good real 50/10 Mbit connection but for me in 2020 720p is the bare minimum. Expecially when screen sharing.
Ah, the guy at the top left.
Stage 1: This company you probably hadn't heard of before is blowing up / changing the world!
Stage 2 (current stage): Actually it turns out this company has some unexpected problems!
Stage 3: Actually this company is actively contributing to society's One Big Problem!
Stage 4: Actually here is why Zoom actually isn't as bad as everyone thinks!
Stage 5: This OTHER company you probably hadn't heard of before is blowing up / changing the world!
2. Related to the above, I have rarely, if ever, had a problem with Zoom quality.
3. The onboarding for new users (basically just share a link) is dead simple. Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier (of course, with lots of security/privacy issues to boot, but your average Joe isn't aware of those).
4. A smaller factor but perhaps a bigger one for people using Zoom for personal reasons (e.g. teenagers and college kids) are the 'fun' features like virtual backgrounds.
Massive factor here. You can use it and it mostly works extremely well. Much better than almost anything else, including the previously beloved Google Hangouts. In fairness to Microsoft, Teams is probably up there for quality nowadays too, but does lack a good gallery feature.
Compare this with WebEx. I can only assume Cisco are gradually winding it down to EOL because I haven't been on a WebEx call that was anything other than an absolute shitshow since around 2014. Even before this it was really just the best of the worst.
> 3. The onboarding for new users (basically just share a link) is dead simple. Zoom realized that the install process was a significant barrier and did more than anyone else to lower that barrier (of course, with lots of security/privacy issues to boot, but your average Joe isn't aware of those).
Again, agree. Zoom "just works"(TM) for most people, most of the time. And for most people, most of the time, that outweighs any security concerns.
It frustrates me that a certain segment of IT security professionals do not understand this. If you're one of these people, you need to realise that security is necessary but not sufficient. Security is a minimum requirement, but it is not even close to the bare minimum.
Your product actually needs to be good within the context of what users are trying to achieve with it. It needs to do exactly what it's supposed to without drama and fuss. The product is the means, not the end and so, by implication, is the security product.
Human nature is generally to choose things that reduce friction over those that add it, so find a way to build a product that is both secure and gets out of the way.
I really don't get why Jitsi hasn't taken over the world yet, given that it's even simpler: just share the link, and the receiver doesn't even have to install anything.
(Also, doesn't the gallery view exist in every major videoconf platform? I've seen it in at least Jitsi, Whereby and Gotomeeting... And Zoom's browser mode (which is less accessible than Jitsi's) doesn't even support it.)
Yes. By installing a local web server on every users PC, which was prone to remote execution exploits.
They really don’t give a shit about security and actively try to subvert every security measure put in place by browser and OS-vendors.
Why anyone would trust them with anything is beyond me.
Also gallery view + image/whatever recognition = ad tech heaven.
The things that needs to work for a video call is: The network must be reasonably reliable and not overloaded. The camera must be configured and not privacy blocked. The correct recording device must be used, it must be recording (opportunity for both user error and OS issues here). If hardware codes are used (a requirement on lower end devices) it must support low enough bitrates, must have the right options.
Typically all these things are slightly different between different devices and operating systems. It's typically easy to build a proof of concept with great quality and reliable connections between two given devices over a given network. It's super hard to make a product that is reliable enough that millions of users only rarely run into issues.
To be competitive in videoconferencing these days, you need:
* Low latency, so people don't talk over each other
* Video and audio compression that doesn't get confused by dropped packets.
* Setup so easy first-time users won't be late to their video job interview.
* Group calls for 10+ people
* HD quality
* Adaptive bitrates, for users on different speed links
* Skip-free audio even if a user's link goes from uncongested to heavily congested.
* Reliable support for every webcam and USB headset on the market, and hot-plugging them during the call, and changing OS permissions during the call.
* Reliable support for unreliable bluetooth headsets and unreliable bluetooth dongles.
* Echo cancellation that works with every device and room configuration going. Including devices that have their own built-in echo cancellation.
* Audio that's clear even in the presence of background noise, and different people at different distances from the microphone.
* Users behind every type of misconfigured firewall you can imagine.
* Roaming between different Wifi access points, and between wifi and cell data while on a call (including links with no connectivity sometimes)
* Never (or almost never) forcing a user to update their software at the moment they're trying to join an important meeting or job interview.
* Update support (or long-term compatibility) for users who don't have administrator rights.
* Graceful recovery if the user sleeps then resumes their device.
* Screen sharing that retains good readability, even if a user has unwisely made the text on their presentation a bit small.
* Screen sharing of Youtube videos without making them blurry or choppy, even if they're embedded in presentations.
* CPU and battery efficiency.
* Free of charge
* All the above on iOS, Android, Windows, Mac, Linux and WebRTC.
It seems like, in the current use case, this one isn't as important? Institutions would pay for something that does everything else really well. Source: All the paid accounts my institution shelled out for on Zoom in our transition to remote work. So I guess n=1.
But Skype, Discord, Google Hangouts, Facetime and Whatsapp all have a generous free tier. I haven't tried Zoom or Webex but it looks like they do too.
This is not to say it is easy at all, of course; there a thousand things to do to implement it, but I think other fields face similar constraints, like videogame engines and distributed simulations.
"All Skype-to-Skype voice, video, file transfers and instant messages are encrypted"
https://support.skype.com/en/faq/FA31/does-skype-use-encrypt...
https://support.skype.com/en/faq/FA34824/what-are-skype-priv...
The others don't work, are Microsoft UI dumpster fires (Skype), or consume vast amounts of CPU (anything WebRTC for some reason).
There seems to be a law that states that all messenger apps must be bloated slow junk and must accumulate cruft over time until they turn to mush.
Why did no one else crack this issue? Google has some smart people and so does MSFT. Perhaps just lack of caring?
I don't get it.
They're probably not huge revenue drivers (if at all). Why would they be a priority for either of those companies? And I can't imagine they're particularly inspiring projects to work on, which can be a self-reinforcing cycle if the best people don't want to work on them.
They use WebRTC data channels, but nothing else. I'd speculate that this is the reason why they try to push people into using the desktop client.
It is easy
It just works
It works cross platform (why the hell is this such an issue!)
Quality is good
You can record meetings
The Uni tried a different software before Zoom (forgot the name but it started with a K, from a company I never heard of before). And it was VERY GOOD but the video was choppy.
Zoom isn't 10x better, it's just enough though.
Maybe we did something wrong, though, and missed features in Hangouts and Skype. If that is the case I'd be very happy if someone could point it out to me. (Our whole university is using Google Hangouts right now, because our administration doesn't want to pay for additional Zoom subscriptions.)
Cisco didn’t fully understand the opportunity he saw to reduce the amount of friction needed to use most video conferencing (VC) software tools, including the tools by Cisco, which is understandable since Cisco was afraid they might cannibalize sales in their VC hardware business.
Honestly in my experience, there's no real benefit when compared with Skype, Hangouts, or Discord except for the frequently mentioned large 50 person+ video streaming.
known zoom for a while... the "it just works" and "it has better quality" comments are very surprising to me and got me skeptical. are skype, slack, gotomeeting, hangouts, meet, webex, &c. all really crashing on people now? in a huge conspiracy?
things i thought could be the real reason: novelty (for some/most people), popularity (someone online famous/influencer mentioned it), shadow marketing, luck.
but wikipedia told me is actually going on: schools have decided that zoom will be the de-facto remote schooling platform. a bunch of young people appropriated the platform it seems.
hope that helps. the superiority talk is just that. but now they are in a good position to become better than any other video conferencing software.
Sometimes it's call quality, sometimes it's stability, sometimes it's usability, sometimes it's features.
It's astonishing how so much low-quality software gets distributed, but: yes. Hangouts and Slack are a pain to get everyone logged in / invited to. Everything else on your list just breaks a lot.
> but wikipedia told me is actually going on: schools have decided that zoom will be the de-facto remote schooling platform. a bunch of young people appropriated the platform it seems.
That's a non-explanation. Zoom is popular with young people, sure. Why? The same reason it's popular with everyone else, because it works better.
With the lock down, more online classes, more people seeing the Zoom logo?
We switched to Zoom from Skype and Webex simply because it was cheaper.
Fortunately, we have really enlightened people among us who point that out.
Every time.
Normally I'd wave this off as a childish prank, but both the URL and loading screen prominently indicated the name of a major medical school, and the contents of the presentation were proteins and chemical structures. Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
For what it's worth, it likely wasn't targeted. My understanding is that the search space is so short that you can just cycle through it until you find something.
Of course different times require different actions but I think that some challenges remain for the _formal_ part of it.
My sarcasm calibration is a bit off lately, you surely didn't mean this seriously (I mean, you don't really think this won't happen again)?
Either that... or it's a way to get high profile attention to blatant security issues in a commonly used business meeting tool where sometimes sensitive information is shared.
Trolling is gods way of teaching basic opsec to idiots.
However, if we don't secure our systems, what do we expect? If there were no bad-actors in the world, people like tptacek would be out of work. What a glorious world it would be, no need for locked doors, fences, passwords, pin codes and more - but that's not the world we live in.
Instead, we're in a world where Zoom has laughable security for barging into potentially sensitive meetings being conducted by businesses and world leaders[1].
If it takes a few meetings getting trolled for Zoom to finally take action, I'm not going to feel much sympathy. Just be glad trolling is all they're doing right now.
So, while I'm sorry your meeting got trolled, it will just continue to happen until you get mad at the people that made it possible - Zoom.
[1] https://mobile.twitter.com/BorisJohnson/status/1244985949534...
No clue what everyone else is saying.
Seriously, if people can troll, they'll troll. It doesn't matter how offended someone else is.
Make it impossible to troll, and guess what happens? No trolls. It's really that simple.
And with systems that apparently world leaders are conducting business with... It really ought to be impossible to troll!
So while it might feel good to get mad at the trolls, you're misdirecting from the actual problem here:
People can dial into unprotected meetings and listen into sensitive conversations that are assumed to be private!
That's scary. Really scary. And we're pretty darn lucky it's just trolling for laughs so far.
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
Overall I'd say the system works pretty well.
It would be similar to how a credit card number and CCV code are functionally the same as one longer number, except that you don’t go writing the CCV code alongside the credit card number, and that keeps it more secret.
Still not as frictionless as “anyone with the number can join,” but if this continues to be a problem it might be worth doing.
https://support.zoom.us/hc/en-us/articles/360033559832-Meeti...
All in all, Zoom has done a lot of things right, given the extremely challenging competitive environment they're in.
I don't like to join company calls on an anon or personal account but Zoom makes absolutely zero effort to identify who you are and even if you're welcome. Most of the time I drop out and re-join under my corporate account. I cannot force other people to do the same, and their settings UI is insane.
By all accounts, Zoom deserves this intense scrutiny and I hope they take it seriously. All I see them trying to do is get their software on as many machines as possible.
I hope Eric is learning something from this situation and will pay more attention in the future, every business gets those moments, maybe not that publicly.
There isn't even any monetary benefit. Who the heck thinks this is funny?
I know it's largely parts of the 4chan crowd. But who are those boards? Why are the people who go there so nuts?
Do you ever wonder if you've unknowingly met these people in real life? Chances are we all have, right? How do they manage to be so terrible and then go on with their lives?
If you're a long-time Reddit user, you probably already know this, but here goes: He was eventually exposed by a journalist. Surprisingly, he is actually a pretty normal middle-aged man. He worked as a programmer (and was immediately fired when the news aired). He has a disabled wife for whom he is the sole financial support. If I remember correctly, he has adult children, who were aware of what he did on Reddit and had usernames that referenced their relationship with him. Apparently, he used his time on Reddit as a way to relieve stress, or something like that.
I'm not entirely certain what motivates people to act like that online when they're relatively normal offline, but it seems to be a somewhat common occurrence.
Anonymity probably?
I'm a pretty normal dude offline, your average American programmer. On reddit I'm in all socialist/communist subreddits talking about revolution 24/7. Intellectually I agree with intersectional Marxism, but I don't feel comfortable enough to discuss these in real life, and I don't care enough to (or am too lazy to) act upon these ideas in real life. So, when I go to reddit I become "a different person", not because I try to be this person, but the comfort of anonymity allows me to express my ideas easier.
There is trolling-as-prank which is inclusive of others in the forum where it takes place (although it may involve mockery of individuals) and raiding behavior, which is designed to damage the forum itself. The latter is area denial which is meant to gain leverage over a platform and (ideally) to take it over. This originated in rivalries (friendly not-so-friendly) between bulletin- and image-board operators, but has since been weaponized to quasi-political ends.
I mean, in my darker, misanthropic side of my personality I think it would be pretty funny if someone Zoom-bombed my really, REALLY boring monthly electronic Database system update training I have to go to on Thursday morning at 7am for 90 minutes, and like... played videos of puppies or something. But I get a chuckle out of that thought and drink my coffee and pay attention to the training like I always do.
As far as I can tell, somewhere over the last 15 years, people began to confuse "the internet" with "real life". It's important to know that hosting a public space on the internet is not the same as hosting a public space in real life.
I don't think this is even a so terrible example of trolling. A well run AA group could use it as a teachable moment to reinforce their message. It's certainly memorable.
And the people trolling are probably all hanging out on discord, making friends, having the modern equivalent of old-fashioned fun. Just a bunch of bored people seeing what they can get away with to entertain themselves on the internet.
When I was a kid, the neighborhood boys got caught throwing rocks at cars just because they wanted to see what would happen. They also stuck firecrackers in things. Once some teenagers took a baseball bat to every mailbox on the street while hanging out of a car window. Trolling an AA zoom meeting is significantly less bad than any of that.
I would argue that trolling is actually a bit higher-minded than previous generations of trouble-making. When you're restricted to operating only online, outside of physical space, you have to be a bit more clever in your trouble-making. Clever probing of the world to see how it responds is fun, especially with the constraint of "must be done entirely online". It's also largely harmless, because nobody can get physically hurt, and it leads to better safeguards in our online systems.
If you view trolling in that way, I think it's really a sign that our culture is advancing. If a successful troll is possible, it indicates some kind of weakness that needs to be patched. You can't stop the trolls, so you might as well extract what value you can from their work. Also what and how they troll is a sign of the times. The Trump presidency was fairly predictable if you watched the steady increase in what we'd now call "alt-right" ideology on 4chan. As goes /b/, so goes mainstream culture. I guess, in a way, you could say that trolling is a art.
> you have to be a bit more clever in your trouble-making
Or you know, once you're not 14 years old anymore you can reassess your life and decide it's not ok to DDOS hospitals during an epidemic, or call the swat on someone who beat you in a video game.
Trolling AA isn't criminal, it's just stupid. The only impact it's going to have is that AA organizers will learn how to run an online meeting with a little more security.
Who is this 4chan anyway?
https://knowyourmeme.com/memes/the-hacker-known-as-4chan
Yikes.
There are literally people on the internet who claim white supremacy, and that the Earth is flat.
There certainly exists similar scum/ignorant idiots who would find this funny.
The progression is "People start doing a ton of things over an insecure system" -> "trolls start harassing people". This isn't some sort of reaction to anything about Zoom the company or the software.
I would be curious to see an article about why this happened? Is Zoom better than their countless competitors? They all seem pretty similar in my experience so why is it Zoom that is blowing up because of this and not any of the other companies?
But like, if we're being honest, it probably has a lot to do with how easy it is to start a Zoom call and invite people. You can host a 40 minute meeting for free. No one needs to sign up anywhere. It's super easy to install but also works in the browser if you can't install it. Computer on the fritz? You can call in from your phone. And yeah, they've also used some dirty tricks to make it as easy as possible, and some of those measures (like the auto-reinstall thing) were probably unnecessary. But they've clearly focused on being super super easy to start using, and when their moment came they were primed to seize it.
Last weekend my family had a "month's mind mass" in memory of my grandfather who passed a month ago. We were able to get dozens of people, many of them very non-technical, into the call, and we started basically on time. There was no "it doesn't work on my old phone" or "you mean I have to sign up for gmail?" or "whoops I couldn't get in because I signed in with my work email". That's why Zoom is winning the game right now.
And even then the browser interface is hidden behind multiple attempts to make you install and use their client instead.
Zoom is better than the alternatives on most verticals and has good PR. In fact, justified privacy concerns aside, it's hands down the best vid. conference app I've ever used.
I do think WebEx does some things better than Zoom (I like to share 2-3 apps - for Zoom it's 1 at a time or entire desktop) but Zoom has led to better client adoption for us.
I suspect it seems that way because Zoom was already more aggressively seeking media spotlight as a growth startup, and experiencing more rapid growth in terms of multiples because it had a much smaller install base to start with than established competitors. Also, Zoom is the center of it's company’s business whereas Slack and Webex are just part of a large stable for their respective firms.
But I have the feeling that this is difficult in pratice to use for a AA meeting. I'm actually lucky enough to not to have the need to participate to such a meeting, but from what I understand from it, the anonymous part is important, as well as the possibility for newcomers to participate. I doubt for these reasons that AA meeting groups have a list of participant clearly identified, to whom they can send a password protected link, or that they could use such a list to check that people are someone part of the group.
Unfortunately, I'm not sure that this kind of problem can be fixed (technologicaly. On the non-technology side, we could hope for a world without asshole, but that's only a dream)
(probably the wrong thing to write on HN since this place is uh not known for its sense of humor)
Someone sent me a meeting URL and I clicked it, to see if everything was right.
Little did I know that people just get one Zoom URL for ALL of their meetings.
to the people of zoom, thank you for making this time in our life a lot more pleasurable.
I think this comment chain is more suited for reddit, but what the hey
https://en.wikipedia.org/wiki/The_IT_Crowd
It is of course a comedy. The Brits in IT that I've met can compete with anyone on the planet.
Why on earth do you feel like this is an appropriate response to some people joining random zoom meetings?
I must say, this was pretty well done.