Securing Internet Videoconferencing Apps: Zoom and Others

The NSA just published a survey of video conferencing apps. So did Mozilla.

Zoom is on the good list, with some caveats. The company has done a lot of work addressing previous security concerns. It still has a bit to go on end-to-end encryption. Matthew Green looked at this. Zoom does offer end-to-end encryption if 1) everyone is using a Zoom app, and not logging in to the meeting using a webpage, and 2) the meeting is not being recorded in the cloud. That's pretty good, but the real worry is where the encryption keys are generated and stored. According to Citizen Lab, the company generates them.

The Zoom transport protocol adds Zoom's own encryption scheme to RTP in an unusual way. By default, all participants' audio and video in a Zoom meeting appears to be encrypted and decrypted with a single AES-128 key shared amongst the participants. The AES key appears to be generated and distributed to the meeting's participants by Zoom servers. Zoom's encryption and decryption use AES in ECB mode, which is well-understood to be a bad idea, because this mode of encryption preserves patterns in the input.

The algorithm part was just fixed:

AES 256-bit GCM encryption: Zoom is upgrading to the AES 256-bit GCM encryption standard, which offers increased protection of your meeting data in transit and resistance against tampering. This provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video Webinar, and Zoom Phone data. Zoom 5.0, which is slated for release within the week, supports GCM encryption, and this standard will take effect once all accounts are enabled with GCM. System-wide account enablement will take place on May 30.

There is nothing in Zoom's latest announcement about key management. So: while the company has done a really good job improving the security and privacy of their platform, there seems to be just one step remaining to fully encrypt the sessions.

The other thing I want Zoom to do is to make the security options necessary to prevent Zoombombing to be made available to users of the free version of that platform. Forcing users to pay for security isn't a viable option right now.

Finally -- I use Zoom all the time. I finished my Harvard class using Zoom; it's the university standard. I am having Inrupt company meetings on Zoom. I am having professional and personal conferences on Zoom. It's what everyone has, and the features are really good.

Posted on April 30, 2020 at 10:24 AM • 32 Comments

Comments

JackApril 30, 2020 11:15 AM

@Bruce - whilst I normally agree with most of your Op-eds, I'm genuinely curious as to how you can reconcile using (or recommending) Zoom considering their multiple, egregious breaches of privacy and mis-selling of encryption to their users?

I thought your previous article, in which you appeared diametrically opposed to Zoom, summed up a great many reasons not to use Zoom.

https://www.schneier.com/blog/archives/2020/04/security_and_pr_1.html

Bruce SchneierApril 30, 2020 11:43 AM

@Jack:

"I thought your previous article, in which you appeared diametrically opposed to Zoom, summed up a great many reasons not to use Zoom."

And yet I never stopped using it.

Basically, all security is trade-offs. I had to use Zoom for my class, because that's what Harvard had as its standard and it works well in a classroom setting. I started using it for personal video calls, because that's what everyone else had. I continue to use it because I like the features, and they are trying to improve their security and privacy.

Putting it another way: I used to use the telephone system a lot more, and their security and privacy is even worse. Again, it's all a trade-off.

I wouldn't run a UK Cabinet meeting over Zoom, though.

Who?April 30, 2020 1:01 PM

@ Bruce Schneier

Basically, all security is trade-offs.

I honestly do not understand this attitude. I have seen it a lot of times in the last two years. People that previously cared about privacy and were proactive taking countermeasures now say "who cares."

A lot of people that, in the past, built their own secure communication services now have moved to gmail, a service that is obviously not only unsecure but also a privacy nightmare not only for they but, and this part is worse, also to anyone security conscious who needs communicate with them.

Indeed, Zoom is a University standard. Another University standards are Windows, OS X, unpatched Linux workstations, lazy network and systems management, unqualified and careless staff, default or too simple passwords, people that only cares about getting the "tools required for their jobs running" and more.

That is fine to me. Anyone has the right to take their decisions (even if plain wrong), but these decisions should not become a standard industry practice only because a big university chooses them.

The world is broken right now. I am not talking about the coronavirus disease, even if it greatly helps on this matter, I am talking at a technical level. Sure, operating systems are broken, people only cares about beautiful desktops, not secure systems, hardware is broken at many levels too and will not be fixed because fixing it will have an impact on performance, our adversaries are not script kitties anymore, now are government agencies and large giant corporations, even AI is playing against us now making the work that previously was being done by human beings. As you say, phones are worse than Zoom. Right, but it does not make Zoom better. It is bad, really bad, but I will NOT say "who cares," because I care [at least yet].

I think on this status quo as a huge chess game; we had been invited (or forced) to play it and I will do my best fighting to preserve human rights on this huge board, like the fundamental right to privacy. I will fight for the right to make Internet a safe place again too, and will try to control the central squares on the board if possible at all. The only way I will stop playing this game will be when encryption is so illegal that I will risk being jailed for using non-backdoored encryption, in which case I will move to other means to communicate and will consider the entire Internet a lost cause. Until then, I will be free to play this game using as good movements as I can to win. And I will certainly do.

No, I will not say "I do not care because all is lost," I will fight as hard as possible. I will change my paradigms as many times as required, from the "completely secure and fully patched bastion host" to the castle's model and, if it fails, to the sewer's model if we need to remain hidden.

I will not say "who cares" because I care and, after all, the game is afoot.

JonKnowsNothingApril 30, 2020 1:57 PM

I was rather stunned to read the main post... Like Jack and others above I really had a hard time "reconciling" the two images of "Security-Cyber-Cryto-Expert" with "Don't-Care-Got-My-Job-Done-Run-With-The-Herd" versions.

What we can see from the broken internet, the broken systems, the broken programs, broken applications that it mirrors the broken social system, broken health-care, broken trade is that we all do what we can under the circumstances but the NHS and MDs and Health and Workers are DEMANDING protections while others seem to not bother with wearing a mask at all.

Actually, I thought the website had been hijacked... maybe even so...

Sok PuppetteApril 30, 2020 2:28 PM

"The good list"? What I think you mean by that is that Zoom met what Mozilla calls its "minimum security standards". Which are indeed extemely minimal.

Look, it's perfectly OK, from a security point of view, to say that you have nothing at risk, so you don't care. Honestly, who gives a damn if somebody listens to in to your Harvard class? How bad is it even if somebody Zoom-bombs your class, or shuts down a session? You have nothing significant at risk. Great, go ahead and use Zoom for that stuff if you must.

It is very different to go from that to defending these people's practices in general, or to suggesting that anybody use them for anything where security really does matter. Which is the practical effect of what you have written.

... and I am REALLY disappointed in you giving brownie points to Zoom for going to GCM.

The only useful information you get from knowing that Zoom switched from ECB to GCM is that Zoom was so incredibly incompetent as to have ever used ECB in the first place. Oh, that plus the information that Zoom is rolling its own crypto protocols, which is another sign of total idiocy.

... plus stuff like just having gotten around to caring about password strength, when anybody who really cared about security would have long ago been trying to eliminate dependence on passwords, period.

Those things BY THEMSELVES are enough to make anybody step away from Zoom. Even if Zoom fixes those particular problems, you still know they're incompetent as an organization. Organizations don't suddenly get much better at the kind of pervasive concern and pervasive quality work you have to do to get decent security. Zoom didn't make one or two mistakes here or there. They screwed up in a bunch of different ways over a long time, and they only did anything about it when their feet were held to the fire.

You can be pretty sure that anything they haven't been publicly shamed for is still going to be garbage.

Also, you know very well that every little detail counts in crypto in particular... and in how crypto is integrated into the surrounding systems.

You are irresponsible in even expressing an opinion about how many "steps" are left to fixing Zoom's crypto, let alone the rest of Zoom's security, if if you don't have total knowledge on the whole damned protocol, especially when the developers have already shown that they are total clueless idiots. You have no basis for any assertion that Zoom has done a "really good job" of anything, other than maybe dodging the most pointed parts of immediate criticisms. You have no way to know that Zoom has in any meaningful way made it any harder to get at the contents of Zoom chats.

It's not that the crypto even matters that much. And it's not that most Zoom users even have anything much to protect. It's that you hold yourself out as a certain type of expert, and part of that is not throwing around loose talk on the subjects where you claim that expertise.

... and for that matter. I don't even know what you mean by saying that their features are "really good". their actually useful features seem to be exactly the same as everybody else's. There may be tiny differences things that don't really matter, but who cares?

Simon April 30, 2020 2:50 PM

Now they just need to fix the RCE zero day (around 500,000€ or so) and update the years old OpenSSL dependency in their application...
Not to forget showing false "system" dialogues on Mac OS or the accidential vulnerability leaving the webcam open for any website...

Shouldn't every university have enough staff to actually install some of the many on premise solutions? April is nearly over (so there was enough time), and I thought a highly respected university like Harvard has enough personal to get those running.

Mohammad NasimApril 30, 2020 4:24 PM

@Bruce, I am just a big fan of you ad your publications. I am realy shocked of your word "Finally -- I use Zoom all the time.", "It's the university standard". Such words may unconsciously tell people to use Zoom, specially, when they got such words from "Bruce Schneier", and when words are about "Harvard University".

Article is saying Zoom is moving toward AES256-GCM. But, will this help given that keys are generated in China? Actually, I would use AES128-ECB if I am going to generate my own DH keys. Yes, ECB is a bad choice, but GCM with remotely generated keys = no encryption at all.

Bruce, your reply to Jack, is accepted only if you are a normal person. The fact that you are a Security-Guru should dictate some conservation on selecting words, because a lot of people are just following you.

Finally, This is my first comment on your blog, but I am following you years ago, and I use encryption algorithms created by you over AES256-GCM (with proper rekeying for blowfish :).

wiredogApril 30, 2020 7:20 PM

People complaining that Zoom isn't good have to answer the question "good for what purpose"? My AA meetings use Zoom (paid version) because it's better for what we need than all the alternatives. It is "secure enough". (My AA homegroup is in the DC area and we have a LOT of techies. You could put together a really good IT shop out of our group.)

So what makes it better? First, ease of use. A solution that requires more than "go to this website" or "install this app" from the non-hosts isn't going to get used. Second, it has to be easy for those non-technical people to use. Third, it has to be cross-platform. Some of our users are on Windows, some on Mac, some on Linux, some on Android, some iPhone/iPad. Some dialing in from a landline. It has to work for all of those users. Finally, running it reasonably securely has to be easy enough to be described in a short email.

So what is "reasonably secure"? We start the meeting with users coming in via the "waiting room" so that their user name can be vetted. If it's something like "suckmycock" they can be brought in with video off and audio muted. (That guy left pretty quickly.) They can watch and listen all they want, they just can't cause any trouble. Chat is one way, host to users, and the users can only text the host. During the meeting everyone who isn't speaking is muted. If someone is obviously drunk, but not disruptive, we let them talk. There are a couple of possible Zoombombers that hit a couple meetings I go to, but if you come on and say "I LOVE BOOZE!" the general reaction is "So do we!" and then we offer you lots of help. So if they were trying to Zoombomb they didn't get the result they expected. For the larger meetings (one runs 400+ on the regular) we will have several co-hosts vetting everyone coming in, and keeping an eye on the people already in. If someone decides to be an ass after they're in they get their video turned off. And the rest of us keep an eye out and notify the host if we see a problem. Recording is disabled for everyone, too.

After the meeting we generally unmute everyone and enable chat for everyone so that people can swap phone numbers, catch up, and just hang out.

For us, the "improvement" where Zoom required a password was a hassle, because now we have to distribute that, too.

Is it "secure" against anyone more determined than your annoying brother or the average script-kiddie? No. But it's good enough.

Tato CullenApril 30, 2020 7:43 PM

I love to see the high level of posts, I also learn from everyone's experiences. I appreciate it.

La AbejaApril 30, 2020 8:04 PM

Zoom's encryption and decryption use AES in ECB mode,

We're having a problem here with the mode of operation of the cipher not being designed for the optimal security at a given cost.

ECB (electronic code book) mode is awful. "The usual" suggestion to use an XOR-based CBC (cipher block chaining) mode is in all honesty not much better, and only offers a two-block amplification.

We need more scrambling, and a greater amplification of plaintext bit-flips in the ciphertext.

The key expansion schedule is inadequate if it is possible to recover the key when both the ciphertext and plaintext are known in situations when side-channel information may be leaked.

The use of stream ciphers rather than block ciphers (similar to djb's chacha or salsa ???) is just one of many possibility that must be considered and weighed.

In cryptography, Galois/Counter Mode (GCM) is a mode of operation for symmetric-key cryptographic block ciphers widely adopted thanks to its performance. GCM throughput rates for state-of-the-art, high-speed communication channels can be achieved with inexpensive hardware resources.

I am still unhappy with djb's "mil-spec" machine-code-level implementations with such an emphasis on raw performance, apparently in total ignorance of the need to defend against "timing" and other "side-channel" attacks.

curmudgeonApril 30, 2020 8:05 PM

Calm down, people. ALL of life is trade-offs, down to physiological
questions such as how many resources can be dedicated to one oragn
of the body (e.g. brain) versus another (e.g. kidneys).

For a 2004 retro-look at how Bruce viewed security trade-offs, see
his (now somewhat outdated) 2004 essay, "Safe Personal Computing":

https://www.schneier.com/blog/archives/2004/12/safe_personal_c.html

In particular, here's the introduction, and a paragraph after a
dozen tips on ways to help keep the risks down somewhat. For
example, while strongly advocating different passwords for each
site that you log in/do business with, low-value targets such as
fast-food outlets don't require extremely strong passwords,
relative to high-value sites such as financial institutions.

-- (Begin excerpt) --

I am regularly asked what average Internet users can do to
ensure their security. My first answer is usually,
"Nothing--you're screwed."

But that's not true, and the reality is more complicated.
You're screwed if you do nothing to protect yourself, but
there are many things you can do to increase your security
on the Internet.

[...]

None of the measures I've described are foolproof. If the
secret police wants to target your data or your
communications, no countermeasure on this list will stop
them. But these precautions are all good network-hygiene
measures, and they'll make you a more difficult target than
the computer next door. And even if you only follow a few
basic measures, you're unlikely to have any problems.

-- (End excerpt) --

Bruce advocates using a personal organiser with a
"Password Safe"-like application, since you should not reuse
passwords. (Short passwords for low-value connections, such
as fast-food web interfaces, are okay, but are not sufficient
for the massive multiprocessing power that can be used to
brute-force passwords of perhaps 12 characters or less.)

When password complexity (length + character set) needs to
be high, try 16 characters, from an extended character set).
Using a password manager is not just recommended, it's
basically required as you cannot expect to remember all the
complex, long passwords.

A password manager means that you only have to memorize one
strong password, and then, when access to the database is
unlocked, look through the list for the credentials
(username/password) for the desired website. Such managers
can generate passwords too, eliminating some cases where you
may put in public information -- e.g. date of birth -- that
makes it easier for adversaries to crack the password.

--

Also, having a "default deny privileges" policy when visiting new
websites is advisable -- "NoScript" was good, but the nearest
(but complicated) add-ons for FireFox are "UBlock Origin" plus
"uMatrix". There are also many, many others, such as EFF's
"Privacy Badger" and "HTTPS Everywhere"; other ones are
"Cookie AutoDelete", "Smart Referer", "Adblock Plus" and
"Ghostery".

Disabling look-up of external images can help to pick up
privacy-tracking one-pixel images (with an outrageously long
serial number as the filename). I use uMatrix to be very
selective about which sites are allowed to load images; this
also helps speed up page loads, and cuts down on bandwidth
usage, a little.

I even go so far as to spike the Name->IP translation of known
malware sites by tailoring (and regularly updating) my
"/etc/hosts" file -- see:

https://winhelp2002.mvps.org/

-- curmudgeon

ÁngelApril 30, 2020 8:17 PM

@tfb You are obviously right in that a system may be good enough for A, yet perfectly suitable for B. As long as you do the proper analysis (and you have all the data, knowledge and time needed for that), there's no problem.

However, you often do not have all those points. Perhaps you do not have the dedication to fully explore all ramifications, maybe simply you were not given the requisites ("we just want a good videoconferencing tool", is that so that employees may be hanging out. or for signing multimillion NDAs?). As such, in case of doubt, going for the most secure alternative is generally a safe bet. Maybe we could have used md5 safely in that application, but why bother just confirming and documenting that for your specific use case it is still safe when you could have used sha256 instead? Choosing the most secure alternative also avoids you from needing to reevaluate everything when a slightly different use case arises.

Then, you also need the end users of the security advice to understand it. Which is hard. Solution X being acceptable for a Harvard dissertation ≠ being acceptable for communicating with your doctor. Again, in general terms: Perhaps you just tell them "I need the same prescription as usual", he replies "Sure, please come to pick it up from 9 to 5", and you both avoid leaking to a presumed snooping party anything you would deem relevant, such as your actual illness (it also requires careful management by the parties to avoid a catastrophic failure).

We can have a look to how Bruce uses Zoom. I don't think it'd be problematic that he gives his Harvard class using Zoom. I don't know what's the Harvard policy for class attendance (could I pass by there and just attend one Schneier class, without being an enrolled student?), but the contents aren't really "private". Many people will receive them. Bruce will be paid anyway. The only that may not like that approach could be Harvard accountants, who may think they could have obtained some extra tuition fees from those non-paying attendees. Yet, as they set Zoom as the "University standard", Harvard presumably analyzed the trade off of using that software vs some alternatives and reached the conclusion it was more beneficial to go for Zoom (e.g. there may be a more secure solution, but it would cost more than those fees missed). Actually, they probably didn't, but they should have done it. And it's up to them to change such policy anytime.

Is any use on Harvard fine, then? Probably not. While I wouldn't generally describe the contents of a class as 'confidential', we may have a set of teachers meeting virtually via Zoom -each on their own home- to design the exam questions, or grade certain assignments. You wouldn't want that to be spied. OTOH, perhaps Harvard uses an on-premise Zoom server, and those teachers were connected to the academic network using a VPN tunnel. With those countermeasures applied it could be considered secure.

You might make a similar argument for business conferences, albeit they are probably in average more sensitive, and involve third parties not connected to a local VPN.

I'd be more wary about personal conferences. It'd depend on how personal you want to go, probably. And how much you value privacy. I would avoid sharing even in private circles some things that certain people happily publish on twitter/facebook. The pervasive point is the "It's what everyone has" argument. The old, social problem of needing keep everyone using the same closed garden that ties the customer to a 'bad' solution.

The point I am more skeptical about though, is that it is really ubiquitous at this point. I can accept it has good platform support, and many people may have installed it for meeting with other people, but as there are competing solutions out there that need absolutely no local client, installing a local Zoom would require more effort.

DaveApril 30, 2020 8:47 PM

>AES 256-bit GCM encryption: Zoom is upgrading to the AES 256-bit GCM
>encryption standard, which offers increased protection of your meeting
>data in transit and resistance against tampering.

And to make things easier for their developers, they set the IV to zero. Which means that the result is only slightly better than no encryption at all.

NB: I have no idea whether they do this or not, but given their other crypto fail it wouldn't surprise me, and since GCM is an incredibly brittle mode the result is a catastrophic failure of security. That's the thing with old modes like ECB, it doesn't hide patterns - of which there won't be any in a compressed video/audio feed anyway - but you can abuse it any way you want and it's still encrypted. With GCM if you get something wrong then you get a total failure of both the encryption and authentication mechanisms.

Mark ReevesApril 30, 2020 9:00 PM

> but as there are competing solutions out there that need absolutely no local client, installing a local Zoom would require more effort.

This. It was poorly-built software with vulnerabilities and now it's ubiquitous because those who were less discerning bought into it. I don't want to install junk on my computer under the duress of a looming meeting. And there are plenty of solid, viable options that work in a web browser without compromising my computer's OS.

DaveApril 30, 2020 9:59 PM

@tfb: Wish there was a way of upmodding on this blog. It's definitely binary thinking, security has to be perfect or not at all, which for most people ends up being "not at all". In my case I've been using Zoom a lot because... oh, approximately 100% of the family members and elderly relatives I use it to communicate with would never be able to set up Skype or Signal or whatever, and I really don't care if someone may or may not be able to monitor my 80-year-old aunt who's been in self-isolation for close to two months now telling me about what her cat is doing. It's good enough for most people but, far more importantly, it's usable by almost everyone.

As an aside, since I have a background in psychology alongside security, it's interesting seeing, yet again, this binary thinking at work. I've written about this in the past but every now and again I get reminded of it at work, for example in the reactions to Bruce's post. Pity the contributors are self-selecting so we don't know what percentage of people overall have this binary thinking mode.

DaveApril 30, 2020 10:10 PM

@tfb: Do you have a source for that Eric Naggum comment? I'm trying to find it so I can reference it but not having much luck.

Tricky BalanceMay 1, 2020 1:06 AM

It's a balance and sometimes down to the lowest-common-denominator/platform. As @Clive would put it (can't recall the origin of the quote), basically the safest choice is to not play.

Tinted glasses on, we would nudge everyone onto open source systems down to the hardware level, privacy by default, and to communicate only using these options. This doesn't work due to consumer choice, apathy, and parties interested in maintaining the status-quo.

So we must play with what we have, taking as many precautions your budget and sanity will let you apply, and realise that applying "too much" protection (see how PGP took off for email...) can make communications more difficult or impossible for other participants.

At times we are pushed towards alternative methods which might be imposed (eg; by companies) or for convenience. When the only options on the table are to work over Zoom or not take a paycheck, your stomach quickly puts you back on the well-worn path.

BigBlueButtonFanMay 1, 2020 4:49 AM

Bruce, you should try https://ensemble-bbb.scaleway.com/
Computers located in France or Netherlands. Open Source Software. No need to download an app. If you need several webcam simultaneously, avoid old versions of Firefox. Update Firefox, or use Chromium, Safari, ...

https://www.scaleway.com/fr/pressroom/ensemble-bigbluebutton-en-solidarite-contre-le-covid-19/ says
"Scaleway s’appuie sur 4 datacenters situés en France et un datacenter situé aux Pays-Bas."
Techical details of software on https://blog.scaleway.com/2020/building-bigbluebutton-solution-powered-by-scaleway/

Who?May 1, 2020 7:43 AM

I am sorry if my words sounded too harsh, but I have seen too many people dropping its privacy just because "there does not exist a perfect protection against state actors."

We do not want a perfectly secure infrastructure, just a reasonably secure one. Indeed, as @tfb says I have a "one-bit brain." I want the most secure platform I can build ever, even if just to avoid recalibrating it later to match my future needs.

A very simple, but reasonably secure, chat platform would be the old Internet Citizen's Band (ICB) protocol running on the loopback interface—and only that interface—of an OpenBSD server. To connect to that service users may establish a SSH tunnel ("ssh -L 7326:localhost:7326 server") from their own workstations and use their own IRC clients (e.g. IRSSI or HexChat).

If you want to run your own videoconference system you can build it using Jitsi Meet on your own web server, and protecting it behind a VPN in case HTTPS is not enough for your needs. Never built one, but it may work.

Just, please, do not drop privacy just because it looks a too asymmetric war against true giants like Google, Faceboook or governments. As other rights privacy is very easy to lose, and very difficult to recover.

Who?May 1, 2020 7:57 AM

@ Tricky Balance

It's a balance and sometimes down to the lowest-common-denominator/platform. As @Clive would put it (can't recall the origin of the quote), basically the safest choice is to not play.

It is a cite from the 1983 film WarGames, and one of the games included in the OpenBSD base system too:

hsm$ wargames
Would you like to play a game? no
A strange game.
The only winning move is not to play.

It refers to tic-tac-toe, I want to think on our status quo as a chess game instead. Difficult, but playable.

Who?May 1, 2020 8:07 AM

@Dave

Ah, found it, it's "one-bit people" not "one-bit brain"

I am, mostly, my brain so it is the same to me. Binary to the extreme!

I agree, some flexibility would be nice, but I know I am not so clever as to decide how much I would be ready to trade off. I prefer being as secure as possible, just in case I need that protection layer in the future.

tfbMay 1, 2020 9:51 AM

@Dave: thank you for finding it! I had remembered it from being there at the time, and then more recently spent some time searching through the Erik Naggum / CLL archive for it but not been able to find it because my memory had turned 'person' into 'brain' and I was not clever enough to search for 'one-bit' on its own (or it turned up too many hits, or something). Anyway, now I can note down the reference.

One thing that I think is important to understand is that one-bit thinking can kill people. There is a famous example (well, famous to people interested in early 20th century naval history which, perhaps, is not everyone) where it was suggested, before the great war, that capital ships (and, in view of what happened later, particularly battlecruisers) should have arrangements for allowing their magazines to vent in the event of an explosion: if the magazine could vent to the atmosphere (by blowing out some intentionally weakened area of the ship) then a magazine explosion might not destroy the ship. The response was (and I will be misquoting this) that such venting arrangements were not needed because 'it is not the intention that enemy shells should penetrate to the magazines of his majesty's ships'. Well, we all know what happened at Jutland, and later to the Hood: it turns out that either shells or flash from hits on turrets does indeed sometimes penetrate the magazines of his majesty's ships, and almost everyone on them dies as a result because the magazines do not vent.

The world is made of continuously-varying quantities: one-bit thinking is a very serious problem when thinking about it.

tfbMay 1, 2020 10:13 AM

@Dave

There's in fact another good naval example of, well, not one-bit thinking, but how thinking about this problem can help. I should have added it to the previous comment. Sorry this is kind off-topic now.

The traditional design of armoured ships before and during the great war would have various thicknesses of armour: you would armour the vital parts of the ship with the thickest armour you could afford, and then use progressively thinner armour on less-vital parts (and of course you would often get it wrong in various ways).

At some point some very clever person in the US had a brilliant idea: the problem with thinner armour was that if a heavy shell hit it it would penetrate the thin armour and then detonate, with bad results: the thinner armour wasn't actually helping very much. Instead, they devised an all-or-nothing ('one-bit' in a sense) approach: you either armour the ship with armour thick enough to keep out the heaviest shells you can, or you make it out of tinplate. If a heavy shell hits the armoured parts it detonates outside the armour and you're OK; if it hits the tinplate it just goes right through without even noticing, does not detonate at all, and you're OK. And by not having any of the weedy thin armour you had more weight to spend on the thick armour, which meant you could protect the ship better. A good, very visible example of this was the cage masts that US ships had: these were designed to be so light that shells would pass right through them.

It was a brilliant idea, I think. Sadly US ships were not really involved in fleet actions in the great war, and by the second war the era of the armoured ship was really over: aircraft made them absurdly vulnerable.

wiredog May 1, 2020 2:51 PM

“ A very simple, but reasonably secure, chat platform would be the old Internet Citizen's Band (ICB) protocol running on the loopback interface—and only that interface—of an OpenBSD server. To connect to that service users may establish a SSH tunnel ("ssh -L 7326:localhost:7326 server") from their own workstations and use their own IRC clients (e.g. IRSSI or HexChat).”

I have visions of trying to get 100 people on at least 5 different platforms, none of whom have ever even heard of SSH, to get that running. Oh, and the key exchange is going to be fun, too. Yeah. A system that is too difficult for an average person to use is, well, I guess it’s secure, but it’s definitely going to be replaced by something much simpler to use. Like Zoom.

Clive RobinsonMay 1, 2020 5:17 PM

@ tfb,

One thing that I think is important to understand is that one-bit thinking can kill people.

In the UK the example I've seen most often with visceral clarity that few could miss is the "boot full on" driver.

That is their foot is "pedal to the metal" be it the accelerator/gas pedal or the brake...

Sometimes when I see them I am reminded of the observation that there should be an 18inch razor sharp spike in the middle of the driving wheel...

I've been told at social gatherings that it's not realy their fault because they are "hyper alert exhibitonists". Who can not function at any lower level of arousal, but importantly we need such people "to move society along"...

Let's just say being more on the introverted side of things and knowing just how bad a driver I actually am, I chose to nod politely and "find a cheese plant to talk to".

It's also why I tend to use public transport, but even then I've still been hurt by such huper aroused nut bars.

I'd just got on a bus and was looking to find a seat... However certain people were blocking the disabled seats (I use crutches due to muscleskeletal issues).

So this hyper aroused nut bar flew out of a side turning and the bus driver slamed the breaks on... I went flying down the length of the bus and smashed my head into the front of the bus... That was over six months of pain I could have done without...

DaveMay 2, 2020 2:28 AM

@tfb: Definitely getting off-topic here but I don't know if military thinking can be thought of as 1-bit, see for example the thinking with the Brialmont fortresses vs. the size of German guns, the largest-calibre artillery piece that could be moved was 210mm so they weren't designed to deal with anything larger, which was sensible at the time but really just drew a line in the sand telling attackers they needed to figure out how to make something over 210mm portable. Black-and-white thinking seems to be more common in the computer security industry for some reason, possibly because there's often little to no feedback about measures taken, so you can be as opinionated as you want about security without ever getting any feedback on whether your pet measures have helped or not. Even the security industry in general, so physical security, is based heavily on empirical evidence, risk management, and appropriate tradeoffs, while computer security seems to be built around geeks pushing their pet projects and opinions.

steveMay 15, 2020 2:35 PM

I read recently on another blog that Zoom was on the NSA-accepted list. Which goes along with watching a virtual committee meeting on CSPAN recently that had the Zoom label down in a corner.

But the feature I find totally unacceptable with Zoom, is the extracting from the video and audio streams the content, and using it to generate out-of-context ad copy unrelated to the actual streamers involved.

JulieMay 15, 2020 2:44 PM

Shady encryption aside, I can't get past the initial invite without big red flags. This is the invite I received in plain text in an email to a Zoom meeting:

Join Zoom Meeting
https://us04web.zoom.us/j/784973261?pwd=cVl0aS9YTnV0kvRGl4K0xsU0d

Meeting ID: 744 9774 3541
Password: 5XsKns


The ONLY reason I continued was the fact that I was a few drinks in on a remote happy hour with my bff and my caring was a little compromised. The morning after, I scrubbed the app from my system. Curiosity quenched. There was nothing special about the video chat itself. I won't be using it again. Anything that sends me a password in plain text via email gets the boot right away.

Bruce, if you had said, the only way I can access my course at Harvard is to compromise MY security standards, and I reluctantly choose to do so but I strongly recommend you weigh your own pros and cons before using this software, instead of it's what everybody uses, I would have mass respect.

This imposed quarantine/isolation is exposing so many security failures, it's mind-boggling. My tech heavy state's (Washington) governor tweeted and sent people to a website that was not using SSL/TLS (!!) On this page was a long list of emails to send personal data to to apply for federal assistance for small businesses. I passed. It'll be a cold day in hell when I send my #SS via email. This is what the (properly secured) web is for.

As Mom always said, if everyone is jumping off a cliff/eating Tide Pods, would you follow?

You know... there was a time when Flash™ was an industry standard. Nuff said.

ConcernedMay 25, 2020 1:08 PM

Other reasons not to use Zoom (adding to the good points others have made).

It's true that for some use-cases privacy is not an issue (e.g. a university lecture might as well be a public stream, possibly with a recording available later).

1: If people use a service or app for non-private communications, they'll form a habit of using it and will be more likely to use it for conversations where privacy does matter (especially where an app is concerned: people can only install and cope with a certain number).

2: If a secure system is only used for privacy-critical comms, then those comms (and the people using the secure channels) will stand out as unusual, for special attention by attackers.

3: Using a widely-used poor-security system helps reinforce its ubiquity. That makes the "everyone else is using it" argument more powerful. By using the bad service, you worsen the problem.

4: A lot of these uses are associated with payments to the Zoom company, rather than payments to help improve and popularise (let's say) the Jitsi software and services.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Sidebar photo of Bruce Schneier by Joe MacInnis.