I'm surprised they're even allowed to use Zoom for a national cabinet meeting. Wouldn't the Gov have its own video chatting software that is self hosted?
Also interesting about that photo: Five of the 25 have portrait-oriented video feeds. Tbh this may make more sense for this kind of thing (shows more of the person rather than more of the space they're in) but I'm thinking about the hardware—am I correct in inferring that those five are zooming from their mobile? Do high-level UK cabinet ministers not have laptops?
I am out of the loop as to why Zoom is suddenly "blowing up". Even my workplace is using it now. Previously, we were using either Skype, Webex, or Jitsi. What does Zoom offer that the other three doesn't?
...and the even more predictable, dismissive, contrarian response: "Look at how silly and repetitive all the critics are. They always point out problems, haha."
Fortunately, we have really enlightened people among us who point that out.
I attended a PhD defense yesterday that got zoom bombed. They quickly moved it to an actively managed call and the presenter did a fine job of keeping their composure and getting back on track. Now we're circulating guides about how to set up secure rooms and webinars, so I don't anticipate this will happen again.
Normally I'd wave this off as a childish prank, but both the URL and loading screen prominently indicated the name of a major medical school, and the contents of the presentation were proteins and chemical structures. Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
> Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
For what it's worth, it likely wasn't targeted. My understanding is that the search space is so short that you can just cycle through it until you find something.
This happened to a local political debate I was attending. Disturbing to say the least. It's not hard to defend against as a power-user host, but the default case might be better locked down. Maybe this preference should prominent in account setup.
In general PhD defenses are open to public, I mean, in some places it isn't even valid if it wasn't public announced (by a printed paper glued to some wall, for all it's worth) and the access is restricted to the public.
Of course different times require different actions but I think that some challenges remain for the _formal_ part of it.
> Bombing this meeting in particular seems to be in especially bad taste during a pandemic
Either that... or it's a way to get high profile attention to blatant security issues in a commonly used business meeting tool where sometimes sensitive information is shared.
This is a feature not a bug, to make joining meetings frictionless. (And in videoconferencing there's little distinction between meeting ID and password anyways -- they form a single access credential.)
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
You could have a second access code included in the invite but not printed right on the window in screenshots.
It would be similar to how a credit card number and CCV code are functionally the same as one longer number, except that you don’t go writing the CCV code alongside the credit card number, and that keeps it more secret.
Still not as frictionless as “anyone with the number can join,” but if this continues to be a problem it might be worth doing.
I just set up passwords on Zoom rooms for a little room automation project I'm building. There's no drawbacks; you can send out a link that includes the password, so nobody gets left out (no matter how technically challenged). And, someone who "stumbles upon" the room can't just get access.
All in all, Zoom has done a lot of things right, given the extremely challenging competitive environment they're in.
Zoom has open conferences by default. Even if you host one on your business plan, anyone who has the number can dial into it. You could be paying a shitload of money for that, including their 'Zoom Rooms' where they fit out your meeting room with cameras and mics and their special app... and any fuckwit can dial in if they grab the phone number, which is also a US-based one.
I don't like to join company calls on an anon or personal account but Zoom makes absolutely zero effort to identify who you are and even if you're welcome. Most of the time I drop out and re-join under my corporate account. I cannot force other people to do the same, and their settings UI is insane.
By all accounts, Zoom deserves this intense scrutiny and I hope they take it seriously. All I see them trying to do is get their software on as many machines as possible.
I had a quick feedback call set up by a common investor with Eric, Zoom's CEO a few years ago. I remember I pointed out a few of those issues, and his reply was that the only problem he could see with the app was that it wasn't "pretty enough" and it needed new icons.
I hope Eric is learning something from this situation and will pay more attention in the future, every business gets those moments, maybe not that publicly.
It's a pretty low bar for the word 'break'. By the same token you could walk up to a bunch of people in a restaurant and start yelling at them while they're having dinner. That's also not a break. It's just a nuisance and proof that you're a jerk, and if you did it in person you'd likely end up with some dental work.
Except users don't realize that. They think they're sitting in a locked room that nobody else knows about, when in reality they're sitting at a restaurant table and most people just don't care to go bother them.
Zoom lets you require passwords or require the host admit guests in meeting settings. This is the same as anything else you might find on Shodan. Secure defaults hurt mass adoption, and insecure defaults result in this. Zoom is part of one of our oldest industry traditions in this respect.
The fact is that with these meeting/group products, the one that makes it easiest to join is the one that succeeds, because there's always one bozo who can't figure out how to type a password, so there's an incentive towards insecure product behaviors.
Several people in other comments explain that you could have a password protected session, or a session in which users must be waiting in a lobby until someone approves their admission. This seems pretty normal, and I think here Zoom may not be able to do much more.
But I have the feeling that this is difficult in pratice to use for a AA meeting. I'm actually lucky enough to not to have the need to participate to such a meeting, but from what I understand from it, the anonymous part is important, as well as the possibility for newcomers to participate. I doubt for these reasons that AA meeting groups have a list of participant clearly identified, to whom they can send a password protected link, or that they could use such a list to check that people are someone part of the group.
Unfortunately, I'm not sure that this kind of problem can be fixed (technologicaly. On the non-technology side, we could hope for a world without asshole, but that's only a dream)
I'm not really sure this should be called trolling, it's more just harassing/bullying/trespassing. When I think of trolling, at least when it's done well, it's more taking on overly self serious people to get a funny reaction (even if it's obnoxious). It's like a cousin of pranking, it shouldn't be cruel. There can be cruel pranks of course, but that's not the fundamental nature. Like Ken M leaving a really oblivious comments on facebook, or Something Awful forum members joining an online game chatroom as a weird cult ("the path is grey" :D ). Weird, funny, mostly harmless. I mean things like that are obnoxious sometimes but they can be funny and work as satire or social commentary. There's no cleverness to this.
(probably the wrong thing to write on HN since this place is uh not known for its sense of humor)
happened to my elder sister who is a teacher hosting video class due to lockdown in India. Some idiots think it is fun and the worst thing is that they put a video grab of this in their youtube channel - themed disruption or something - to drive traffic - yuck , the state of minds! and those who follow such channel. ( It is reported to local cybercell , but it left my sister who is bit older to all this technology very rattled)
[+] [-] verytrivial|6 years ago|reply
Yes, shared by the Prime Minister, number and all. What a time to be alive.
[+] [-] Thorentis|6 years ago|reply
[+] [-] blahedo|6 years ago|reply
[+] [-] Camas|6 years ago|reply
[+] [-] ehsankia|6 years ago|reply
[+] [-] Traster|6 years ago|reply
[+] [-] softwaredoug|6 years ago|reply
[+] [-] generationP|6 years ago|reply
Ah, the guy at the top left.
[+] [-] bambataa|6 years ago|reply
[+] [-] consultutah|6 years ago|reply
[+] [-] mturmon|6 years ago|reply
[+] [-] tqi|6 years ago|reply
Stage 1: This company you probably hadn't heard of before is blowing up / changing the world!
Stage 2 (current stage): Actually it turns out this company has some unexpected problems!
Stage 3: Actually this company is actively contributing to society's One Big Problem!
Stage 4: Actually here is why Zoom actually isn't as bad as everyone thinks!
Stage 5: This OTHER company you probably hadn't heard of before is blowing up / changing the world!
[+] [-] syockit|6 years ago|reply
[+] [-] vosper|6 years ago|reply
[+] [-] thaumaturgy|6 years ago|reply
Fortunately, we have really enlightened people among us who point that out.
Every time.
[+] [-] Razengan|6 years ago|reply
[+] [-] JKCalhoun|6 years ago|reply
[+] [-] j-wags|6 years ago|reply
Normally I'd wave this off as a childish prank, but both the URL and loading screen prominently indicated the name of a major medical school, and the contents of the presentation were proteins and chemical structures. Bombing this meeting in particular seems to be in especially bad taste during a pandemic.
[+] [-] christianmann|6 years ago|reply
For what it's worth, it likely wasn't targeted. My understanding is that the search space is so short that you can just cycle through it until you find something.
[+] [-] jchrisa|6 years ago|reply
[+] [-] woliveirajr|6 years ago|reply
Of course different times require different actions but I think that some challenges remain for the _formal_ part of it.
[+] [-] roel_v|6 years ago|reply
My sarcasm calibration is a bit off lately, you surely didn't mean this seriously (I mean, you don't really think this won't happen again)?
[+] [-] Alupis|6 years ago|reply
Either that... or it's a way to get high profile attention to blatant security issues in a commonly used business meeting tool where sometimes sensitive information is shared.
[+] [-] crazygringo|6 years ago|reply
To prevent unwanted people from joining, the host simply has to turn on the waiting room feature -- where people who have dialed in have to be explicitly accepted by the host, which can be done individually or en masse.
Overall I'd say the system works pretty well.
[+] [-] wlesieutre|6 years ago|reply
It would be similar to how a credit card number and CCV code are functionally the same as one longer number, except that you don’t go writing the CCV code alongside the credit card number, and that keeps it more secret.
Still not as frictionless as “anyone with the number can join,” but if this continues to be a problem it might be worth doing.
[+] [-] the8472|6 years ago|reply
[+] [-] pjkundert|6 years ago|reply
All in all, Zoom has done a lot of things right, given the extremely challenging competitive environment they're in.
[+] [-] ljm|6 years ago|reply
I don't like to join company calls on an anon or personal account but Zoom makes absolutely zero effort to identify who you are and even if you're welcome. Most of the time I drop out and re-join under my corporate account. I cannot force other people to do the same, and their settings UI is insane.
By all accounts, Zoom deserves this intense scrutiny and I hope they take it seriously. All I see them trying to do is get their software on as many machines as possible.
[+] [-] luckydata|6 years ago|reply
I hope Eric is learning something from this situation and will pay more attention in the future, every business gets those moments, maybe not that publicly.
[+] [-] guessbest|6 years ago|reply
[+] [-] brianpan|6 years ago|reply
[+] [-] jacquesm|6 years ago|reply
[+] [-] DarkWiiPlayer|6 years ago|reply
[+] [-] Wowfunhappy|6 years ago|reply
There isn't even any monetary benefit. Who the heck thinks this is funny?
[+] [-] zionic|6 years ago|reply
[+] [-] lostgame|6 years ago|reply
There are literally people on the internet who claim white supremacy, and that the Earth is flat.
There certainly exists similar scum/ignorant idiots who would find this funny.
[+] [-] wolco|6 years ago|reply
[+] [-] throwaway5752|6 years ago|reply
[+] [-] freepor|6 years ago|reply
[+] [-] mikorym|6 years ago|reply
[+] [-] csunbird|6 years ago|reply
[+] [-] yoda222|6 years ago|reply
But I have the feeling that this is difficult in pratice to use for a AA meeting. I'm actually lucky enough to not to have the need to participate to such a meeting, but from what I understand from it, the anonymous part is important, as well as the possibility for newcomers to participate. I doubt for these reasons that AA meeting groups have a list of participant clearly identified, to whom they can send a password protected link, or that they could use such a list to check that people are someone part of the group.
Unfortunately, I'm not sure that this kind of problem can be fixed (technologicaly. On the non-technology side, we could hope for a world without asshole, but that's only a dream)
[+] [-] kzrdude|6 years ago|reply
[+] [-] overgard|6 years ago|reply
(probably the wrong thing to write on HN since this place is uh not known for its sense of humor)
[+] [-] dewey|6 years ago|reply
[+] [-] k__|6 years ago|reply
Someone sent me a meeting URL and I clicked it, to see if everything was right.
Little did I know that people just get one Zoom URL for ALL of their meetings.
[+] [-] alexcpn|6 years ago|reply
[+] [-] unknown|6 years ago|reply
[deleted]