Since ZOOM video conferencing vendors reported safety issues, they have also shocked global video conferencing vendors and users. Due to the spread of the New Coronary Pneumonia epidemic in many countries around the world, the daily work of many enterprises has been affected, and a large number of employees have to start remote work Thanks to this, a Zoom video conferencing software soared during the outbreak. However, the software has recently been criticized for security issues, and many companies, including Google, Tesla, Rocket, and New York City schools, have banned employees from using the software.
自从ZOOM视频会议厂商报出安全问题,也是震惊了全球的视频会议厂商和使用者,由于新冠肺炎疫情在世界多国蔓延,不少企业的日常工作受到了影响,大量员工不得不开始远程办公,得益于此,一Zoom的视频会议软件在疫情期间用户数飞涨。然而,近日该软件因安全问题受到抨击,包括谷歌、特斯 拉、火箭公司、纽约市的学校在内的多家公司已禁止员工使用该软件。
Due to public health incidents, Zoom Video Communications (ZM) was a success. Many companies scramble to let employees work from home, and school courses are moved online. Video conferencing is a key part of these settings, and Zoom is attractive because it is free and easy to use. With the rapid increase of users, ZM's stock has also succeeded, becoming one of the most worth buying stocks.
由于公共卫生事件出现,Zoom视频通信公司(ZM)获得了成功。许多公司争相让员工在家工作,而学校的课程则搬到了网上。视频会议是这些设置的关键组成部分,而Zoom之所以吸引人,是因为它免费且易于使用。随着用户的迅速增加,ZM的股票也获得了成功,成为最值得购买的股票之一。
Although the valuation of most companies fell sharply in 2020, the situation at Zoom was the opposite. On March 23, ZM closed at $ 159.56, a 135% increase from the same period in 2020. However, it was then that the wheels of the car fell off. This rapid and widespread adoption exposes serious security flaws. It turns out that these Zoom video calls are not end-to-end encrypted, users' emails and photos are leaked, and random strangers are "Zoombombing" video conferences.
虽然多数公司的估值在2020年大幅下跌,但Zoom公司的情况正好相反。3月23日,ZM收于159.56美元,较2020年同期大幅上涨135%。然而,就在那时,汽车的轮子掉了下来。这种快速、广泛的采用暴露了严重的安全缺陷。事实证明,这些Zoom视频通话没有端到端的加密,用户的电子邮件和照片被泄露,随机的陌生人是“ Zoombombing”视频会议。
During the security fix, Zoom has locked feature development for 90 days, but it has caused damage to Zoom ’s stock, which is now trading at around $ 116. Now, people are looking for alternatives that provide a safer experience.
在进行安全修复期间,Zoom 已经将功能开发锁定了90天,但是对 Zoom 的股票造成了损害,该股票现在的交易价格在116美元左右。现在,人们正在寻找能提供更安全体验的替代品。
First I have to say, I understand why Zoom is so popular during the outbreak. The company makes its applications free and extremely easy to use; in technical terms, we refer to this as "unimpeded" design.
首先我得说,我明白为什么Zoom在疫情期间如此受欢迎。该公司将其应用程序设为免费,而且极其易于使用;在技术术语中,我们管这个叫“无阻”设计。
Many of us use Zoom for free, although it also has a paid product. Being able to meet and talk with relatives and friends is a life-saving straw for many of us. But in the past year, I have been vigilant about this application. During that period, Zoom had many privacy risks, and the frequency was so high that it was like playing a gopher.
我们之中的许多人在免费使用Zoom,尽管它也有一个付费的产品。能与亲戚朋友见面并交谈,对于我们很多人来说,它简直就是救命的稻草。但是过去一年,我一直对这个应用程序保持警惕。在那段时期,Zoom曾出现过多次隐私隐患,频率之高,简直犹如打地鼠一般。
The missteps included a weakness that would have allowed malware to attach to Zoom and hijack our web cameras. The issues with basic security practices culminated with “Zoombombing,” in which trolls crashed people’s video meetings and bombarded them with inappropriate material like pornography.
隐患包括一个可能导致恶意软件附着到Zoom上并劫持摄像头的漏洞。基本安全措施问题的高峰是“Zoom轰炸”(Zoombombing)的出现,捣乱者闯入人们的视频会议,不断用色情等不良内容轰炸他们。
On April 9th, Beijing time, in a YouTube live broadcast on Wednesday, Zoom CEO Yuan Zheng apologized to users for a series of security vulnerabilities that recently affected the Zoom application. In a live broadcast of more than two hours, Yuan Zheng introduced Zoom's latest privacy update and promised to take any issues seriously.
北京时间4月9日,在周三的YouTube直播中,Zoom首席执行官袁征就最近影响Zoom应用的一系列安全漏洞向用户致歉。在两个多小时的直播中,袁征介绍了Zoom最近的隐私更新,并承诺将严肃对待任何问题。
Previously, Zoom exposed major security vulnerabilities. According to foreign media reports, Patrick Jackson, a former NSA researcher, found that under the default naming rules, he only searched more than 15,000 videos from the Zoom platform in the open cloud storage space at a time through a free search engine. The content includes chat content, medical industry treatment programs, training, participants' names and phone numbers, financial statements, and other private content that is quite private.
此前,Zoom曝出重大安全漏洞。据外媒报道,前NSA研究员PatrickJackson发现,在默认命名规则下,他仅通过免费的搜索引擎就在开放的云存储空间中一次性搜索到15,000多个来自Zoom平台的视频。内容包括聊天内容、医疗行业的治疗方案、培训、参会人员的名字和电话号码、财务报表等颇为私密性的隐私内容。
If there is something déjà vu about all of this, you aren’t wrong. That’s because we find ourselves dealing with the same situation over and over again, focusing on the convenience of easy-to-use tech products over issues like data security and privacy.
如果所有这些让你有似曾相识感觉的话,你的感觉没错。那是因为我们一次又一次地处理着相同的情况,专注于科技产品在使用上的便利性,而忽视数据安全和隐私等问题。
The onus is certainly on Zoom, not us, to fix the privacy and security problems of its app. But we can put pressure on Zoom by not accepting the situation. If you do use Zoom, do so with caution and strong security settings. More on this later.
解决应用程序的隐私和安全问题肯定是Zoom的责任,而不是我们的责任。但是我们可以对Zoom施加压力,拒绝接受这种情况。如果你的确需要使用Zoom,请谨慎使用并将安全性设置提高。稍后再详细介绍。
Let’s first take a closer look at why Zoom has been under the microscope. The issues boil down to two main things: its privacy policy and the architecture of its security.
首先,让我们仔细研究一下,为什么Zoom一直被遭到仔细审查。问题主要归结为两点:隐私政策和安全架构。
Zoom’s privacy policy
Zoom的隐私政策
Zoom recently announced that it had revised its privacy policy to be clearer and more transparent. In it, the company emphasized that it does not and has never sold people’s personal data, and has no plans to.
Zoom最近宣布已经修改了隐私政策,使其更加清晰和透明。公司在声明中强调,无论过去、现在还是将来,都不会出售人们的个人数据。
But the policy does not address whether Zoom shares data with third parties, as companies such as Apple and Cisco explicitly state in their privacy policies.
但该政策并未涉及Zoom是否与第三方共享数据,苹果(Apple)和思科(Cisco)等公司在其隐私政策中都明确指出了这一点。
This is a notable omission. Tech companies can monetize user data in many ways without directly selling it, including by sharing it with other companies that mine the information for insights, according to research published by the M.I.T. Sloan School of Management. In some cases, tools to collect data from users are “rented” to third parties. Such practices would technically make it true that your personal data was not “sold,” but a company would still make money from your data.
这一缺失值得注意。麻省理工学院斯隆管理学院(M.I.T. Sloan School of Management)发表的研究报告显示,科技公司无需直接出售也可以通过多种方式将用户数据货币化,包括与其他挖掘用户信息以获取深入知识的公司共享数据。在某些情况下,收集用户数据的工具被“租借”给第三方。这种做法在技术上可以使你的个人数据不被“出售”,但公司仍然可以用你的数据赚钱。
Lynn Haaland, Zoom’s global risk and compliance officer, said the company does not anonymize or aggregate user data or rent it out in exchange for money.
Zoom的全球风险和合规负责人林恩·哈兰德(Lynn Haaland)表示,公司不会匿名或汇总用户数据,也不会出租数据赚钱。
So why is this not addressed in the privacy policy?
那么,为什么隐私政策中没有提到这一点呢?
“We try to be clear here about what we do do with the data,” Ms. Haaland said about the updated policy. “Sometimes when you try to list all the things you don’t do with data, if you leave one out, then people say, ‘Oh, well, you must be doing that.’"
“我们试图在这里澄清我们确实如何处理这些数据,”哈兰德在谈到新政策时说。“有时候,当你试图列出所有和数据无关的事情时,如果漏掉了一件,人们会说,‘哦,好吧,你一定是在这么做。’”
Zoom's security flaws
Zoom的安全缺陷
While Zoom has worked furiously to plug the security holes that have emerged in the last few weeks, its products for Windows and Mac computers have weaker security by design.
虽然Zoom公司一直在努力修补过去几周出现的安全漏洞,但其针对Windows和Mac电脑的产品在安全上较弱是有意而为。
That is largely because the company opted not to provide its app through Apple’s official Mac app store or the Microsoft Windows app store. Instead, consumers download it directly from the web. In this way, Zoom’s software avoids living in a so-called sandboxed environment, which would have restricted its access to Apple and Microsoft operating systems.
这主要是因为公司选择不通过苹果官方的Mac应用商店或微软的Windows应用商店提供其应用程序,而是由消费者直接从网上下载。通过这种方式,Zoom公司的软件避免了限制其访问苹果和微软操作系统的所谓沙箱环境。
As a result, Zoom is able to gain access to deeper parts of the operating systems and their web browsers. That is largely what makes Zoom sessions so simple to join.
这样一来,Zoom就能够访问两种操作系统及其网络浏览器的更深层部分。这在很大程度上使得Zoom会话非常容易加入。
By choosing to circumvent safer methods for installing its app, Zoom has opted for weaker security architecture, said Sinan Eren, chief executive of Fyde, an app security firm.
应用安全公司Fyde首席执行官斯南·埃伦(Sinan Eren)表示,通过绕过更安全的安装方法,Zoom公司选择了较弱的安全架构。
“They want to make the installation process a lot easier and streamlined, but at the same time they want deeper hooks into the operating system so they can collect more things,” he said. “That also exposes us to potential vulnerabilities.”
“他们想让安装过程更简单流畅,但同时他们想让软件进入到操作系统的更深层次,这样他们就能收集更多东西,”他说。“这也让我们受到它潜在弱点的影响。”
Zoom declined to comment on its security architecture.
Zoom拒绝就其安全架构置评。
So what to do? In these difficult times, many of us have no better option than to use Zoom. So here are some steps to keep in mind.
那么,该怎么做呢?在困难时期,我们中的许多人没有比Zoom更好的选项。这里有一些步骤要记住。
• Use Zoom with caution. In general, it’s safer to use Zoom on a mobile device, like an iPad or an Android phone, than on a Mac or Windows PC. Mobile apps operate in a more restricted environment with limited access to your data. In addition, apps served through the App Store or Play store undergo a review process by Apple and Google that include an inspection for security vulnerabilities.
• 使用Zoom时,保持警惕。总的来说,在平板电脑或安卓手机等移动设备上使用Zoom比在Mac或Windows电脑上使用更安全。移动应用在一个更严格的环境下运行,对数据的访问也受到限制。此外,通过App Store或Play应用商店上架的应用程序必须接受苹果和谷歌的审核,其中包括对安全漏洞的检查。
• Also, be sure to turn on Zoom security settings, like meeting passwords, to prevent unwanted guests from Zoombombing your sessions.
• 另外,一定要打开Zoom的安全设置,如会议密码,以防止不速之客突然“轰炸“您的会议。
• Last but not least, be mindful of what it means to tell others to use a product with weak data security. Try to avoid using it for sensitive matters, like work meetings that discuss trade secrets.
• 最后但同样重要的是,要了解告诉别人使用一款数据安全系数低的产品意味着什么。尽量避免用它谈论敏感议题,比如召开讨论商业机密的工作会议。
Global video conferencing systems such as: Huawei, ZTE, Polycom, Cisco, Skype, Google, Tencent, ClickMeeting, GoToMeeting, Dingding, Feishu, Haoshitong, Xiaoyu Yilian, Yealink, etc. The mature application of technology, the rapid growth of cloud video conferencing, whether it is awake, and further optimization and improvement of user safety and privacy issues.
全球视频会议系统如:华为、中兴、宝利通、思科、Skype、Google、腾讯、ClickMeeting、GoToMeeting、钉钉、飞书、好视通、小鱼易连、亿联等等众多厂商,随着云计算技术的成熟应用,云视频会议快速成长,是否惊醒,对于用户的使用安全及隐私问题进一步优化提升。
-END-