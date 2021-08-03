



Zoom’s end-to-end encryption expansion / technology preview. It became available months after Zoom was found to lie to users about how to encrypt video calls.

Zoom has agreed to pay $ 85 million to resolve the allegations that it lied about providing end-to-end encryption and provided user data to Facebook and Google without user consent. The settlement between Zoom and the filers of the class proceedings also covers the security issues that led to the rampant “Zombombing.”

The proposed settlement typically gave Zoom users $ 15 or $ 25, respectively, and was filed in the Federal District Court for the Northern District of California on Saturday. Nine months after Zoom agreed to improve security and “prohibit misrepresentation of privacy and security” in a settlement with the Federal Trade Commission, the FTC settlement includes compensation for users. It wasn’t.

As I wrote in November, FTC has Zoom’s June 2016 and July 2017 HIPAA Compliance Guide, January 2019 White Paper, April 2017 Blog Post, and Customers and Potential Customers. Inquiries from. In fact, “Zoom did not provide end-to-end encryption for Zoom Meetings that took place outside of Zoom’s” Connector “product (hosted on the customer’s own server). This is because Zoom’s servers, including those in China, maintain the encryption key. Zoom will be able to access the content of the customer’s Zoom meeting. ” In actual end-to-end encryption, only the user has access to the keys needed to decrypt the content.

The new class action settlement applies to Zoom users nationwide, regardless of whether they use Zoom for free or for a fee. If the settlement is approved by the court, “Class members who have paid for their account are eligible to receive 15% of the amount paid to Zoom for their core Zoom Meetings subscription during that period. [March 30, 2016, to July 30, 2021] The settlement states that “the larger of $ 25”, “members of the class who are not eligible to file a paid subscription claim may be charged $ 15. These amounts are the billed amount. It may be adjusted up or down proportionally, depending on the amount of fees and expense incentives, payment of services to class representatives, taxes and tax costs, and payment management costs. “

Class attorneys receive up to $ 85 million in attorney fees up to 25% and up to $ 200,000 in attorney fees for reimbursement. About 12 plaintiffs are seeking approval for a $ 5,000 payment each. A hearing on the plaintiffs’ motion for preliminary approval of the settlement is scheduled for October 21, 2021.

In addition to payments, the settlement “agrees with more than 12 major changes to its practices designed to improve meeting security, enhance privacy disclosure and protect consumer data.” rice field.

With the pandemic boosting the video conferencing business, Zoom more than quadrupled its annual revenue from $ 622.7 million to $ 2.7 billion in the 12 months to January 31, 2021. Previous year. Zoom is moving at an even better pace this year, with first-quarter (February-April) revenues of $ 956.2 million and net profit of $ 227.5 million.

advertisement

Zoom cannot redefine end-to-end encryption

The amended class action complaint filed in May 2021 stated that “the encryption key for each meeting is Zoom’s, not the client device,” despite Zoom’s false promise of end-to-end (E2E) encryption. It is generated by the server. “

It continued:

The connection between the Zoom app and the Zoom server running on the user’s computer or phone is encrypted in the same way that the connection between the web browser and the website is encrypted. This is called transport encryption and differs from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of the Zoom conference. In zoom conferences using this encryption technology, video and audio content will be private to anyone spying on Wi-Fi, but from the company, or perhaps the company will voluntarily share access. It will be private to those who are. Law (eg, at the request of law enforcement agencies) or involuntary (eg, hackers who can break into a company’s system). With true E2E encryption, the encryption key is generated by the client (customer) device and can only be decrypted by conference participants.

Zoom’s website claimed that the service allowed hosts. “[s]According to complaints, “Ensure conferencing with end-to-end encryption” and “Zoom’s solution and security architecture provide end-to-end encryption and conferencing access control so that data in transit is not intercepted.” That is. Regarding its own definition of end-to-end encryption, a class action lawsuit said, “The definition of end-to-end encryption is not suitable for industry interpretation.” “Zoom’s misrepresentation is Apple’s FaceTime. Other video conferencing services, such as, have taken on the more difficult task of implementing true E2E encryption for multiple party calls. “

The Intercept reported in March 2020 that Zoom was unable to provide end-to-end encryption. Zoom’s response to the article revealed that “Zoom was aware that it wasn’t using the industry-recognized definition of E2E encryption and was raising awareness anyway.” The decision to use the term “two-end”. “

The Zoom application was displayed by “hovering over the green lock in the upper left corner” and contained a text box that says “Zoom uses an end-to-end encrypted connection”. Then change this text to simply indicate that the session is encrypted. “

In April 2020, Zoom apologized for the confusion caused by falsely suggesting that end-to-end encryption could be used at Zoom’s meetings … I didn’t mean to deceive customers, I am aware that there is a contradiction. Between the generally accepted definition of end-to-end encryption and how it was used. “

In October 2020, Zoomann announced the availability of a “Technology Preview” of the first real end-to-end encryption products. According to Zoom’s website, this offering is still in tech preview and “some other features are disabled”, so Zoom recommends it “only for meetings that require additional protection”. ..

Provide user data and allow Zoombombings

Zoom users relied on the company’s promise that “Zoom does not sell your data” and “Zoom takes privacy seriously and properly protects your personal information,” the proceedings said.Class members “did not understand what Zoom collects and shares [their] “Personal information of third parties such as Facebook and Google” and “Allow access to third parties such as Facebook and Google” [their] Combine personal information with content and information from other sources to create unique identifiers or profiles for [each user] For purposes that influence advertising and behavior. “

Since Zoom implements the Facebook SDK, user data was sent from Zoom to Facebook. “Even if the user created a Zoom or Facebook account, or worse, before the user encounters Zoom’s Terms of Service or privacy disclosure.” The proceedings said. “Since removing the Facebook SDK, Zoom has continued to share equally valuable user data with Google through Google’s Firebase Analytics SDK integrated into the Zoom app. I didn’t allow such data to be extracted and used. I’m not even aware of the data transmission. “In addition to Facebook and Google, Zoom said,” Hotjar, Zendesk, AdRoll, Bing personal data about users. And so on. “

The proceedings also said Zoom accused users of the Zoom bombing rash, even though the problem was made possible by a flaw in Zoom’s security. Zoom says, “A relatively simple technical solution … For example, a screen sharing control default or identity verification that allows a host to cancel a meeting or eject a Zoombomber with the push of a button. Implement stronger conference security (attendee admission) protocols, such as or your own conference passcode. “

“As early as March 20, 2020, Zoom acknowledged that its product had a Zoombombing issue, but instead of changing security protocols and default features, Zoom turned its back on users. He claimed that he was responsible for the user’s inability to use it properly. The program. “advertisement

Payment requirements

The settlement “needs Zoom not to reintegrate the Facebook SDK for iOS into Zoom meetings for a year” and asks Facebook to “delete US user data obtained from the SDK.” The security and transparency changes that Zoom has agreed to include:

Develop and maintain documented protocols and procedures for approving third-party applications for distribution to users through Zoom’s Marketplace for at least three years. Develop and maintain a user support ticketing system for internal tracking and user communication of meeting interruption reports. Create and maintain a documented process for contacting law enforcement agencies regarding interruptions in meetings related to illegal content. This includes a dedicated person who reports the interruption of a series of meetings to law enforcement agencies. Develop and maintain security features such as attendee waiting rooms, pause buttons for meeting activities, and blocking users from certain countries for a minimum of three years.

Zoom is needed “to better educate users about the security features available to protect the security and privacy of meetings through dedicated space and banner-type notifications on the Zoom website.” The Zoom website should also include “Centralized information and links for parents who have their child’s school-provided kindergarten-to-high school account.”

After the settlement was announced, Zoom issued a statement to the media not to admit cheating. “User privacy and security are Zoom’s top priorities and we take user trust seriously,” says Zoom. “We are proud of the advances we have made to the platform and look forward to continuing to innovate at the forefront of privacy and security.”

Sources 1/ https://Google.com/ 2/ https://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-for-lying-about-encryption-and-sending-data-to-facebook-and-google/ The mention sources can contact us to remove/changing this article

What Are The Main Benefits Of Comparing Car Insurance Quotes Online

LOS ANGELES, CA / ACCESSWIRE / June 24, 2020, / Compare-autoinsurance.Org has launched a new blog post that presents the main benefits of comparing multiple car insurance quotes. For more info and free online quotes, please visit https://compare-autoinsurance.Org/the-advantages-of-comparing-prices-with-car-insurance-quotes-online/ The modern society has numerous technological advantages. One important advantage is the speed at which information is sent and received. With the help of the internet, the shopping habits of many persons have drastically changed. The car insurance industry hasn't remained untouched by these changes. On the internet, drivers can compare insurance prices and find out which sellers have the best offers. View photos The advantages of comparing online car insurance quotes are the following: Online quotes can be obtained from anywhere and at any time. Unlike physical insurance agencies, websites don't have a specific schedule and they are available at any time. Drivers that have busy working schedules, can compare quotes from anywhere and at any time, even at midnight. Multiple choices. Almost all insurance providers, no matter if they are well-known brands or just local insurers, have an online presence. Online quotes will allow policyholders the chance to discover multiple insurance companies and check their prices. Drivers are no longer required to get quotes from just a few known insurance companies. Also, local and regional insurers can provide lower insurance rates for the same services. Accurate insurance estimates. Online quotes can only be accurate if the customers provide accurate and real info about their car models and driving history. Lying about past driving incidents can make the price estimates to be lower, but when dealing with an insurance company lying to them is useless. Usually, insurance companies will do research about a potential customer before granting him coverage. Online quotes can be sorted easily. Although drivers are recommended to not choose a policy just based on its price, drivers can easily sort quotes by insurance price. Using brokerage websites will allow drivers to get quotes from multiple insurers, thus making the comparison faster and easier. For additional info, money-saving tips, and free car insurance quotes, visit https://compare-autoinsurance.Org/ Compare-autoinsurance.Org is an online provider of life, home, health, and auto insurance quotes. This website is unique because it does not simply stick to one kind of insurance provider, but brings the clients the best deals from many different online insurance carriers. In this way, clients have access to offers from multiple carriers all in one place: this website. On this site, customers have access to quotes for insurance plans from various agencies, such as local or nationwide agencies, brand names insurance companies, etc. "Online quotes can easily help drivers obtain better car insurance deals. All they have to do is to complete an online form with accurate and real info, then compare prices", said Russell Rabichev, Marketing Director of Internet Marketing Company. CONTACT: Company Name: Internet Marketing CompanyPerson for contact Name: Gurgu CPhone Number: (818) 359-3898Email: [email protected]: https://compare-autoinsurance.Org/ SOURCE: Compare-autoinsurance.Org View source version on accesswire.Com:https://www.Accesswire.Com/595055/What-Are-The-Main-Benefits-Of-Comparing-Car-Insurance-Quotes-Online View photos