[arcticbull]

None of that, while distasteful seems to signal any national security or personal security risk. This seems pretty hyperbolic. Why on earth would the Chinese government want access to videos of children in bedrooms? Ridiculous.

[est31]

There are more reasons to not give access than personal or national security. Privacy is one. We shouldn't be in a situation where you need to explain why you need privacy. It should be the default.

[arcticbull]

I don't disagree, I'm just tired of the (in this case blatant) "but think of the children" in situations where it's totally irrelevant.

[simonh]

"Think of the Children" is when an issue that is only tangentially or tenuously anything to do with children, and may not even be a legitimate concern anyway, uses a notional impact on children as emotional leverage to gain undeserved attention.

This case is literally and specifically about the protection of specific children from a proven risk.

[arcticbull]

Is the proven risk that China is snooping on American children? If so, I'm sure I'd have read it everywhere. If not, it's sensationalism. The case is literally and specifically about Zoom having the ability to snoop. Children are ancillary.

[simonh]

I'll reluctantly repeat the below from another post of mine on this thread:

There are two vulnerabilities in particular that can grant access to videos to anyone. One is that Zoom video chat IDs are short enough and low enough entropy to be guessable so it's possible to crash meetings. Also saved videos have a standard naming scheme that makes their file names guessable and therefore accessible publicly, as anyone who knows the file name can access any saved video.

Both of these are deliberate choices. They made meeting IDs short and memorable, which makes them guessable. They also wanted saved videos to have meaningful names derived from meeting and user metadata, but again that means they are guessable, and easy to access without annoying security controls.

[valuearb]

What "proven risk" is that?

[simonh]

I already answered that to a sibling post to yours 2 hours before your post.

[valuearb]

No you didn’t. Because there are no proven risks. Videos of kids discussing math should have a security concerns near zero.

[simonh]

There are two vulnerabilities in particular that can grant access to videos to hostiles. One is that Zoom video chat IDs are short enough and low enough entropy to be guessable. Also saved videos have a standard naming scheme that makes their file names guessable and therefore accessible publicly. However, any vulnerability, especially intentional ones knowingly trading convenience for security or implemented deceptively, is not acceptable especially when we're dealing with the privacy of children.

[valuearb]

That's a pretty silly concern when photos and videos of the same children are spread across Facebook and other platforms willy nilly.

[simonh]

Those are photos and videos they have intentionally shared. Not supposedly secure private video sessions. If private chats and videos on Facebook of e.g. teenage girls virtual sleepover parties were also trivially accessible by strangers, that would also be an equal concern.

[thawaway1837]

Can you imagine the lawsuits that are gonna come pouring in because some hacker was able to control the webcam on a students MacBook because Zoom’s installer basically acts as an insecure root kit, and takes videos of a kid in his private moments and releases them to the internet?

[valuearb]

No one has hacked their installer.