Hacker News new | ask | show | jobs
by scubbo 2079 days ago
I'll be the first to admit that I am very far from a crypto expert, but - does this implication necessary follow? Couldn't they just be recording and persisting the (encrypted) stream, and then making it available to "someone who has the key"?
2 comments
Spooky23 2079 days ago
That might work for a 2 party call. But I was on a call this afternoon with 70 participants — which of the 70 recordings do you want to keep?

It’s a hard problem, which gets much easier and delivers a better UX if you can trust the service provider. Also consider why you trust 70 meeting participants more than Zoom/Microsoft/Google/Verizon?

link
superice 2079 days ago
It's not that hard. Instead of generating 70 end-to-end encrypted recordings of your meeting, you just generate 70 end-to-end encrypted packets with a shared symmetric key inside that allow you to decrypt the meeting encrypted with that shared key. You only need one version of the recording because there is only one symmetric key, but you transmit that to each client using their public/private keypair.
link
scubbo 2078 days ago
> consider why you trust 70 meeting participants more than Zoom/Microsoft/Google/Verizon?

For the very simple reason that "the people that I choose to communicate with are people that I have chosen to communicate with", whereas the communication medium chosen is "the least-bad available". I am able to take whatever other measures I wish via other channels to verify and built-trust-in the participants, but I cannot do so with the communication medium owner.

link
mrstubbs 2079 days ago
The Zoom backend serves as a router for (possibly hundreds) individual encrypted streams of audio and video during a meeting. In order to support a cloud-save feature, they must first decrypt those streams in order to re-encode them into a unified multimedia file. Even if they were to store encrypted versions of all of these individual audio/video streams, how would they ultimately present that back to the user on request? There is no practical or easy way to do this.
link
Thorrez 2079 days ago
> Even if they were to store encrypted versions of all of these individual audio/video streams, how would they ultimately present that back to the user on request? There is no practical or easy way to do this.

You would play it similar to how you attend a Zoom meeting. They could probably reuse most of the client code for this feature. But yes, I agree this is likely not the user experience that most users want.

link