[Moodles]

The Zoom security debate has been hashed to death on HN lately, but Webex for example patched some RCEs only a couple weeks ago. I’m not fully convinced Zoom is objectively less secure than all the other alternatives these days. They just get a lot more attention for it.

Besides, if the EU defence conference had an open URL or weak password that issue would apply regardless of Zoom, Webex, etc.

[rscho]

The point of GP is that Zoom is american software, regardless of any particular issue related to the app itself. Which IMO, is a very crucial point.

A EU security conference should use EU software, and as little foreign stuff as possible. Otherwise, it's just theater (and it currently really is just that!).

[TeMPOraL]

> The point of GP is that Zoom is american software,

Wait. Isn't Zoom Chinese software?

[Moodles]

All of Zoom’s security team is based in the US to be fair. I don’t really agree in general that the X-conference should use X-software.

[rscho]

Well, if you are using foreign software for sensitive stuff, then you should at least be able to fully review the source and build the app yourself.

> All of Zoom’s security team is based in the US

That's the point. Thinking that the US are truthful and honest allies of the EU is plain laughable.

[Moodles]

They’re also all using Apple products, for example.

[rscho]

Yes, much to the EU population's dismay.

[Moodles]

I think it's way too paranoid and impractical to seriously have every single thing homegrown. No Zoom, no Microsoft, no Apple, no Google, no Intel or ARM chips. It's just not going to work. It's not even clear to me that would be more secure. Okay, so you've successfully defended against the threat of the US government pressuring those companies to add backdoors to spy on your conference. Now you have to make sure your homegrown software and hardware in secure. Also the EU is multiple countries with competing interests anyway. Come on. We have to be a little more practical in the real-world I think.

[numpad0]

Kinda cool if defense conferences were done using some defense apps that works, so that in case of a Soviet or Romulan invasion or whatever, military generals and SecDefs could just open their defense laptop and resume on defense discussions, though granted the world don’t have runaway Soviet threats anymore.

[EVdotIO]

It's about sovereign interest, and if you rely on foreign assistance to run state, you are a vassal at best. Last time I checked, Russia is still holding onto annexed land in Ukraine, and there is a proxy war in Yemen, the Korean peninsula is prepared for a full blown conflict at any moment, hostilities between India and Pakistan, and on, and on, and on, and on. There are absolutely ambitious geopolitical interests at play willing to use brutal force as a means to obtain their goals at costs most people cannot comprehend. It's probably advantageous to have your own tech and verticals for building it domestically. I mean it's not like securing uranium deposits.

[jankotek]

But it should not matter how secure chatting software is. This sort of stuff should be on offline VPM, separated from normal internet. If officials are using their personal devices for this....