Excellent article, really helped put a lot of the ‘fear-mongering’ news articles in line. I still think organizations should avoid using Zoom if there are other alternatives easily available, but to be fair I havn’t done any feature comparisons.
There was another moderately serious bug discovered late March, patched April 2nd.
I hold several different beliefs, and am curious as to what motivates your above statements:
1: Why do you believe that American spy agencies collect Intel or perform Ops using commercial software to a similar level as the CCP? The level of governmental power is extremely different, even if you believe the governmental ‘morals’ are equal.
2: I’ve always heard that using servers always comes with the risk of data being ready by whichever government owns the data center. Do you believe that to not be the case? Or are you simply of the belief that every government has access to the data?
3: I see it as ‘rational’ to switch to Teams for your math sessions only in the same sense that using a VPN for legitimate web browsing is rational. By obfuscating your data, you are making it harder for potentially malicious actors to make and refine algorithms for mass-population manipulation. But that’s a whole massive topic by itself, probably not best to get into it here.
1: There’s 2 differences I see; I’d categorize it more as ‘collecting’ than ‘monitoring,’ and despite the many arms of the NSA, I’d bet the CCP is far worse. A way to measure this is network latency: traffic leaving China is noticeably slower, due to the Great Firewall and the amount of filtering CCP agencies do to all data. Traffic leaving the US encounters 0 or minimal latency; so if it’s being monitored, it’s not real-time. I actually have worked with a person who had access to the NSA database during it’s pre-Snowden days. According to him, there was far more data being collected then was being used, for legal reasons and practical ones. Legally, it was not considered monitoring US persons until the traffic was unencrypted; so while they might have a phone call recorded, it’s not Illegal until they decrypt it. (yes, I know, this makes enforcement entirely an internal measure)
2: The most convenient, quiet, and effective way of getting access is legitimate credentials. If you can steal them, that’s great, but if you can send a police officer to tell the company to make you creds, that’s way easier. I agree with you as far as high-value targets go; you do lose some secrecy if you have to bring the server owners on board. But for the average user, I’d guess it’s more efficient to save your ‘hackers’ for more useful stuff, and use bureaucrats as much as possible in their place.
3: VPN usage is growing, but as you pointed out, data-collection is growing too, at what I see as a far faster rate. I know a few optimistic people, but I’m pessimistic, I think these measures will just delay the complete loss of privacy (and therefore the ‘Hari Seldon-ing’ of big businesses).