Anonymous wrote:MCPS has implemented it differently. Has to be used from a student google account, which already is walled off from general internet.

FWIW, the following is a summary of an investigative report released by Citizen’s Lab on Friday, Citizen's Lab being a well-respected cybersecurity institution (part of the University of Toronto). They are well known in the field as objective researchers looking into exploitable weaknesses that pose a risk to a sector, or holistically (https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/):

1. Zoom misrepresents the encryption it uses, calling it “end-to-end” encryption. In April 2020 Zoom released a blog post clarifying that their encryption is between an individual’s device and the Zoom server, NOT the entire communication. IOW, not "end-to-end" encryption as industry uses the term

2. Zoom uses custom encryption which does a poor job of masking everything (in the report, you can still make out the outlines of an encrypted picture encrypted using Zoom's algorithm), and is predictable. And Zoom's keys are weak; AES-128 vice traditional AES-256

3. In making Zoom idiot-proof (called "low friction") Zoom created a number of vulnerabilities, some of which have been discussed in the press the past few days

4. Even with all parties to a call in the US, encryption keys come from China, creating the risk that Chinese govt can force Zoom to share keys and gain access

5. Nation states are now well aware of Zoom’s vulnerabilities and likely targeting users

6. Zoom provides 0 transparency about what it shares when served with legal process

7. Zoom's Waiting Room has a vulnerability (not publicly disclosed b/c they want Zoom to fix before ppl take advantage)

Anonymous wrote:

Anonymous wrote:MCPS has implemented it differently. Has to be used from a student google account, which already is walled off from general internet.

Are you positive because I saw students using cell phone numbers on Friday.

Anonymous wrote:Somebody wants to eavesdrop on remote instruction?

Anonymous wrote:Somebody wants to eavesdrop on remote instruction?

Anonymous wrote:

Anonymous wrote:Somebody wants to eavesdrop on remote instruction?

Google Zoombombing

Anonymous wrote:

Anonymous wrote:

Anonymous wrote:Somebody wants to eavesdrop on remote instruction?

Google Zoombombing

Not only that there's a huge security flaw. Thousands of zoom meetings were released publicly along with personally identifying information. Therapy sessions, private business meetings, elementary children etc. I wish MCPS would also ban it.

Anonymous wrote:As others have said, you can't join MCPS Zoom without logging in with a MyMCPS student/teacher username. So any kid who does something inappropriate is easily traceable and accountable.

The Zoom issues are:
1. random people being able to join meetings, which can't happen with MCPS's setup
2. Non end-to-end encryption, which only occurs if you are calling in from a phone, because the telephone network isn't encrypted (this is not specific to Zoom).. but MCPS requires connecting by computer, which is encrypted.

Anonymous wrote:

Anonymous wrote:As others have said, you can't join MCPS Zoom without logging in with a MyMCPS student/teacher username. So any kid who does something inappropriate is easily traceable and accountable.

The Zoom issues are:
1. random people being able to join meetings, which can't happen with MCPS's setup
2. Non end-to-end encryption, which only occurs if you are calling in from a phone, because the telephone network isn't encrypted (this is not specific to Zoom).. but MCPS requires connecting by computer, which is encrypted.

What about students who only have a smartphone? Or teachers who only have a smartphone because they need to leave the family computer for a spouse or children?