#@random_walkerIf Zoom cares to resurrect its reputation, it needs to do four things right away. 1. Stop acting like malware. Although the intent isn't malicious, it's a dangerous slippery slope that makes it harder for the OS to block actual malware and creates new security risks for users. (twitter.com/_/status/1245103123389169665)
#ZegnatI didn’t know Zoom did P2P. I was pretty sure that in our testing we found it was always peer-to-zoom.
#sknebeland I also do not know any mode where it does peer-to-peer
#[LewisCowles]> Instead, the company has TLS encryption in place. This is essentially what browsers use to secure HTTPS websites and it means that data is encrypted between users and Zoom’s servers. But that’s different from ‘end-to-end’ encryption which protects all content shared between users from the company providing the service.
#sknebel(i.e. what some of the WebRTC things do. but e.g. not jitsi, that does webRTC to a server)
#Zegnat“video chat likely uses WebRTC” - if it does, it is only WebRTC from browser to Zoom, it is not WebRTC between participants, IIRC
#[LewisCowles]I think you've over-simplified what Jitsi does
#[LewisCowles]at least from my understanding, Jitsi supports ICE servers, but does not enforce their use if clients can peer
#[LewisCowles]I'm quite sure the reason for that is that it is outside of their control
#sknebelafaik it goes through the server, intentionally. but I could be wrong
#sknebelnot relevant to the point about what peer-to-peer typically means
#[LewisCowles]It's fundamental to the point of what peer-to-peer means
#ZegnatAs far as #indieweb-meta goes: I would maybe add a link to that extra piece of commentary on the wiki so it is clear what you are commenting on [LewisCowles]. As the rest of the wiki page does not seem to mention things like E2E.
#ZegnatWoops, I also did not see #indieweb-chat, haha, that is probably the correct channel :)
#[LewisCowles]zegnat I'm looking for a better link than a paper
#sknebelthe label "peer-to-peer" isn't really used for communication client-server in this context, so I think it doesn't apply to e.g. Zoom
#[LewisCowles]again. Zoom does not only communicate via its servers. This is what all the complaints seem to be about
#sknebeldo you have a source for "Zoom does not only communicate via its servers"?
#sknebelwhat I've seen is people critizing that they said "end-to-end" when they only did transport encryption to their servers, so their servers had access to the data
#[LewisCowles]> Zoom does use TLS encryption, the same standard that web browsers use to secure HTTPS websites. In practice, that means that data is encrypted between you and Zoom’s servers, similar to Gmail or Facebook content. But the term end-to-end encryption typically refers to protecting content between the users entirely with no company access at all,
#[LewisCowles]> similar to Signal or WhatsApp. Zoom does not offer that level of encryption
#[LewisCowles]> Zoom, however, denies that it’s misleading users. The company told _The Intercept_, “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” and that “content is not decrypted as it transfers across the Zoom cloud.”
#[LewisCowles]> Zoom is using WebRTC. Somewhat. With a data channel. To handle live video streams, with their previous WebSocket architecture as fallback. And not the peer connection itself.
#[LewisCowles]are they asking for the video data to be encrypted as well as transported through an encrypted socket? If so isn't it worse to layer encryption like that?
#sknebelend-to-end would mean that zooms servers can't decrypt the traffic. That IMHO does not make sense as a default for a video chat product, but as on opt-in thing would do probably
#ZegnatAnd then it gets double confusing when you get more technical people reading it, because they have yet again a different expectation for what all the terms mean, haha.
#ZegnatI feel like the problem is non-network people communicating with non-network people in multiple layers while Zoom themselves feel no need to clarify any of the terms they use.
#sknebel(not good for a default because you'd want the server to be able to re-encode etc the video to adapt for bandwidth - I think they do that)
#sknebelso zoom apparently has end-to-end encryption for text chat as an option
#sknebelbut not for video, but their marketing materials were unclear about that
#sknebelI don't think they do anything peer-to-peer (it's of course cheaper server-load wise, but has lots of problems, as many of the other examples show), but use WebRTC (a technology designed to support peer-to-peer) between browser client and server for performance reasons
gRegorlove joined the channel
#sknebelwhich I think is a sane choice, their marketing just shouldn't muddle that up (no personal opinion if they did or not, I didn't review the sources)
#[LewisCowles]They do have an option to refuse non-encrypted phone participants from the zoom official link I added
#sknebelyeah, enforcing "transport encryption" there I guess
#sknebelan external phone obviously would never be able to do end-to-end (I think that's not a thing in SIP for conferences)
#sknebel(another example of why e2e doesn't fit well with what they are offering: you'd break call-ins, cloud recording, ...)
#aaronpklack of e2e is not really a fair criticism. however having them call it e2e when it's clearly not, is.
#boffosocko.comedited /OPML (+235) "/* XSL (making an OPML file look like HTML) */ Hsiaoming Yang using XSL to create a human-readable RSS feed" (view diff)
#[jgmac1106]sorry for the rando links, sharing stuff we are working on in HWC London, that is a module page int he course builder
#[chrisaldrich]I just didn't understand the context for the number or why... figured it was specific because of the commit note, but...
#[tantek]note that is the /likes page which is about displaying the set of likes on a post, rather than the /like page which is all about a like post itself
#[chrisaldrich]then I'll like it and we can bump it to 7 then... 🙂
[KevinMarks], willnorris_ and Zegnet joined the channel
#[tantek]I'm having a better and better experience with "Hangouts" (https://meet.google.com/) for video chats of <10 people and I'm wondering what people think of considering using that for HWC instead of Zoom (given all the recent Zoom concerns reported)
#aaronpkmain downside is that requires that everyone has a google account
#aaronpkwhoa google meet does automatic captioninig
voxpelli_ joined the channel
#[tantek]I guess I'm saying I used to be frustrated by it, performance issues etc., and some combination of fixes in meet.google plus maybe fixes in Firefox have made it substantially better over the past few months
#[tantek]Wouldn't surprise me if Google had put more resources in to fixing (and infrastructure) for Hangouts over the past few weeks / month
#jackyaaronpk: yeah - I was talking to family and saw that come up randomly once; kinda cool
#aaronpkif you're interested in using this, i recommend doing a test flow with two windows side by side to see what the experience is like both hosting and joining a meeting
#[tantek]ugh well that doesn't really help then does it (in terms of blocking trolls)
#[tantek]alright we'll have to think this through some more to consider it as an alternative for HWC
#aaronpkcorrect, it does not. however we could ask that people join with their chat name or domain name, and then the trolls might be more recognizable