网页缩放与窗口缩放_为什么即使缩放会议说加密会议也没有加密？

最新推荐文章于 2024-11-09 21:51:27 发布

weixin_26722031

最新推荐文章于 2024-11-09 21:51:27 发布

阅读量858

点赞数

文章标签： python https md5 web

原文链接：https://medium.com/theciva/why-is-zoom-not-encrypted-even-though-it-says-it-is-8321d8d4638a

版权

网页缩放与窗口缩放

缩放加密 (Zoom Encryption)

End-to-end encryption on Zoom is what the world is criticising Zoom for. After all, your top concern for online meetings is that no one spies your meeting, right?

Zoom的端到端加密是全世界批评Zoom的目的。毕竟，您对在线会议的首要关注是没有人监视您的会议，对吗？

You may be more concerned if you’re doing a confidential company or government discussion on a Zoom meeting, which I’d recommend you to not do.

如果您要在Zoom会议上进行机密的公司或政府讨论，则可能会更担心，我建议您不要这样做。

Nevertheless, your privacy is more valuable today than it was a few decades ago. And Zoom was never designed to be privacy-focused. Their aim was user-friendliness and feature richness. And in both categories, they are what they say “Industry leaders”. Well, not always are they what they say. Because Zoom isn’t “end-to-end encrypted” at least in the sense these terms are commonly used.

尽管如此，今天的隐私比几十年前更有价值。和缩放从未设计成注重隐私。他们的目标是用户友好和功能丰富。在这两个类别中，他们就是他们所说的“ 行业领导者 ”。好吧，他们所说的并非总是如此。因为Zoom至少在某种意义上不是“端到端加密”的，所以通常使用这些术语。

Before we dive into why Zoom isn’t encrypted, why do we need Zoom to be encrypted in the first place, and why most of us can still use Zoom even if it isn’t encrypted among other questions, there are two things you need to understand.

在深入探讨为什么不对Zoom进行加密之前，为什么我们首先需要对Zoom进行加密，以及为什么我们大多数人仍然可以使用Zoom(即使未对其进行加密)还有其他一些问题，所以您需要做两件事了解。

1.您的数据如何传送到您发送给的人？ (1. How Your Data Travels To The Ones You Send It To?)

Let’s take the case of a WhatsApp message. Assume you send a message to someone, say X.

让我们以WhatsApp消息为例。假设您向某人发送消息，例如X。

The message, you sent, is encrypted and uploaded to a data centre. We’ll talk encryption a bit later.

您发送的消息已加密并上传到数据中心。我们稍后再讨论加密。

X’s device, if online, checks for any new messages continuously. When it sees the message you sent, it shows it the X. This is all happens in a blink.

X的设备(如果在线)将连续检查任何新消息。看到您发送的消息时，它会显示为X。这一切都在眨眼之间发生。

Let some illustrations help you understand.

让一些插图帮助您理解。

If you’re curious why the message isn’t sent to the recipient’s device directly, it’s because in case X’s device is offline, the message would not reach.

如果您想知道为什么邮件没有直接发送到收件人的设备，那是因为如果X的设备脱机，则邮件将无法到达。

Zoom meetings data transmission illustration — **Why the message is sent to a server and not directly to the receiver’s phone. //** Illustration by Kunal Mishra.

As to sum up, you need to understand the data that that is sent from your phone goes to a server before being received at the destination device.

综上所述，您需要了解从手机发送的数据在目标设备上接收之前已先发送到服务器 。

2.什么是加密？ (2. What Is Encryption?)

Encryption means encoding data while in transmission from one device to another. This ensures that if someone accesses the data while it’s travelling, he can not use it.

加密是指在从一个设备传输到另一设备时对数据进行编码。这样可以确保如果有人在旅行时访问数据，则他将无法使用它。

Let’s understand it with an example of cash and credit card.

让我们以现金和信用卡为例来了解它。

Your cash is un-encrypted. That means anybody who holds it can use it — be it you or a burglar who stole it.
您的现金未加密。 这意味着持有它的任何人都可以使用它-无论是您还是偷窃它的窃贼。
Your card, on the other hand, is encrypted. Meaning not everyone can use it unless he knows the PIN, which can be any of 10,000 unique PINs.
另一方面，您的卡已加密。 意味着并非每个人都可以使用它，除非他知道PIN(可以是10,000个唯一PIN中的任何一个)。

That’s how encryption works.

这就是加密的工作方式。

In WhatsApp, you might have noticed a yellow box that tells you your chats are end-to-end encrypted. That means only you and the person who the message was sent to can read it.

在WhatsApp中，您可能已经注意到一个黄色框，告诉您您的聊天是端到端加密的 。这意味着只有您和发送消息的人才能阅读。

WhatsApp’s encryption message png — **WhatsApp’s encryption message** // Kunal Mishra **WhatsApp的加密消息** // Kunal Mishra

No one in between, even if he gets access to the message, can read it. Not even WhatsApp staff.

中间的任何人，即使他可以访问该消息，也无法阅读。甚至没有WhatsApp员工。

Think of it like changing your texts to another language which only your phone and the receiver’s one can understand. So for anyone who steals your message while it’s travelling to the receiver, it’d be useless for him.

可以将其想像成将文本更改为另一种语言，只有您的电话和接收者的语言才能理解。因此，对于任何在您的邮件传输到接收方时窃取您的邮件的人来说，这对他来说都是没有用的。

This is End-to-end Encryption, the standard encryption for any widely used digital product.

这是“端到端加密” ，这是任何广泛使用的数字产品的标准加密。

缩放加密 (Encryption On Zoom)

Zoom’s marketing claims say the product is “end-to-end encrypted”. This can be seen from various places within Zoom’s interfaces.

Zoom的市场营销声称说该产品是“ 端到端加密的 ”。这可以从Zoom界面的各个位置看到。

Zoom’s Misleading Encrypted Marketing Claim — The top-left icon in Zoom’s desktop app. // Image by Author

When you hover over the green lock in the top left of the Zoom desktop app, it says, “Zoom is using an end to end encrypted connection”. [This has been corrected in recent updates.]
当您将鼠标悬停在Zoom桌面应用程序左上方的绿色锁上时，它会显示“ Zoom正在使用端到端加密连接”。 [ 这已在最近的更新中得到纠正。 ]
In the white paper, it lists “Secure a meeting with E2E encryption” as an “in-meeting security capability” that’s available to meeting hosts.
在白皮书中，它将“使用E2E加密保护会议安全”列为会议主持人可以使用的“会议中安全功能”。

缩放表示端到端加密时具有欺骗性。 (Zoom is deceptive when it says it is End-to-end encrypted.)

Zoom’s “end-to-end encryption capabilities” should mean no one other than the participants of the meeting can spy the meeting.

Zoom的“ 端到端加密功能 ”应意味着会议参与者不能监视会议。

But rather it means no one, who steals the data while being transported between your phone and Zoom’s data centres, can eavesdrop your meetings because they’re encrypted. Though, Zoom itself or government of the country the servers are located in can have access to your meetings. This denies the right to privacy.

但是相反，这意味着没有人在电话和Zoom的数据中心之间传输数据时窃取数据，因为它们是加密的，因此无法窃听您的会议。但是，Zoom本身或服务器所在国家的政府可以访问您的会议。这剥夺了隐私权。

The keys, used to decrypt the data, are also stored in Zoom’s data centres. Most of which are located in China, where governmental authorities can ask Zoom to give them access to the data, unencrypted. And Chinese laws make Zoom undeniable.

用于解密数据的密钥也存储在Zoom的数据中心中。其中大多数位于中国，政府机构可以在中国要求Zoom允许他们访问未经加密的数据。而且中国法律使Zoom不可否认。

This creates a problem if you do a highly confidential discussion over a Zoom meeting. The Chinese might be spying on you.

如果您在Zoom会议上进行了高度机密的讨论，则会产生问题。中国人可能在监视你。

An example is when a photo showed the Indian defence minister using Zoom to communicate with chiefs of the army.

例如，当一张照片显示印度国防部长使用Zoom与陆军首长交流时。

While writing this article, Zoom pushed out a new update letting paid users choose which data centre they want the data to go through. Free users are given no such option.

在撰写本文时，Zoom推出了一个新的更新，让付费用户选择他们希望数据通过哪个数据中心。免费用户没有这种选择。

If you’re a paid user, route your Zoom meetings via a data centres in Mumbai, India.
如果您是付费用户，请通过印度孟买的数据中心路由您的Zoom会议。

You can now choose data centre location for you Zoom meetings data if you’re a paying member

If you are using Zoom for free, your data will be routed through data centres in the US.
如果您免费使用Zoom，您的数据将通过美国的数据中心进行路由。

@Vijaita @Vijaita

Zoom的首席产品官Oded Gal写道： (Zoom’s chief product officer Oded Gal wrote:)

“Zoom has always strived to use encryption to protect content in as many scenarios as possible, and in that spirit, we used the term end-to-end encryption. While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”

“ Zoom一直努力在尽可能多的情况下使用加密来保护内容，并且本着这种精神，我们使用了术语“端到端加密”。尽管我们从未打算欺骗任何客户，但我们认识到，普遍接受的端到端加密定义与我们如何使用它之间存在差异。”

“他们不”并不意味着“他们不能”。 (‘They don’t’ doesn’t mean ‘they can’t’.)

Zoom spokesperson said, “We encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients.”

Zoom发言人说：“ 我们在发送客户端加密所有视频，音频，屏幕共享和聊天内容，并且在到达接收客户端之前不会对其进行任何解密。 ”

This sounds like end-to-end encryption, right? But they say “they don’t decrypt” not “they can’t decrypt”.

这听起来像端到端加密，对吗？但是他们说“他们不解密”不是“他们不能解密”。

如何真正对Zoom会议进行端到端加密？ (How Can Zoom meetings be really end-to-end encrypted?)

For a fully end-to-end encrypted Zoom meeting,

要进行全面的端到端加密Zoom会议，

The audio, video, screen sharing, chats and other meeting data should be encrypted in such a way that only participants of the meeting can decrypt it.
音频，视频，屏幕共享，聊天和其他会议数据应该以仅会议参与者可以解密的方式进行加密。
The Zoom data centres should still have all these meetings data but encrypted. Meaning they shouldn’t have the technical ability to eavesdrop your meetings.
Zoom数据中心应仍具有所有这些会议数据，但必须进行加密。意味着他们不应该具有监听您的会议的技术能力。

This is what end-to-end encryption actually means.

这就是端到端加密的实际含义。

为什么不对Zoom进行端到端加密？ (Why Zoom isn’t end-to-end encrypted?)

Mathew Green, a cryptographer points out on The Intercept that:

密码学家Mathew Green在《拦截》中指出：

Video conferencing is hard to encrypt.

视频会议很难加密。

That’s because Zoom needs to figure out which participant is talking so as to act as a switchboard, allowing high-quality audio only from the person speaking at the moment. While rest all’s audio quality will be decreased a bit to optimize the data usage.

这是因为Zoom需要弄清楚哪个参与者在讲话，以便充当总机，仅允许当前正在讲话的人提供高质量的音频。休息时，所有音频质量都会有所降低，以优化数据使用。

This optimization helps Zoom consume less battery and data, enhancing the overall quality of the meeting. This is easier when Zoom’s systems can see the data — to see who’s talking — in unencrypted form.

此优化可帮助Zoom消耗更少的电池和数据，从而提高会议的整体质量。当Zoom的系统可以以未加密的形式查看数据(查看正在讲话的人)时，这会更容易。

但这也不是没有可能。 (But it’s not impossible, too.)

“If it’s all end-to-end encrypted, you need to add some extra mechanisms to make sure you can do that kind of ‘who’s talking’ switch, and you can do it in a way that doesn’t leak a lot of information. You have to push that logic out to the endpoints,” he told The Intercept. This isn’t impossible, though, Green said, as demonstrated by Apple’s FaceTime, which allows group video conferencing that’s end-to-end encrypted.

“如果全部都是端到端加密的，那么您需要添加一些额外的机制以确保您可以进行这种“谁在说话”的切换，并且可以以不泄漏大量信息的方式进行操作。您必须将这种逻辑推向端点，”他告诉The Intercept 。格林说，这并非没有可能，正如苹果公司的FaceTime所证明的那样，该技术可以对端到端加密的组视频会议进行加密。

Though, it’s worth noting that it took Apple years to get end-to-end encryption to work with 32 participants on FaceTime while meetings on Zoom have 100–1000 participants.

但是，值得注意的是，花了苹果很多年的时间才能使端到端加密与32位与会者在FaceTime上一起工作，而Zoom上的会议有100-1000位与会者。

Tech Giants是透明的，Zoom不是。 (Tech Giants are transparent, Zoom isn’t.)

Companies like Microsoft, Google and Facebook have transparency reports that describe how many government requests for user data they receive from which countries (governments) and how many of those they comply with. Zoom doesn’t have any.

像Microsoft ， Google和Facebook这样的公司都有透明度报告，这些报告描述了他们从哪个国家(政府)收到多少政府对用户数据的请求，以及他们遵循了多少请求。变焦没有任何。

Isedua Oribhabor, U.S. policy analyst at Access Now, pointed out that Zoom could be compelled to hand over data to governments that want to monitor online assembly or control the spread of information as activists move protests online. The lack of a transparency report makes it difficult to determine whether there’s been an increase in requests and unclear how Zoom would respond.

Access Now的美国政策分析师Isedua Oribhabor指出，Zoom可能被迫将数据交给希望监视在线集会或控制信息传播的政府，因为激进分子将抗议活动在线上转移。由于缺乏透明度报告，因此很难确定请求是否有所增加，并且不清楚Zoom将如何响应。

这如何影响竞争？ (How This Affects Competition?)

Independent technologist Ashkan Soltani, who formerly served as the FTC’s chief technologist, said, “If Zoom claimed they have end-to-end encryption, but didn’t actually invest the resources to implement it, and Google Hangouts didn’t make that claim and you chose Zoom, not only are you being harmed as a consumer but in fact, Hangouts is being harmed because Zoom is making claims about its product that are not true”

独立技术专家Ashkan Soltani曾担任FTC的首席技术专家，他说：“如果Zoom声称他们拥有端到端加密，但实际上并没有投入资源来实施它，Google Hangouts也没有提出这一要求。而您选择了Zoom，不仅会损害您的消费者利益，而且实际上，环聊也受到了伤害，因为Zoom声称其产品不属实。”

关于缩放的好处 (The Good About Zoom)

Zoom is deceptive when it says it is End-to-end encrypted. But not when it says its the industry leader. We talked about how misleading Zoom is. But you need to see both sides of the coin.

缩放表示端到端加密时具有欺骗性。但是当它说它是行业领导者时却不是。我们讨论了Zoom的误导性。但是您需要看到硬币的正反两面。

Zoom has a lot to dislike. But the likeable things shouldn’t be ignored as well.

缩放有很多令人讨厌的地方。但是类似的事情也不应该被忽略。

Zoom’s free version supports meetings with up to 100 participants. The Enterprise Plus tier users can make a meeting with up to 1000 participants. Skype supports only 50 for free. Google’s Hangouts Meet supports no more than 250. Apple’s encrypted FaceTime supports only 32.
Zoom的免费版本最多支持100人参加的会议。 Enterprise Plus层用户最多可以与1000位参与者进行会议。 Skype仅免费支持50个。 Google的环聊聚会最多支持250个。Apple的加密FaceTime仅支持32个。
The meeting quality is better than Google’s Hangouts Meet and some other competitors, especially for low-end devices and networks.
会议质量优于Google的环聊会议和其他一些竞争对手，尤其是对于低端设备和网络。
It gives the host more control over the meeting, like muting anyone, removing, configuring chat etc.
它使主持人可以更好地控制会议，例如使任何人静音，删除，配置聊天等。
It has some brilliant features to stop Zoombombing like a virtual waiting room, locking meetings etc that most meetings app don’t have.
它具有一些出色的功能来阻止Zoombombing，例如虚拟的 等候室 ， 锁定会议等大多数会议应用程序所没有的功能。

READ: 15 Tips For A Secure Zoom Meeting

Zoom even made it free for educational purposes.
Zoom甚至免费提供用于教育目的。
User-friendliness. Despite advanced features and aggressive pricing, you don’t need to be a tech geek to configure Zoom.
方便用户使用。尽管具有高级功能和激进的定价，但您无需成为配置Zoom的技术专家。

But I agree with a post on WIRED that says, “It’s absolutely fair to put public pressure on Zoom to make things safer for regular users.”

但是我同意WIRED上的一篇文章，其中说：“向公众施加Zoom压力以使普通用户更安全，这是绝对公平的。”