html缩放背景不缩放
There have been lots of alarming headlines in the news in the last few weeks about Zoom. They warn us that Zoom “has a dark side” and an “FBI warning”, there are “privacy concerns”, and people are “hijacking streams” and “Zoom-bombing” meetings.
Ť这里已经很多约变焦过去几周令人震惊的新闻标题。 他们警告我们,Zoom“ 有阴暗面”和“ FBI警告 ”,存在“隐私问题”,人们正在“劫持人流”和“ Zoom炸弹”会议。
Yikes! So people will spy on my meetings, steal my data, and maybe control my computer’s camera and microphone? It sounds like it—until you learn more.
kes! 因此人们会监视我的会议,窃取我的数据,甚至可能控制我的计算机的摄像头和麦克风吗? 听起来很像,直到您了解更多。
If you glance at the headlines, or skim the articles, you may be understandably concerned about whether it’s safe to use Zoom. The truth is a bit more complex — and it takes more reading to fully understand each criticism.
如果您浏览标题或浏览文章,您可能会担心使用Zoom是否安全。 真相要复杂一些,需要更多的阅读才能充分理解每种批评。
我将回顾媒体报道的主要批评,以便您可以就使用Zoom做出明智的决定。 (I’ll review the major criticisms covered by the media so you can make an informed decision about using Zoom.)
安全 (Security)
“Hijacking streams” sounds pretty scary. “Zoombombing” is another term for this. Both of them refer to uninvited guests wreaking havoc in your meeting with disruptive, juvenile behavior: harassing attendees, displaying porn images to the group, drawing penises on the whiteboard — you get the idea. Zoombombing can obviously be shocking, embarrassing, and frustrating. But calling it a “security” problem is not accurate.
“劫持流”听起来很吓人。 “ Zoombombing”是对此的另一个术语。 他们俩都提到了不请自来的客人,在您的会议中以破坏性的,少年的行为造成了严重破坏:骚扰与会者,向团体展示色情图片,在白板上绘制阴茎-您明白了。 Zoombombing显然令人震惊,尴尬和沮丧。 但是,称其为“安全性”问题并不准确。
There’s only one reason those delinquents were able to Zoombomb your meeting: you left the door wide open. You didn’t set up any controls to restrict access.
这些违法者能够放大会议的唯一原因是:您敞开了大门。 您没有设置任何限制访问权限的控件。
Now, you could perhaps criticize Zoom for designing their application in a way that makes it too easy to configure meetings that “leave the door open”. But preventing Zoombombing is totally under your control.
现在,您可能会批评Zoom设计其应用程序的方式使配置会议变得“容易”。 但是,防止Zoombombing完全由您控制。
The NPR headline warning that “Zoom Has A Dark Side — And An FBI Warning” sounds pretty ominous. So what does the FBI warning say? It says that they have received reports of uninvited Zoom meeting guests harassing attendees, and they suggest that you configure meetings to prevent open access: use the waiting room feature, and require a password.
NPR的标题警告“变焦具有阴暗面-和FBI警告”听起来很不祥。 那么联邦调查局的警告怎么说? 它说他们收到了不请自来的Zoom会议客人骚扰与会者的报告,并且他们建议您配置会议以防止公开访问: 使用等候室功能,并要求输入密码 。
Zoom also changed default settings so that users don’t unintentionally create open meetings. They notified users that starting April 4, 2020, they’ve “chosen to enable passwords on your meetings and turn on Waiting Rooms by default as additional security enhancements to protect your privacy”. So this change will help prevent users from inadvertently creating open meetings.
缩放还更改了默认设置,以便用户不会无意间创建公开会议。 他们通知用户 ,自2020年4月4日起,他们“选择在您的会议上启用密码并默认情况下打开“候诊室”,以增强保护您隐私的安全性。” 因此,此更改将有助于防止用户无意中创建公开会议。
Mac漏洞 (Mac vulnerability)
Another story creating juicy headlines recently is that Zoom has a flaw in its Macintosh application that allows a user to “hijack a Zoom user’s Mac computer and access the webcam and microphone”, which was discovered by a researcher.
最近另一个引起多汁新闻报道的故事是Zoom在Macintosh应用程序中存在一个缺陷,该缺陷使用户可以“劫持Zoom用户的Mac计算机并访问网络摄像头和麦克风” ,这是由研究人员发现的。
Wow, so anyone can just spy on you if you have a Mac running Zoom??
哇,如果您有一台运行Zoom的Mac,那么任何人都可以监视您?
No, not exactly. Most articles fail to mention that to take advantage of this flaw, the attacker needs access to your physical computer—but the reader is left with the assumption that a remote attacker can hijack your camera and microphone. However, this is a local attack, so they need to be sitting at your computer to do this.
不,不完全是。 大多数文章都没有提到利用此漏洞,攻击者需要访问您的物理计算机,但读者的假设是远程攻击者可以劫持您的相机和麦克风。 但是,这是本地攻击,因此他们需要坐在您的计算机上才能执行此操作。
The researcher discovered another flaw, which allowed a local attacker to run any code by messing around with the Zoom install process.
研究人员发现了另一个缺陷,该缺陷使本地攻击者可以通过弄乱Zoom安装过程来运行任何代码。
Now these are certainly significant flaws, and the application should not have been built the way it was. Kudos to the researcher who found this. At the same time, this is not likely to be a vulnerability that is of significant concern for most users who have password-protected their computers.
现在,这些肯定是重大的缺陷,并且该应用程序不应以原来的方式构建。 发现这一点的研究人员表示敬意。 同时,对于大多数使用密码保护其计算机的用户来说,此漏洞不太可能引起重大关注。
In addition, this was corrected in version 4.6.9 which was released on April 2, 2020.
此外, 此问题已在 2020年4月2日发布的4.6.9版本中得到纠正 。
端到端加密 (End-to-End Encryption)
Zoom has received criticism for claiming that they have “End-to-End Encryption”, but then later admitting that they don’t have it in the industry-accepted sense of the term.
Zoom因声称他们具有“端到端加密”而受到批评,但后来又承认他们没有业界公认的术语。
True end-to-end encryption means that the video and audio data is encrypted on the entire route from your computer to the other participants’ computers, and only the participants’ computers have the secret key that is used to encrypt and decrypt the data.
真正的端到端加密意味着在从您的计算机到其他参与者的计算机的整个路径上对视频和音频数据进行加密,并且只有参与者的计算机具有用于加密和解密数据的密钥。
In Zoom’s implementation, they maintain the keys on their servers. This means that theoretically, Zoom could decrypt your traffic and access your video and audio data. In response to the concerns, they have said that they will offer a feature that allows the user to host the keys in their own environment.
在Zoom的实现中,他们将密钥保存在服务器上。 这意味着从理论上讲 ,Zoom可以解密您的流量并访问您的视频和音频数据。 针对这些担忧,他们表示将提供一种功能,允许用户在自己的环境中托管密钥。
Perhaps most importantly, Zoom reassured the public in their blog that traffic is encrypted for the entire transit, with certain conditions (emphasis added):
也许最重要的是,Zoom在其博客中向公众保证, 在一定条件下 (针对整个情况 ),流量在整个运输过程中都是加密的(强调):
To be clear, in a meeting where all of the participants are using Zoom clients, and the meeting is not being recorded, we encrypt all video, audio, screen sharing, and chat content at the sending client, and do not decrypt it at any point before it reaches the receiving clients.
需要明确的是,在所有与会者都使用Zoom客户端 且未记录会议的会议中,我们在发送客户端处对所有视频,音频,屏幕共享和聊天内容进行加密,并且不对其进行任何解密点到达接收客户之前。
隐私 (Privacy)
Another frequent headline is that Zoom “shares data with third parties like Facebook without adequately notifying users”. Scary! But wait, what data are they sharing?
另一个经常出现的标题是Zoom“在没有充分通知用户的情况下与Facebook等第三方共享数据”。 害怕! 但是,等等,他们共享什么数据?
It turns out that when you logged in through the Zoom app on iOS, the app was sending Facebook your time zone, city, what type of phone you have, which cell carrier you have, and what time you opened the app. Not very sensitive data, for most people.
事实证明,当您通过iOS上的Zoom应用程序登录时,该应用程序向Facebook发送了您的时区 , 城市 , 您拥有的电话类型,您拥有的手机 运营商 以及何时打开该应用程序 。 对于大多数人来说,数据不是很敏感。
Yes, when you look at this from a general data privacy perspective, to be 100% certain about privacy, the app shouldn’t send that data. However, I would argue that many other apps, and browsers, leak similar data.
是的,当您从一般数据隐私角度看待此问题时,为了100%确定隐私,该应用程序不应发送该数据。 但是,我认为许多其他应用程序和浏览器会泄漏相似的数据。
In any case, this is another situation of headlines making things sound worse than they are. This was fixed on March 27, 2020.
无论如何,这是头条新闻的另一种情况,使事情听起来比实际情况更糟。 该问题已于2020年3月27日修复 。
现实情况是,当您调查细节时,Zoom并不像标题所暗示的那么可怕。 (The reality is that when you investigate the details, Zoom is not nearly as scary as the headlines may suggest.)
If you take a couple simple precautions, you will be fine. No technology solution is perfect, and all technologies are susceptible to some degree of vulnerability, but the situation is not as dire as you might gather from the press.
如果您采取一些简单的预防措施,就可以了。 没有哪一种技术解决方案是完美的,所有技术都容易受到一定程度的漏洞影响,但情况并不像从媒体上看到的那样可怕。
确保会议安全 (Securing your meetings)
Here’s how you can keep your Zoom meetings secure:
以下是如何确保Zoom会议安全的方法:
始终使用等候室。 (Always use a waiting room.)
Zoom has now made this the default selection in your advanced settings.
现在,缩放功能已将其作为高级设置的默认选择。
You will see this option when creating a meeting, under the “Advanced” section: verify that “Enable waiting room” is checked. The waiting room allows you to manually admit each attendee, so you can verify that they are authorized to attend.
创建会议时,您将在“高级”部分下看到此选项:确认已选中“启用候诊室”。 等候室允许您手动接纳每个与会者,因此您可以验证他们是否有权参加。
Don’t worry if you inadvertently admit someone to the meeting who shouldn’t be there—you can always kick them out. Just click “Participants”, and next to the person’s name click “More”, then “Remove”.
如果您无意中邀请了不该参加的人参加会议,请不要担心,您可以随时将他们赶出去。 只需单击“参与者”,然后在此人的名字旁边单击“更多”,然后单击“删除”。
如果会议很小,请锁定。 (Lock your meetings if they are small.)
If your meeting is rather small, and you know that everyone is in attendance, you can then lock the meeting. This will prevent others from attending the meeting. Starting with version 4.6.10, click the “Security” button in the toolbar, and select “Lock Meeting”:
如果您的会议规模很小,并且您知道每个人都出席了会议 ,则可以锁定会议 。 这将阻止其他人参加会议。 从4.6.10版本开始,单击工具栏中的“安全性”按钮,然后选择“锁定会议”:
对于较大的会议,请使用生成的会议ID和密码。 (Use a generated Meeting ID and password for larger meetings.)
If your meeting will have more than a few participants, use a generated Meeting ID, use a password, and use the waiting room. This reduces the likelihood of unintended visitors. However, someone can still forward the link and password to someone else, so you still need to admit each person from the waiting room.
如果您的会议将有几个以上的参与者,请使用生成的会议ID, 使用密码并使用等候室。 这减少了意外访客的可能性。 但是,仍然有人可以将链接和密码转发给其他人,因此您仍然需要允许每个人进入等候室。
个人会议ID (Personal Meeting ID)
The Personal Meeting ID is a 10-digit ID that you choose and will always have reserved just for your meetings. This means you can always give out the same link to your meeting. I chose my phone number, so I always know what the meeting ID is.
个人会议ID是您选择的10位ID,并且始终仅保留用于会议。 这意味着您可以始终为会议提供相同的链接。 我选择了电话号码,所以我始终知道会议ID是什么。
This makes it easy to set up a meeting — all I have to do is send the same link to people. I don’t need to go to “Create meeting” each time. Even better, if someone has Zoom installed, I can just say, “Join the meeting at 2:00. The Meeting ID is the same as my phone number.”
这使召开会议变得很容易-我要做的就是将相同的链接发送给其他人。 我不需要每次都去“创建会议”。 更好的是,如果有人安装了Zoom,我可以说:“在2:00加入会议。 会议ID与我的电话号码相同。”
This adds a lot of convenience and efficiency for you, and reduces the barriers for attendees.
这为您增加了许多便利和效率,并减少了与会者的障碍。
You may wonder, “won’t people be able to Zoombomb me if I always use the same link?” No, this isn’t a problem if you do the following:
您可能会想,“如果我始终使用相同的链接,人们是否无法放大我?” 不, 如果您执行以下操作,这不是问题:
• Ensure that “Waiting Room” is turned on in your advanced settings. (Zoom has set the default to “on”, but verify this just to be safe.)• Turn off “Join before host” in your advanced settings. (In my testing I found that this is probably not necessary if you are using waiting rooms, but it’s not a bad idea to turn it off.)• Lock the meeting once it’s in progress. Remember that this is not crucial — you have already configured the Waiting Room, so no one can get in without you admitting them. Locking the meeting just prevents the distraction of a notification that someone has entered the waiting room.
• 确保在高级设置中 打开“等候室” 。 (Zoom将默认值设置为“ on”,但为了安全起见对此进行了验证。)•在高级设置中关闭“主持人先加入” 。 (在我的测试中,我发现如果您使用候诊室,则可能没有必要,但关闭它并不是一个坏主意。)• 在会议进行过程中锁定会议 。 请记住,这并不重要-您已经配置了候诊室,因此如果没有您的允许,任何人都无法进入。 锁定会议只是防止分散有人进入等候室的通知。
摘要 (Summary)
Getting beyond the hype in the media and understanding the details will help you decide whether Zoom is right for you. And if you decide to use Zoom, you now are aware of the few settings that will keep your meetings secure and private.
超越媒体的炒作和了解细节将帮助您确定Zoom是否适合您。 而且,如果您决定使用Zoom,现在您将了解一些可以确保会议安全私密的设置。
翻译自: https://medium.com/mediation-resource/zoom-isnt-that-scary-a4b3dfe9b546
html缩放背景不缩放
扫一扫
333
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
