[LINK] Just as everyone's hopping onto Zoom ...

Thu Apr 2 10:41:47 AEDT 2020

> """
> Zoom, the video conferencing service whose use has spiked amid the
> Covid-19 pandemic, claims to implement end-to-end encryption, widely
> understood as the most private form of internet communication,
> protecting conversations from all outside parties. In fact, Zoom is
> using its own definition of the term, one that lets Zoom itself access
> unencrypted video and audio from meetings.
> """
> 
> As I type, I am dutifully installing zoom to participate in remote
> tutorials for COMP3310 Computer Networks at ANU.  Good case study.

As far as I can tell Zoom, Hangouts Meet, Jitsi Meet are all roughly
the same:

 - encrypted end-to-end when two parties

 - encrypted to conference bridge, plaintext through bridge, for more
than two parties

It's not clear if Zoom or Hangouts Meet can establish even a two-party
connection via a bridge to meet an interception request for an endpoint
or if the controller knows the encryption key of a two-party call
(allowing an intercepting agency to request the key for traffic they
intercepted via a carrier).  Jitsi cannot do either at this point.

I'd expect Microsoft Teams to be similar, but I can't easily find a
reference.  Unlike the other services, IMs in Teams is a complicated
story.

Apple Facetime is end-to-end in all scenarios. Tricky to engineer
(because down-scaling video to meet the bandwidth available to a
receiving client has to be done by transmitting client, so the
videoconference bridge ends up as a bandwidth signaller more than as a
video mixer).  High resolution clients in a big meeting will end up
using maybe 2x the bandwidth (eg, a 4K client will need to send 4K,
HDTV, STV, something smaller again, etc).

Zoom and Jitsi allow on-site bridge servers (and additionally the
option for the controllers for those services, the Intercept article
isn't quite right), so you can limit data exfiltration.  Keeping data
within Australia is one of the reasons AARNet has a really big Zoom
farm for use by universities.

Jitsi is free software, so you can read the source.  I haven't yet seen
notes from French academic network RENATER of their experience with
their Jitsi farm at the scales seen in the past week.

Zoom's "web server" application launcher on Macs to allow clickless
launching of Zoom from a URL is a clear case of 'security versus
usability' and also a nice illustration of how wanting to provide the
feature parity across multiple platforms has security consequences.

Videoconferencing systems, and the various tradeoffs made by each
vendor, is great material for discussion in a COMP3310.  As well as the
networking aspects, the administration of large farms of servers at
scale is essential to videoconferencing, and that might give a nice seq
ue into how computer networks and servers are converging onto the same
administration -- most visibly in the data centre -- ending the
specialised CLI for networking equipment. That ease of bulk
administration then allowing complex-to-configure mission-oriented
packet forwarding via SDN, the question of why configure multiple
protocols leading to BGP becoming the only routing protocol, the low
price and high function of ethernet controller ASICs meaning ethernet
becoming the only link layer, etc.

-glen