We had a *huge* advantage when designing this: Zoom already has the meeting contents traverse the servers encrypted. So what you’ll see in this paper is changing how Zoom does key management rather than a full-on design for a videoconferencing system.
-
-
I don't fully agree. It is still easier to hide a backdoor in (obfuscated) binary code than it is in (written-to-be-maintainable) source code. Config should ideally be included. And there are other code quality benefits of reproducible builds besides security (testing, deltas).
-
Is it easier? The benefit of bugdoors isn't ease, it's that they're plausibly deniable, if you get caught, so what? You might even be able to convince people not to talk about it for months, and you can try again in a new patch, there's zero penalty.
- 15 more replies
New conversation -
-
-
This is a really interesting thread I haven't fully read yet.. If you're spinning up a new vm from a distro and installing some build tools for each build, you're probably not compromised? At least, you can be kinda satisfied if you apply the same ethos to the tools as the code..
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Nice discussion and I agree for the most part. But you are wrong about proving something isn't compromised. You can't prove something isn't compromised. Basic logic :p
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

