from Hacker News

Zoom will enable waiting rooms by default to stop Zoombombing

by vpontis on 4/3/20, 9:20 PM with 49 comments

  • by bretpiatt on 4/4/20, 1:25 AM

  • by bartread on 4/4/20, 9:15 AM

    "Building development teams that include skeptics and realists, rather than just visionary idealists, could keep ensure products get safeguarded from abuse before rather than after a scandal occurs."

    On the face of it this sounds fair, but the problem is that being "sceptical" and "realistic" is far easier and requires much less effort than being "visionary"[1]. Too much of the former early on can really suck the life out of a team, increasing the risk that the product fails, or is simply never built.

    Safeguarding from abuse is much better achieved by systematic thinking and discipline (which are learned skills) rather than hiring "realists" who might simply turn out to be whiners and energy vampires.

    As much as Zoom is currently in the spotlight, and I can't say I'm overjoyed by a number of the issues I've read about (e.g., encryption keys being passed through Chinese servers?!??), many of them are the problems of success, and every successful company has or will experience their fair share of those.

    [1] I might also add that it's far easier to commentate and to critique than to do, eh, TechCrunch?

  • by TACIXAT on 4/4/20, 4:55 AM

    I see some people running meetings who can barely find the chat. I'm not sure I trust them to manage a waiting room.

  • by arkadiyt on 4/4/20, 1:08 AM

    > Starting April 5th, it will require passwords to enter calls via Meeting ID

    A meeting id with a password is semantically the same as a longer meeting id (or a meeting id with a character space larger than just digits). I wish they'd do that instead (make meeting ids longer) so I could continue to enter my company meetings with only a link but not have to worry about getting wardialed.

  • by jdlyga on 4/4/20, 1:16 AM

    I work for a large multi-national media company, and we've been using BlueJeans for video conferencing for the last few years. It's been very reliable, but I haven't heard of very many others using BlueJeans. I'm curious if the security issues in Zoom vs its competitors more have to do with the amount of people using it and putting eyes on it.

  • by wcoenen on 4/4/20, 11:33 AM

    Techcrunch links seem to redirect through guce.advertising.com nowadays, which is blocked by my ad blocker. Also, according to redirect-checker.org it takes 5 requests before finally landing on the actual page. Seems excessive.

  • by blackrock on 4/4/20, 9:40 AM

    I’ve used a lot of these tools, and I have to admit, Zoom is the best.

    As for the Zoombombing, I can’t say that I am surprised. All you really need is the URL.

    And all the other tools are like that too. Sure, you can require a separate passcode, but damn it, it’s like trying to figure out rocket science to enter the passcode.

    1) you have to dial the number

    2) you have to punch in the meeting ID

    3) you have to punch in the passcode.

    4) ERROR. You flipped it, and used the passcode for the meeting ID instead. Aargh.. frustration.

    5) Forget about the passcode. Just let everyone in that has the meeting ID. And monitor if there’s someone unknown on the line.

  • by faitswulff on 4/4/20, 2:55 AM

    Waiting rooms don't help because you don't see any identifying information. My sister's call got zoombombed even with a moderated waiting room. They were trying to keep within their university's students, but they couldn't see the email addresses associated with the zoom user name in the waiting room, so a griefer got through.

  • by mavsman on 4/4/20, 1:36 AM

    Hopefully they do this for existing users as well. One of my fellow teachers' classes got bombed today even after we were all sent instructions about securing our meetings, enabling waiting rooms, etc.

    She didn't follow the recommendation because she "didn't think someone would join" because she hadn't posted the meeting link on social media. You have you protect your users that won't protect themselves.

  • by rdlecler1 on 4/4/20, 3:11 AM

    Wouldn’t it have been easier to present an option to the presenter once X number of people joined? So 3-5, no, but more then a dialog pops up asking the presenter if they’d like to have a waiting room.

  • by wodenokoto on 4/4/20, 10:01 AM

    My understanding was that chats simply had too easy to guess names.

    Would this be solved by generating chat names through a cryptographic hash algorithm?

    I have google docs that are edible by anyone with the link and I’m kinda assuming that the link is as hard to guess as logging in with a password.

    Am I completely off and in dire need of reevaluating my personal web security?