Yet another reason not to use 's proprietary video conferencing service. They care more about their public image than their users' security, and lie about trying to silence security researchers doing responsible disclosure with hush money:

There are a number of hosted or self-hostable alternatives, including , as well as conferencing apps like , and protocols like .

@strypey for what it's worth, we're planning another Big Blue Button trial (it's been undergoing quite a lot of dev work, moving it away from Flash, towards WebRTC)... Worth another look, so we can ditch our last proprietary hold-out.

@lightweight good to hear, on both counts (BBB,ditching Flash and OERu ditching Zoom) :) Just out of curiosity, why has Jitsi Meet not been considered a viable replacement for Zoom?

@strypey Jitsi Meet uses an end-to-end encrypted transfer model, so bandwidth reqs increase exponentially with # of participants. Need to have a spoked model to achieve usable performance for more than 5-8 participants. BBB can (depending on central server grunt) theoretically support hundreds or even thousands.

@lightweight ah, OK. Does BBB achieve this by just doing without encryption, or by managing it differently?

@strypey It has to decrypt the stream at the central point to create a "spoke" model... (each user gets a combined stream of video which is bounded in bandwidth).

@strypey isn't it normal for security researchers to basically go "give me 50$ or i'll tell everyone there's a bug"

@icedquinn no. The article talks about how responsible disclosure and bug bounties are supposed to work. TL;DR public disclosure, with a delay to allow fixes to be applied, is the norm.

@strypey @bob I think it originated from a different project called Spreed.

Sign in to participate in the conversation
Mastodon - NZOSS

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!