Yet another reason not to use #Zoom's proprietary video conferencing service. They care more about their public image than their users' security, and lie about trying to silence security researchers doing responsible disclosure with hush money:
@lightweight good to hear, on both counts (BBB,ditching Flash and OERu ditching Zoom) :) Just out of curiosity, why has Jitsi Meet not been considered a viable replacement for Zoom?
@strypey Jitsi Meet uses an end-to-end encrypted transfer model, so bandwidth reqs increase exponentially with # of participants. Need to have a spoked model to achieve usable performance for more than 5-8 participants. BBB can (depending on central server grunt) theoretically support hundreds or even thousands.
@lightweight ah, OK. Does BBB achieve this by just doing without encryption, or by managing it differently?
@strypey It has to decrypt the stream at the central point to create a "spoke" model... (each user gets a combined stream of video which is bounded in bandwidth).
@strypey isn't it normal for security researchers to basically go "give me 50$ or i'll tell everyone there's a bug"
@icedquinn no. The article talks about how responsible disclosure and bug bounties are supposed to work. TL;DR public disclosure, with a delay to allow fixes to be applied, is the norm.