Guest Post: Online Identity & Privacy Protection Tips For Children

Posted in Commentary with tags on August 9, 2023 by itnerd

By Ani Chaudhuri, CEO, Dasera

Beyond the usual guidelines, there are several innovative and layered approaches that parents might not have considered:

  • Digital Footprint Starts at Birth: Avoid sharing identifiable information about your child on public platforms. This includes full names, birth dates, and locations. A harmless birth announcement can offer malicious actors a starting point.
  • Rethink “Smart” Toys: Before purchasing, scrutinize the data handling practices of internet-connected toys. Many collect vast amounts of information, and not all have stringent security measures.
  • Understand School Data Handling: Engage with your child’s school to understand how they store, use, and protect student data. Often, educational platforms have data vulnerabilities or share information with third parties.
  • Voice-Activated Devices: Devices like Siri or Alexa constantly listen for activation cues. Ensure they aren’t inadvertently recording your child’s conversations or information.
  • Online Gaming: Even games designed for younger children can have chat features. Ensure these are disabled or monitored. Personal information can be unintentionally shared during seemingly innocent in-game conversations.

From the moment they are born. It may sound extreme, but children have a digital identity almost from birth in our current digital era. Whether it’s hospital records, pediatrician visits, or the first photo shared on social media, their digital footprint begins immediately. Each of these instances carries data – a golden ticket for identity thieves. Protecting a child’s ID isn’t just about preventing financial fraud; it’s about safeguarding their entire digital existence and future reputation.

Child ID and privacy isn’t just about what parents should do; it’s equally about the don’ts and nevers:

  • Never Use Their Name for Passwords: Using a child’s name or birthdate as a password for any online service is a glaring risk. It’s often the first thing hackers will try.
  • Don’t Overlook Data Breaches: Not all data breaches make headlines. Watch for breaches involving services your child uses and act accordingly.
  • Never Assume a Platform is Safe: Just because a platform is designed for children doesn’t mean it’s secure. Constantly scrutinize its data practices.
  • Don’t Underestimate Word of Mouth: Children learn much from their peers. Educate them about the basics of data privacy so they can be advocates among their friends.

Protecting a child’s ID and privacy in today’s world requires vigilance, continuous education, and proactive measures. It’s not just about today’s threats but also about preventing potential risks in the future. Parents must be the first line of defense, even if it means challenging the status quo of digital interaction.

Leave a comment »

Guest Post: Supercharging Investigations With Cado’s New Timeline 

Posted in Commentary with tags on August 9, 2023 by itnerd

While many organizations have doubled down on cloud security in recent years, most still wrestle with closing the gap between detection and response. Once malicious activity has been identified, it can feel nearly impossible to understand the true scope and impact. 

When it comes to incident response, the more data sources you can analyze in aggregate, the better your investigation will be; however, this isn’t easy – especially in the case of complex, multi-cloud environments. In Azure alone there are over 200 products and services, each with their own set of best practices and data sources. Each cloud provider has their own terminology, security tools, monitoring logs, and APIs, making it extremely difficult for analysts to know which data sources are most valuable to capture, how to capture them, and moreover, how to best investigate them. 

Naturally, security teams have attempted to apply legacy investigation tools and processes to the cloud, but deep-dive investigations are still too complicated and time consuming. In many cases, analysts need to use a patchwork of legacy and open-source tools and resort to spreadsheets to piece together an investigation. Worse, due to the amount of time and resources required to perform forensics in the cloud, security teams often don’t have the cycles to do an investigation as frequently as they feel is necessary, leaving the organization vulnerable to risk. 

Cado’s mission is to provide security teams with a faster and smarter way to perform forensics investigations in the cloud. The Cado platform harnesses automation at its core to expedite the end-to-end incident response process. When it comes to the investigation itself, the platform automatically presents key incident details including a full timeline of events, saving analysts weeks of time that would have been spent in spreadsheets. Cado’s timeline feature provides analysts with a unified view of hundreds of data sources across cloud-provider logs, disk, memory and more. Further, the Cado timeline supports cross-cloud evidence items to be viewed in a single pane of glass in cases where an incident spans multiple public cloud environments. This level of contextual awareness is vital in understanding the impact and scope of an incident. 

As part of this latest product release, Cado has introduced additional enhancements to its timeline feature to help security teams further supercharge investigations and reduce Mean Time To Response (MTTR). Here’s an overview of the most recently released timeline functionality:

New Timeline View

Cado is excited to have revamped the look and feel of the timeline feature so that it is more intuitive to navigate and pivot off key artifacts during an investigation. From card view to a powerful tabular view, we hope this will greatly streamline the analysis process. This new view also aligns with our mission to make forensics more approachable so that analysts of all levels can perform incident response in the cloud. 

Cado is excited to have revamped the look and feel of the timeline feature so that it is more intuitive to navigate and pivot off key artifacts during an investigation. From card view to a powerful tabular view, we hope this will greatly streamline the analysis process. This new view also aligns with our mission to make forensics more approachable so that analysts of all levels can perform incident response in the cloud. 

Faceted Search

Faceted search will allow users to narrow down their search results quickly using facet options, which represent categories of data. The facet options Cado presents will provide awareness to the user on the core data types/ attributes the events contain, enabling them to refine datasets quickly and efficiently using the facet navigation, rather than having to add filters to their query in the search bar manually, which can burden the user. 

Saved Search

Saved search will allow users to save investigation queries for re-use at a later date. During an investigation, particularly in the earlier analysis phases, a user will be exploring and pivoting across datasets and will have naturally built-up a considerable query in the search bar. Users can now preserve this query so they can re-execute it on their next session (or even share it with colleagues). This feature will save precious investigation time by not having to rebuild a query from scratch, thus enabling rapid search and visibility.

If you’re interested in learning more, reach out to our team or take advantage of a 14-day free trial of the Cado platform! 

Leave a comment »

NetRise Introduces New Features for Managing SBOMs & CISA KEV Catalog Support  

Posted in Commentary with tags on August 9, 2023 by itnerd

NetRise, the company providing granular visibility into the world’s XIoT security problem, today announced advanced capabilities for maintaining and working with Software Bill of Materials (SBOMs) and support for the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV) Catalog for managing and understanding the risks associated with software components in the firmware of connected devices. 

As the security of the software and firmware supply chain and regulation around SBOMs continue to dominate the industry landscape, the impact of consuming and generating a list of ‘ingredients’ for each device cannot be overstated. With the continuing push for new standards to require visibility in the supply chain, device consumers and asset owners need a solution to enable them to streamline SBOM management and vulnerability prioritization efforts.

NetRise recognizes the current challenges in the market, enhancing its customers’ and partners’ ability to manage vulnerabilities effectively, and offers the solution these industry personas have been seeking; the ability to ingest and enrich SBOMs from multiple sources. This key capability helps device manufacturers and owners alike better manage the underlying components and vulnerabilities of XIoT devices. 

With the growing prominence of KEVs, NetRise’s adoption of CISA’s KEV data provides users with an efficient method for prioritizing the most exploitable vulnerabilities. Today, a typical enterprise sorts through potentially hundreds of thousands of vulnerabilities, and the ability to prioritize remediation efforts based on exploitability alters the dynamics of device security. In 2022, about 30% of KEVs affected XIoT devices or software components used by XIoT devices. So far, in 2023, that figure is approximately 20%. Considering that any CVE could be on the KEV list, these are impressive numbers. 

Key benefits of these new features in the NetRise Platform include:

  • By overlaying CISA KEV catalog data, NetRise empowers a comprehensive understanding of known exploits to identify, address, and prioritize the most critical vulnerabilities.
  • The NetRise platform supports the ingestion of two major SBOM formats (SPDX and CycloneDX), enriches them with vulnerability information, and exports in either format for external use.
  • With a dark mode feature to minimize eye strain and enhance visibility in glare-prone environments, NetRise delivers an innovative interface design for improved user experience. 

For more information about NetRise’s presence at Black Hat USA 2023, please visit https://www.netrise.io/events. To learn more about these advancements and other capabilities of the NetRise platform, visit https://www.netrise.io/platform 

Leave a comment »

Google Canada commits $2.5 million to NPower Canada 

Posted in Commentary with tags on August 9, 2023 by itnerd

Today, Google Canada announced a $2.5 million commitment to NPower Canada, unlocking the opportunity to offer 5,000 needs-based scholarships to underserved job-seekers across Canada, to gain the skills required to access careers in tech.

The grant enables NPower Canada to integrate and deliver Google Career Certificates in both English and French as a core component of its workforce development programs. Google.org has been supporting NPower Canada since 2020, and prior to today, Google has committed close to $5 million to NPower Canada, which has helped over 4,000 underserved and financially barriered job seekers enroll in NPower Canada’s scholarship-based programs.

Here’s two examples of people who benefitted from this initiative:

  • Olena Kotelnykova, Financial Clerk, the Town of Berwick- Berwick,Nova Scotia: Olena graduated from NPower Canada’s Junior IT Analyst program in January 2023 after making the difficult decision to migrate to Canada to escape the war in Ukraine. After arriving in Canada, she discovered NPower’s program which gave her the skills and experience to secure a role as a Financial Clerk at the Town of Berwick within three months of participating. The program not only gave her the expertise, but provided her with a strong community to lean on as she built her new life in Canada.
  • Han Hyung Lee, Customer Account Specialist, Shaw Communications – Vancouver, British Columbia: Originally from Hong Kong and seeking new opportunities overseas, Han struggled to land a job despite his previous experience. This inspired him to enroll in the program with NPower Canada. With guidance, he was able to overcome barriers in his job search and integrate himself into the IT community in Vancouver. Han graduated from NPower’s Junior IT Analyst Program with a Google IT Support Professional Certificate that helped him land a role as a Customer Account Specialist with Shaw Communications. 

 More information can be found in Google’s press release and blog post.

Leave a comment »

Guest Post: Credit Bureau fraud surged to 500,000 cases in H1 2023, FTC reports

Posted in Commentary with tags on August 9, 2023 by itnerd

Data analyzed by Atlas VPN reveals the threat of credit bureau scams has escalated, leading to an alarming rise in cases of identity theft and financial fraud.  

This article delves into the evolving landscape of credit bureau scams, integrating data provided by the Federal Trade Commission (FTC) spanning from the first quarter of 2019 to the second quarter of 2023.  

During the first half of this year, the FTC has already received 517,128 credit bureau fraud reports, a record amount since the start of the reporting period in 2019. 

 The data for 2019 shows a relatively modest start with 35,853 credit bureau fraud reports in the first quarter. However, by the end of the year, the numbers had risen to 42,285—an increase of nearly 18% in four quarters. This precursor hinted at the looming escalation of credit bureau scams that would follow in the subsequent years. 

The year 2020 witnessed an abrupt surge in credit bureau fraud reports, reflecting a global shift towards remote operations and heightened digital interactions due to the COVID-19 pandemic.

Starting at 53,945 reports in Q1, the numbers swelled to 101,850 by Q4—a staggering 89% increase. This surge can be attributed to the heightened vulnerability of individuals to phishing attacks and data breaches as scammers capitalized on the pandemic-induced confusion. 

As the pandemic persisted into 2021, the number of credit bureau fraud reports remained consistently high. Q1 of 2021 saw a substantial increase to 141,613 reports, marking a 39% rise from the previous quarter. While the numbers remained elevated, the increase was not as pronounced as the previous year. This trend suggested that individuals and institutions were adapting to the new digital landscape and implementing more stringent security measures. 

The year 2022 displayed a pattern of gradual escalation and refinement in scam techniques. With 192,547 reports in Q4, an increase of nearly 49% from the beginning of the year, scammers were evidently honing their strategies to exploit the evolving digital landscape. This might indicate a shift towards more sophisticated approaches, targeting unsuspecting victims using innovative tactics like spear phishing and AI-generated scam messages. 

The first half of 2023 exhibited an alarming growth in credit bureau fraud, with 243,293 reports in the first quarter and 273,835 in the second. This surge likely reflects fraudsters capitalizing on an increased reliance on digital transactions, remote work arrangements, and a growing pool of leaked data.

The Anatomy of credit bureau scams 

Fraudsters gather personal data from various sources, including data breaches, social media profiles, phishing emails, or even dumpster diving for discarded documents. This information may include full names, addresses, Social Security numbers, and financial details. 

Armed with stolen information, scammers proceed to create false identities or fictitious accounts with the credit bureaus. They pose as legitimate individuals and submit fraudulent applications for credit cards, loans, or other financial services. 

Once the fake accounts are established, the fraudsters regularly monitor the credit reports of their victims. They keep track of credit scores and activities, ensuring that the deception remains undetected. 

With access to the victim’s credit lines, the scammers go on a spending spree, amassing debts on the fraudulent accounts. These expenses may include lavish purchases, cash advances, or transferring funds to offshore accounts. 

To avoid arousing suspicion, fraudsters often make minimum payments on fraudulent accounts, disguising the true nature of their activities. They may also use techniques like ‘bust-out fraud,’ where they max out credit limits and abandon the accounts before moving on to new ones. 

As the debts accumulate, the victim’s credit score plummets, causing significant damage to their financial standing and reputation. The burden of repaying debts they never incurred can take years to resolve, causing emotional distress and financial hardship. 

To read the full article, head over to: https://atlasvpn.com/blog/credit-bureau-fraud-surged-to-500-000-cases-in-h1-2023-ftc-reports

Leave a comment »

ABC Partially Dumps Twitter Saying Its Too Toxic

Posted in Commentary with tags on August 9, 2023 by itnerd

Twitter (I refuse to call it X because that’s such a stupid name for an online platform) has taken it’s latest body blow as Australian public broadcaster ABC has partially dumped them in epic fashion:

The ABC is shutting down almost all of its official accounts on Twitter – now known as X under Elon Musk’s ownership – citing “toxic interactions”, cost and better interaction with ABC content on other social media platforms.

There will only be four remaining official accounts for Australia’s public broadcaster: @abcnews, @abcsport, @abcchinese and the master @abcaustralia account. ABC Chinese reaches Chinese-speaking audiences on X.“

Starting from today, other ABC accounts will be discontinued,” the ABC managing director, David Anderson, has told staff.

Instead of adapting to the new atmosphere Musk has created, the ABC will now push their content on other sites like Facebook, YouTube and TikTok. Which you know will really make Elon Musk mad. But the thing is that when you’ve done the sort of damage that Elon has, you can’t be shocked when organizations say “enough is enough” and bail in whole or in part. And this move is likely to spur other news organizations to do the same thing. All of which will continue the death spiral that Twitter is in because it will lessen the value and relevance of Twitter. Leaving Elon unable to make money from it and further highlighting how incompetent Elon is.

Leave a comment »

India’s Digital Personal Data Protection Bill Moves Through Parliament

Posted in Commentary with tags , on August 8, 2023 by itnerd

India’s Digital Personal Data Protection Bill of 2023 passed in the lower house of Parliament and will now face the higher house before it becomes law. Highlights of the bill include:

  • The Bill will apply to the processing of digital personal data within India where such data is collected online, or collected offline and is digitised.  It will also apply to such processing outside India, if it is for offering goods or services in India.
  • Personal data may be processed only for a lawful purpose upon consent of an individual.  Consent may not be required for specified legitimate uses such as voluntary sharing of data by the individual or processing by the State for permits, licenses, benefits, and services.
  • Data fiduciaries will be obligated to maintain the accuracy of data, keep data secure, and delete data once its purpose has been met.
  • The Bill grants certain rights to individuals including the right to obtain information, seek correction and erasure, and grievance redressal.
  • The central government may exempt government agencies from the application of provisions of the Bill in the interest of specified grounds such as security of the state, public order, and prevention of offences.
  • The central government will establish the Data Protection Board of India to adjudicate on non-compliance with the provisions of the Bill.

But all of this does concern me:

  • Exemptions to data processing by the State on groundssuch as national security may lead to data collection, processing, and retention beyond what is necessary.  This may violate the fundamental right to privacy.
  • The Bill does not regulate risks of harms arising from processing of personal data.  
  • The Bill does not grant the right to data portability and the right to be forgotten to the data principal.
  • The Bill allows transfer of personal data outside India, except to countries notified by the central government.  This mechanism may not ensure adequate evaluation of data protection standards in the countries where transfer of personal data is allowed.

Ani Chaudhuri, CEO, Dasera had this comment:

In today’s hyper-connected world, data is businesses, governments, and individuals lifeblood. The Digital Personal Data Protection Bill, 2023, tabled by the Indian Parliament, promises to reshape India’s digital ecosystem fundamentally. However, some provisions raise eyebrows, and some sigh relief. As the CEO of a leading data security and governance firm, here’s my perspective:

1. Applicability and Scope: The Bill’s clarity on what constitutes digital and non-digital data is commendable. This distinction is pertinent in our digital transformation era, where data can easily traverse between these forms. However, the territorial applicability might leave room for data misuse if foreign entities do not offer goods or services but still process Indian data.

2. Consent: The Bill strengthens the individual’s position as the custodian of their data. The stipulation around explicit affirmative action for consent is a commendable step forward. However, the reliance on “consent managers” might introduce new business complexities.

3. Grounds of Processing: The shift from ‘deemed consent’ to ‘legitimate uses’ presents challenges and opportunities. While it offers clarity, it significantly burdens businesses to rethink their data collection and processing strategies.

4. Data Fiduciaries: The onus on data fiduciaries to ensure compliance even when they outsource the processing is a welcome move. This will ensure a chain of responsibility and enforce better data practices.

5. Cross-border Transfers: A “negative list” approach, while seemingly liberal, might lead to complications if the principles on which countries are barred aren’t transparently laid out.

6. Blocking Power: A potentially controversial move. Any power to block public access must be exercised with utmost caution, ensuring it does not stifle freedom of expression or business continuity.

7. Exemptions: A double-edged sword. While exemptions might be necessary for state functionality, they shouldn’t become a backdoor to bypass the very essence of the bill.

8. Penalties: Reducing the maximum penalty suggests a softer stance on non-compliance. Whether this is conducive to robust data protection or simply a concession to businesses is up for debate.

Overall, the 2023 Bill is a thoughtful attempt to balance protecting individual rights and fostering business growth. However, the concerns around compliance costs, especially for startups, are genuine. Without ‘deemed consent’ will undoubtedly introduce more rigidity into the system. While data protection is of utmost importance, we must ensure that we do not inadvertently stifle innovation and business growth.

Although lacking specific timelines, the phased approach to implementation gives businesses a window to adapt. However, startups may bear the brunt, given the high compliance costs. The bill in its current form appears to swing the pendulum more towards protection and less towards ease of doing business.”

While the Bill addresses several data protection concerns, it remains to be seen how its implementation will affect the digital landscape in India. What’s imperative is a continuous dialogue between stakeholders to ensure the Bill serves its purpose without stifling the Indian digital ecosystem.

I am very suspicious of this bill personally because of the privacy related concerns that I highlighted earlier, among other concerns. But there are things that could be considered “good” in this bill that I will see how it is implemented and what the effects of that implementation are before passing judgement on it.

Leave a comment »

HP Revolutionizes the Workstation Experience With The HP Z4 Rack G5

Posted in Commentary with tags on August 8, 2023 by itnerd

Today, at SIGGRAPH, HP is announcing the new HP Z4 Rack G5, the world’s most powerful 1U rack workstation. The Z4 Rack G5 is designed and engineered to revolutionize the way professionals work remotely with a compact 1U form factor design, and advanced performance tailored to the needs of the most demanding customers. As data scientists, content creators and engineers adapt to the expectation of working from anywhere, the HP Z4 Rack G5 offers the flexibility needed to deliver high-quality, high-performance computing from wherever you sit.

HP Z4 Rack G5 Features:

  • Equipped to power the needs for advanced VFX, 3D modeling, and rendering with up to 24 cores in an Intel® Xeon® W-2400 CPU, support for NVIDIA RTX™ 6000 Ada Generation graphics, and up to 256 GB DDR5 memory, all with room to upgrade and expand.
  • Innovative engineering enables optimal thermal performance, allowing the workstation to handle intensive workloads without compromising productivity.
  • Built with premium components, and rigorously tested for reliability and durability, the Z4 Rack G5 provides uninterrupted performance for critical tasks.
  • With the option of HP Anyware, teams can access the power of the Z4 Rack from any device, delivering fast responsiveness and image quality, even under varying network connections.
  • Certified for pro apps and with HP Wolf Security for Business, it’s protected below, in, and above the OS.

 Additionally, as Z by HP customers – creators, engineers, and data scientists – evolve their workflows, graphics performance has become important to their success. That’s why HP is announcing support for the new Ada Generation GPUs — NVIDIA RTX 5000, NVIDIA RTX 4500, and NVIDIA RTX 4000 — across their platforms. HP also currently supports the NVIDIA RTX 6000. NVIDIA RTX Ada Generation GPUs offer abundant graphics memory with error-correcting code (ECC) for rendering, data science, and engineering simulation. The fourth-generation Tensor Cores provide up to 5X the model training performance and up to 5X the inference performance of the previous-generation NVIDIA Ampere architecture for faster generative AI content creation. 

HP is revolutionizing the way professionals work with a seamless experience for unmatched productivity, making it an ideal solution for industries such as data science, content creation, engineering, design, and virtualization.

More info about HP at SIGGRAPH can be found here: https://www.hp.com/us-en/workstations/events/siggraph.html

Leave a comment »

Abnormal Security Announces New Capability to Detect AI-Generated Email Attacks

Posted in Commentary with tags on August 8, 2023 by itnerd

Abnormal Security, the leading behavioral AI-based email security platform, today announced CheckGPT, used to detect AI-generated attacks. The new capability determines when email threats, including business email compromise (BEC) and other socially-engineered attacks, have likely been created using generative AI tools. 

Cybercriminals are constantly evolving their attack tactics to evade detection by security defenses, and generative AI is the newest weapon in their arsenal. Using tools like ChatGPT or its malicious cousin WormGPT, threat actors can now write increasingly convincing emails, scaling their attacks in both volume and sophistication. In its latest research report, Abnormal observed a 55% increase in BEC attacks over the previous six months—with the potential for volumes to increase exponentially as generative AI becomes more widely adopted.

Unlike traditional email security solutions, Abnormal takes a radically different approach to stopping advanced email attacks, making it particularly well-suited to the challenge of blocking AI-generated attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack.

After initial email processing, the Abnormal platform expands upon this classification by further processing email attacks to understand their intent and origin. The CheckGPT tool leverages a suite of open source large language models (LLMs) to analyze how likely it is that a generative AI model created the message. The system first analyzes the likelihood that each word in the message has been generated by an AI model, given the context that precedes it. If the likelihood is consistently high, it’s a strong potential indicator that text was generated by AI. 

The system then combines this indicator with an ensemble of AI detectors to make a final determination on whether an attack was likely to be generated by AI. As a result of this new detection capability, Abnormal recently released research showing a number of emails that contained language strongly suspected to be AI-generated, including business email compromise and credential phishing attacks. 

Leave a comment »

Zoom Accused Of Using User Data To Train Their AI

Posted in Commentary with tags on August 8, 2023 by itnerd

Something that blew up in the world yesterday is an accusation that Zoom is using customer data to train its AI with no option to opt out. This Tweet (or X? seeing as Twitter is now X) is an example of this: 


To verify that accusation, I went looking for their terms of service and found them here: https://explore.zoom.us/en/terms/

This is the verbiage that is at issue: 

You consent to Zoom’s access, use, collection, creation, modification, distribution, processing, sharing, maintenance, and storage of Service Generated Data for any purpose, to the extent and in the manner permitted under applicable Law, including for the purpose of product and service development, marketing, analytics, quality assurance, machine learning or artificial intelligence (including for the purposes of training and tuning of algorithms and models), training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof, and as otherwise provided in this Agreement.

This looks bad and appears to confirm the accusation. But Zoom doesn’t see things that way. Here’s a link where Zoom pushed back on these claims: 

https://blog.zoom.us/zooms-term-service-ai/

Specifically:

For AI, we do not use audio, video, or chat content for training our models without customer consent.

And if you read the whole document, it talks about two Zoom features that use AI:

  • Zoom IQ Meeting Summary
  • Zoom IQ Team Chat Compose

And Zoom goes on to say this:

When you choose to enable Zoom IQ Meeting Summary or Zoom IQ Team Chat Compose, you will also be presented with a transparent consent process for training our AI models using your customer content. Your content is used solely to improve the performance and accuracy of these AI services. And even if you chose to share your data, it will not be used for training of any third-party models. 

The blog post shows that a lot of these features are turned off by default. I’ve confirmed this with a couple of my clients who use Zoom, which confirms what Zoom is saying. But this blew up because so many other companies have been caught collecting user data to train AI. And the way that the way that the terms of service is written doesn’t help to give users of Zoom any other view than Zoom is doing the same thing. I am tempted to give Zoom a pass on this one. But given Zoom’s past history when it comes to security and other issues, Zoom really has to demonstrate that they are trustworthy 100% of the time.

UPDATE: Allen Drennan, Co-Founder & Principal, Cordoniq provided me with this comment:

When private organizations are uploading internal confidential information and IP into a meeting, they are not considering the ramifications of providing their data to a third-party provider that is managed in a cloud they do not control. The issue is not just limited to shared screens or multi-page confidential shared documents. It is also extended to recordings of the meetings and the audio and video used within the meeting. When implementing these types of online meeting services, you really must have control over both security and privacy but also the entire deployment including the backend and your organization should be in a legal position to provide your own terms of service and license agreement to your consumers.

Leave a comment »

« Older Entries
Newer Entries »