The AskWoody Newsletter
FREE EDITION
In this issue SOCIAL NETWORKING: Zoom: Is it safe? BEST OF THE LOUNGE: Whether to clean or not to clean the registry Additional articles in the PLUS issue LANGALIST: How USB booting leaves a digital trail .NET Framework oddities and ESU issues highlight May patching Freeware Spotlight — Open Hardware Monitor
INTRODUCTION We’re hunkered down at AskWoody, too
It’s amazing to me how quickly the world has changed … moving in a direction I’ve long advocated — and tried to emulate in my personal life. We now have a global electronic infrastructure that’s enormous and effective — if nascent and highly variable in quality. Pity it took something as devastating as COVID-19 to firmly push the world in that direction. AskWoody.com is here to help. As you can see from this week’s free article, we’re looking outside the PC box to bring you news and tips from all over the tech milieu. I don’t know anybody who uses just Windows any more. Heck, even Microsoft is getting ready to release a fancy new phone — which will run Android. When it comes to tech questions and answers, we have lots of volunteers ready to help on AskWoody.com. Drop by, register an account if you don’t already have one (it’s free, too), and pitch in. — Woody SOCIAL NETWORKING Zoom: Is it safe?
By Lincoln Spector Have you noticed that the start of every article about Zoom suggests that it has quickly turned into the most needed app on the planet? Thanks to the pandemic, what was created as a business-conferencing tool has become the de facto means for ordinary people to connect to each other. My wife, a faculty member at the San Francisco Conservatory of Music, uses Zoom to teach her students miles away. Family get-togethers, schools, charity events, remote concerts, and even television hosts now depend on the service. But while Zoom’s stock was exploding, the programmers who built the platform seemed to be tripping over their shoelaces. Problems kept popping up, often followed by official apologies. And then came the reports of questionable privacy policies and online trolls crashing meetings. With good reason, people started asking, “Is Zoom safe?” In a previous article about Zoom and similar services (2020-04-06 AskWoody issue), I concentrated on video-conferencing etiquette and ease of use (or lack thereof). I wrote that article in March, just as we were getting used to the new world of stay-at-home socializing. We were all learning as we went along. Thus I ignored one of the more difficult questions about these services: To what degree are Zoom and its competitors spying on us? Because I ultimately recommended Zoom as the easiest video-conferencing service for users of any technical skill — yes, even Uncle Fred could get it working — I’m going to focus on its failings. Both accidentally and intentionally, the company has put your privacy at risk. Much has been written about these problems in recent weeks, so I’ll give you a summary of what you really should know about the service — and others. A potential threat to school kids
In early April, New York City banned Zoom for school use — even though “thousands of teachers and students began using it for remote learning,” according to an article penned by Chalkbeat’s Alex Zimmerman. It went on to say: “The education department received reports of issues that impact the security and privacy of the platform during the credentialing process … .” A month later, the city lifted the ban after Zoom made security changes. Quoted in a Spectrum News NY1 article, New York DOE Schools Chancellor Richard Carranza stated: “The security of our students and staff is paramount, and we’ve worked with Zoom to create a tailored platform that provides the safety and functionality schools need to engage in remote learning.” In a Zoom blog post, the company claims to be hard at work providing a safer environment. Are these real and significant fixes? Or are they little more than the digital equivalent of slapping on some new paint? We just don’t know yet. But based on the aforementioned blog, Zoom does seem to be taking its issues seriously. Party crashing and other bad behavior
As with all major events, the current pandemic has created its own vernacular. One of the more unique additions is Zoombombing — which I sincerely hope you’ll never experience. This is the Internet version of crashing a party, starting fights, and painting offensive epitaphs on walls … except you’ll never know who ruined your fun. As noted in a CNET article, it’s horribly easy to Zoombomb a meeting. If you search for URLs containing zoom.us, you might get hundreds of vulnerable Zoom-enabling sites. Fortunately, the article provides some tips for blocking Zoom hooligans. But not all the service’s problems are as visible or caused by outside actors. As reported in a Vice article, the iOS edition of Zoom was for some time sending personal data to Facebook — even if the user was not a Facebook subscriber. At the time, there was no mention of Facebook in Zoom’s privacy policy. Privacy Matters activist Pat Walshe called that policy “shocking.” Once the information came out, Zoom, not surprisingly, stopped sending information to Facebook. When I researched my earlier article, I skimmed through Zoom’s 3,855-word privacy policy. Among numerous worrisome points was the statement that it “covers all Personal Data that you affirmatively provide during your interactions with us, information that we automatically collect when you interact with our Products, and information that we collect about you from third parties.” That sounds intrusive, but it’s hard to know whether that’s any worse than, say, Facebook, Windows, or macOS. The latest version of the statement, dated March 29, claims that “We do not sell your personal data.” I haven’t studied the entire statement — it has ballooned to 5,225 words — and probably wouldn’t understand it all if I did. But you might want to read the top bullet points and judge for yourself. Just how bad is this?
Given its history and recent news coverage, it’s not surprising that people describe Zoom as “fundamentally corrupt” and “malware.” Nevertheless, it’s still extremely popular; it has become the Google of personal video conferencing. So whether to use it mostly comes down to what you’re willing to tolerate. Even Windows has been dubbed “malware” (Computer World article). Zoom used to claim that its service had end-to-end encryption — an assertion made by redefining the concept. When it turned out not to be so, the company had to eat crow. Zoom acknowledged “a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.” In a May 7 Zoom blog post, the company announced that it had acquired an encryption startup called Keybase — I assume to improve the service’s privacy problems. That might help small gatherings, but it’s unlikely today’s technology can handle simultaneous end-to-end encryption for 100 or more nodes. Most troubling, Zoom’s technology exposed personal devices to malware. Last year, a security researcher discovered that the program installed hidden and potentially vulnerable Web servers onto Macs. Soon after that became public knowledge (July 2019), Zoom reported that it had removed the code via an update. Why not simply use another service?
There are, of course, alternatives to Zoom — Cisco’s Webex, Google Meet, and Microsoft Teams, to name just a few. (I discussed Webex and Google Duo in my April 6 article.) Sure, there might be better choices, but we’re up against the Facebook dilemma — i.e., you might prefer a less intrusive social network (MeWe, for example), but all your friends, family, and business associates are glued to Godzilla. Zoom is now the behemoth of both business and non-business video conferencing. For a Consumer Reports Digital Lab article, privacy researcher Bill Fitzgerald took on the arduous task of examining the policies of several video-conferencing platforms. The conclusion: “While there are differences … on balance, the differences aren’t enormous … from a privacy point of view, none of these options is great.” So even if you could convince your acquaintances to move to another meeting service, it probably wouldn’t remove the underlying privacy problems. Am I sticking with Zoom?
Probably. Until the virus is under control, we need a way to socialize without endangering our lives or those of others. I’m not willing to take the risk of shopping in public without a mask, but I am willing to possibly lose some privacy in order to continue connecting with friends and family. And there really isn’t a significantly better option. Whether you’re using Zoom or one of its competitors, assume that someone untrustworthy might be recording what you’re saying. So don’t read out your personal bank account number, or proprietary business info, or the secret family recipe for gefilte fish in a Zoom meeting. If you really need to keep something private, use an encrypted email service such as Sendinc — or just use the phone!
Lincoln Spector writes about computers, home theater, and film and also maintains the blog Bayflicks.net. His articles have appeared in CNET, InfoWorld, The New York Times, The Washington Post, and other publications. Best of the Lounge Whether to clean or not to clean the registry
It’s likely you’ve used Windows’ built-in tools and/or third-party apps to remove leftover bits of defunct programs and other junk from your PC. But what about cleaning the Windows registry? Windows doesn’t offer its own registry clean-up tool — Microsoft would prefer that users leave that OS component alone. But that doesn’t necessarily mean that there’s no benefit to sweeping out the accumulated detritus. With that in mind, MVP Rick Corbett explored the registry’s exponential growth from Windows 7 to Windows 10 — and gives his thoughts on the “cleaning” question. Fellow Loungers chime in with their views — of course! Windows 10 When Plus member WillFastie recently lost the ability to customize the Start menu on a Win10 Pro 1909 PC, he asked others in the forum whether they had run into the problem. Installing the latest Windows updates proved fruitless — the right-click context menu would still not function properly. WillFastie found the fix: removing or resetting a registry key called NoChangeStartMenu. The only unanswered question was how it got there. Browsers Two different computers, two different approaches to saving downloaded files. Plus member Ron M ‘s machine lets him decide where to put files brought down from the Internet. But his wife’s computer offers only the “Downloads” folder as a destination. Ron wants his wife’s system to match his. The issue is quickly solved with a simple change in browser settings. If only all problems were this easy to fix! Security An anonymous reader wonders whether there’s a better and cheaper security suite than Kaspersky’s Total Security. What’s running on your setup? Windows 10 After air dusting the motherboard and fans on an ASUS M4A88-TD3 PC, Plus member Lil88reb discovered that the machine refused to enter sleep mode automatically. It would sleep when prodded by a manual power selection. Worse yet, the problem would come and go on three different systems. So was the cleaning just coincidence? Fellow Loungers offered suggestions, but Lil88reb is still on square one. Can you diagnose the problem? MS Office Upgrades can be really frustrating. Plus member LH had no problems with email when using Office 2010 on a Win7 machine. But then came the new Win10 system with Office 365. After some back-and-forth in the forum, LH arrived at a solution: changing a security setting in Gmail. UTILITIES An anonymous reader prods the forum for a WinPatrol alternative. The tool takes a snapshot of critical system resources and reports any changes. But it reportedly hasn’t been updated or supported since 2017. Anonymous is still looking for suggestions. Post yours! If you’re not already a Lounge member, use the quick registration form to sign up for free.
Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com). Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners. Your email subscription:
Copyright © 2020 AskWoody LLC, All rights reserved. |