ISSUE 17.19.F • 2020-05-18
Logo
The AskWoody Newsletter
FREE EDITION

In this issue

SOCIAL NETWORKING: Zoom: Is it safe?

BEST OF THE LOUNGE: Whether to clean or not to clean the registry

Additional articles in the PLUS issue

LANGALIST: How USB booting leaves a digital trail

.NET Framework oddities and ESU issues highlight May patching

Freeware Spotlight — Open Hardware Monitor

ADVERTISEMENT
Duplicate Photo Cleaner box

Duplicate Photo Cleaner

Duplicate Photo Cleaner is absolutely the best way to remove duplicate photos from your PC and phone!

Tired of cluttered photo albums? Get DPC at a special AskWoody discounted price, and delete duplicate and similar photos from your computer and smartphone in a flash! AskWoody special: Add File Cleaner for just $9.95!

Click here to claim your exclusive discount! Duplicate photos won’t stand a chance.

INTRODUCTION

We’re hunkered down at AskWoody, too

It’s amazing to me how quickly the world has changed … moving in a direction I’ve long advocated — and tried to emulate in my personal life. We now have a global electronic infrastructure that’s enormous and effective — if nascent and highly variable in quality. Pity it took something as devastating as COVID-19 to firmly push the world in that direction.

AskWoody.com is here to help. As you can see from this week’s free article, we’re looking outside the PC box to bring you news and tips from all over the tech milieu. I don’t know anybody who uses just Windows any more. Heck, even Microsoft is getting ready to release a fancy new phone — which will run Android.

When it comes to tech questions and answers, we have lots of volunteers ready to help on AskWoody.com. Drop by, register an account if you don’t already have one (it’s free, too), and pitch in.

Woody


SOCIAL NETWORKING

Zoom: Is it safe?

Lincoln Spector

By Lincoln Spector

Have you noticed that the start of every article about Zoom suggests that it has quickly turned into the most needed app on the planet?

Thanks to the pandemic, what was created as a business-conferencing tool has become the de facto means for ordinary people to connect to each other. My wife, a faculty member at the San Francisco Conservatory of Music, uses Zoom to teach her students miles away. Family get-togethers, schools, charity events, remote concerts, and even television hosts now depend on the service.

But while Zoom’s stock was exploding, the programmers who built the platform seemed to be tripping over their shoelaces. Problems kept popping up, often followed by official apologies. And then came the reports of questionable privacy policies and online trolls crashing meetings. With good reason, people started asking, “Is Zoom safe?”

In a previous article about Zoom and similar services (2020-04-06 AskWoody issue), I concentrated on video-conferencing etiquette and ease of use (or lack thereof). I wrote that article in March, just as we were getting used to the new world of stay-at-home socializing. We were all learning as we went along. Thus I ignored one of the more difficult questions about these services: To what degree are Zoom and its competitors spying on us?

Because I ultimately recommended Zoom as the easiest video-conferencing service for users of any technical skill — yes, even Uncle Fred could get it working — I’m going to focus on its failings. Both accidentally and intentionally, the company has put your privacy at risk. Much has been written about these problems in recent weeks, so I’ll give you a summary of what you really should know about the service — and others.

A potential threat to school kids

In early April, New York City banned Zoom for school use — even though “thousands of teachers and students began using it for remote learning,” according to an article penned by Chalkbeat’s Alex Zimmerman. It went on to say: “The education department received reports of issues that impact the security and privacy of the platform during the credentialing process … .”

A month later, the city lifted the ban after Zoom made security changes. Quoted in a Spectrum News NY1 article, New York DOE Schools Chancellor Richard Carranza stated: “The security of our students and staff is paramount, and we’ve worked with Zoom to create a tailored platform that provides the safety and functionality schools need to engage in remote learning.”

In a Zoom blog post, the company claims to be hard at work providing a safer environment. Are these real and significant fixes? Or are they little more than the digital equivalent of slapping on some new paint? We just don’t know yet. But based on the aforementioned blog, Zoom does seem to be taking its issues seriously.

Party crashing and other bad behavior

As with all major events, the current pandemic has created its own vernacular. One of the more unique additions is Zoombombing — which I sincerely hope you’ll never experience. This is the Internet version of crashing a party, starting fights, and painting offensive epitaphs on walls … except you’ll never know who ruined your fun.

As noted in a CNET article, it’s horribly easy to Zoombomb a meeting. If you search for URLs containing zoom.us, you might get hundreds of vulnerable Zoom-enabling sites. Fortunately, the article provides some tips for blocking Zoom hooligans.

But not all the service’s problems are as visible or caused by outside actors. As reported in a Vice article, the iOS edition of Zoom was for some time sending personal data to Facebook — even if the user was not a Facebook subscriber. At the time, there was no mention of Facebook in Zoom’s privacy policy. Privacy Matters activist Pat Walshe called that policy “shocking.”

Once the information came out, Zoom, not surprisingly, stopped sending information to Facebook.

When I researched my earlier article, I skimmed through Zoom’s 3,855-word privacy policy. Among numerous worrisome points was the statement that it “covers all Personal Data that you affirmatively provide during your interactions with us, information that we automatically collect when you interact with our Products, and information that we collect about you from third parties.” That sounds intrusive, but it’s hard to know whether that’s any worse than, say, Facebook, Windows, or macOS.

The latest version of the statement, dated March 29, claims that “We do not sell your personal data.” I haven’t studied the entire statement — it has ballooned to 5,225 words — and probably wouldn’t understand it all if I did. But you might want to read the top bullet points and judge for yourself.

Just how bad is this?

Given its history and recent news coverage, it’s not surprising that people describe Zoom as “fundamentally corrupt” and “malware.” Nevertheless, it’s still extremely popular; it has become the Google of personal video conferencing. So whether to use it mostly comes down to what you’re willing to tolerate. Even Windows has been dubbed “malware” (Computer World article).

Zoom used to claim that its service had end-to-end encryption — an assertion made by redefining the concept. When it turned out not to be so, the company had to eat crow. Zoom acknowledged “a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”

In a May 7 Zoom blog post, the company announced that it had acquired an encryption startup called Keybase — I assume to improve the service’s privacy problems. That might help small gatherings, but it’s unlikely today’s technology can handle simultaneous end-to-end encryption for 100 or more nodes.

Most troubling, Zoom’s technology exposed personal devices to malware. Last year, a security researcher discovered that the program installed hidden and potentially vulnerable Web servers onto Macs. Soon after that became public knowledge (July 2019), Zoom reported that it had removed the code via an update.

Why not simply use another service?

There are, of course, alternatives to Zoom — Cisco’s Webex, Google Meet, and Microsoft Teams, to name just a few. (I discussed Webex and Google Duo in my April 6 article.)

Sure, there might be better choices, but we’re up against the Facebook dilemma — i.e., you might prefer a less intrusive social network (MeWe, for example), but all your friends, family, and business associates are glued to Godzilla. Zoom is now the behemoth of both business and non-business video conferencing.

For a Consumer Reports Digital Lab article, privacy researcher Bill Fitzgerald took on the arduous task of examining the policies of several video-conferencing platforms. The conclusion: “While there are differences … on balance, the differences aren’t enormous … from a privacy point of view, none of these options is great.”

So even if you could convince your acquaintances to move to another meeting service, it probably wouldn’t remove the underlying privacy problems.

Am I sticking with Zoom?

Probably. Until the virus is under control, we need a way to socialize without endangering our lives or those of others. I’m not willing to take the risk of shopping in public without a mask, but I am willing to possibly lose some privacy in order to continue connecting with friends and family. And there really isn’t a significantly better option.

Whether you’re using Zoom or one of its competitors, assume that someone untrustworthy might be recording what you’re saying. So don’t read out your personal bank account number, or proprietary business info, or the secret family recipe for gefilte fish in a Zoom meeting.

If you really need to keep something private, use an encrypted email service such as Sendinc — or just use the phone!

Questions or comments? Feedback on this article is always welcome in the AskWoody Lounge!

Lincoln Spector writes about computers, home theater, and film and also maintains the blog Bayflicks.net. His articles have appeared in CNET, InfoWorld, The New York Times, The Washington Post, and other publications.


Best of the Lounge

Whether to clean or not to clean the registry

It’s likely you’ve used Windows’ built-in tools and/or third-party apps to remove leftover bits of defunct programs and other junk from your PC. But what about cleaning the Windows registry?

Windows doesn’t offer its own registry clean-up tool — Microsoft would prefer that users leave that OS component alone. But that doesn’t necessarily mean that there’s no benefit to sweeping out the accumulated detritus. With that in mind, MVP Rick Corbett explored the registry’s exponential growth from Windows 7 to Windows 10 — and gives his thoughts on the “cleaning” question. Fellow Loungers chime in with their views — of course!


Windows 10

When Plus member WillFastie recently lost the ability to customize the Start menu on a Win10 Pro 1909 PC, he asked others in the forum whether they had run into the problem. Installing the latest Windows updates proved fruitless — the right-click context menu would still not function properly. WillFastie found the fix: removing or resetting a registry key called NoChangeStartMenu. The only unanswered question was how it got there.


Browsers

Two different computers, two different approaches to saving downloaded files. Plus member Ron M ‘s machine lets him decide where to put files brought down from the Internet. But his wife’s computer offers only the “Downloads” folder as a destination. Ron wants his wife’s system to match his. The issue is quickly solved with a simple change in browser settings. If only all problems were this easy to fix!


Security

An anonymous reader wonders whether there’s a better and cheaper security suite than Kaspersky’s Total Security. What’s running on your setup?


Windows 10

After air dusting the motherboard and fans on an ASUS M4A88-TD3 PC, Plus member Lil88reb discovered that the machine refused to enter sleep mode automatically. It would sleep when prodded by a manual power selection. Worse yet, the problem would come and go on three different systems. So was the cleaning just coincidence? Fellow Loungers offered suggestions, but Lil88reb is still on square one. Can you diagnose the problem?


MS Office

Upgrades can be really frustrating. Plus member LH had no problems with email when using Office 2010 on a Win7 machine. But then came the new Win10 system with Office 365. After some back-and-forth in the forum, LH arrived at a solution: changing a security setting in Gmail.


UTILITIES

An anonymous reader prods the forum for a WinPatrol alternative. The tool takes a snapshot of critical system resources and reports any changes. But it reportedly hasn’t been updated or supported since 2017. Anonymous is still looking for suggestions. Post yours!


If you’re not already a Lounge member, use the quick registration form to sign up for free.

Stories in this week’s PAID AskWoody Plus Newsletter
Become an ASKWOODY PLUS member today!

 

Fred Langa

LANGALIST

How USB booting leaves a digital trail

By Fred Langa

In all but the most extraordinary circumstances, every PC boot — even one that’s using an operating system installed on a USB flash drive — leaves some digital footprints behind.

Here are the factors involved … and some of the unexpected places where booting activity might be recorded.

Plus: Good and not-so-good duplicate file–finding software.


Susan Bradley

PATCH WATCH

.NET Framework oddities and ESU issues highlight May patching

By Susan Bradley

For some Windows 7 users, May’s .NET Framework security updates proved to be a patching speed bump.

On Patch Tuesday (May 12), Microsoft released .NET fixes for three new vulnerabilities. CVE-2020-0605 is a remote-code execution threat, CV-2020-1066 might allow elevation of privileges, and CVE-2020-1108 could result in denial-of-service attacks.

But soon after the updates appeared, Win7 users reported installation failures. The upshot? The patches generally worked fine on systems with genuine (paid) and up-to-date Extended Security Updates (ESU) subscriptions.


Deanna McElveen

Best Utilities

Freeware Spotlight — Open Hardware Monitor

By Deanna McElveen

Some of the most difficult computer problems to diagnose and resolve are random errors — those inconsistent blue screens, those arbitrary freezes and shutdowns, those odd Windows glitches.

A common cause of random system failures is overheating — one or more hardware components running at higher-than-safe temperatures. Sure, spring might bring warmth and fresh flowers, but it also delivers shedding pets and lots of other airborne particles that clog up PC fans and put additional stress on CPUs, power supplies, and video cards.

So how do you know whether something is overheating? Michael Möller’s Open Hardware Monitor (OHM) can help provide an answer.


Publisher: AskWoody LLC (woody@askwoody.com); editor: Tracey Capen (editor@askwoody.com).

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. AskWoody, Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Perimeter Scan, Wacky Web Week, the Windows Secrets Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of AskWoody LLC. All other marks are the trademarks or service marks of their respective owners.

Your email subscription:


Copyright © 2020 AskWoody LLC, All rights reserved.