I’m going to be hosting an online class in a few weeks (this has been in the planning stages since long before the current crisis). I had been thinking I might use Zoom, but that seems like a really bad choice at this point. I’ve heard some good things about GoToMeeting. Apparently it can automatically generate transcripts. I also found EZTalk online, which looks very similar to Zoom. Does anyone here have any feedback, good or bad, on these services? I wonder if these have similar security problems as Zoom has, just haven’t been discovered yet because they haven’t gotten the attention. I’m not a security researcher though, so I have no idea how to find out. Since I’ll be asking customers to install this software, I would like to be careful.
For years, I’ve used GoToMeeting and it works fine, as does WebEX, Skype, etc. Who knows if more security issues lurk? Even if someone says something about these issues, it’s not the final word. At the end of the day, how much does it matter? When discussing security, always ask “to protect against what risk and how likely and if happens, what’s the impact?” then judge for yourself.
Meantime, my best and only recommendation at this time is to now solicit feedback before your class and find out what your clients may already have, or if they have an opinion, their experience level, and if they are corporate clients with IT Security departments, what products do they have already approved and in use (or find out what is maybe blocked or banned).
From my experience with this sort of stuff, end-user unfamiliarity (and sometimes “fear of breaking something”) and corporate “standard software” are the the bigger risks which will get in the way of your easy success.
PS. I am mystified and flabbergasted at the “speed” at which “everyone” seems to have heard about Zoom and then jumping on that bandwagon, then the “speed” at which “everyone” seems to be hearing about “security”. Where did all that come from (I can guess, but would make a good PhD Thesis someday)? The world continues to amaze me.
(Ack, accidentally deleted my first reply!)
Skype For Business is being sunsetted and transitioned to Microsoft Teams. That’s not the same as Skype Consumer, which is continuing.
Skype has seen an increase in use of something like 220% recently. Microsoft is not going to simply kill off the consumer and business products, but it seems like recent events are making it clear that they intend to roll everything into Teams, for both business and consumer use, which explains the report from last week that consumer Teams is coming.
I’ve used GoToMeeting for a couple of years (as a participant, not organizer). It has usually worked very well. The last meeting was after “stay at home” orders started going out and there were some issues reaching their servers but I don’t know if that was an ISP issue or a server problem. This is a single issue over two years though. Overall we’ve been very happy with it.
We used WebEX before that. I found it a very frustrating experience. The meetings we had with that one were quarterly and nearly every single time participating was a painful struggle for me. Sometimes it was browser incompatibilities. Sometimes it was due to an OS update. Sometimes it was an out of date client that wouldn’t update. This was a few years ago and I hope it’s improved but at the time the macOS issues it had didn’t seem to be getting much attention. They’ve also had their own security and privacy issues. But, again, my experience is not recent.
The audio on Skype hurts my ears.
My spouse spent the last week participating in a series of multi-hour Zoom meetings. There were some access and stability issues. We’re in a rural area with iffy internet access for some so I can’t say if it was that or Zoom having problems.
Re audio on Skype … gee. I had about a dozen Skype calls this week, most to people 1/2 on the other side of the planet. On both iMac and MacBook. Both sounded pretty good to me. Much more fidelity than using a phone.
Have you tried tweaking the audio settings? I’m guessing you have something going on with your hardware.
I actually think it is pretty comical how hard the tech blogosphere is coming down on Zoom. Don’t get me wrong, they need to fix some things and be more transparent, for sure. But I also think the tech blogosphere often needs someone to be pissed at, and this month it is Zoom.
I’m still using Zoom, even for work related things (paying out of my own pocket). Unless I was discussing proprietary information that would compromise myself or my employer, I am not too concerned. I treat anything on the internet as crackable, to be honest, which means I try to be careful what I put out there to begin with.
For me, using the waiting room feature, locking meetings after they have begun, and using passcodes for the meetings is enough for me to ensure I and others have a happy, successful, and safe conversation.
Again, absolutely not saying Zoom is perfect and didn’t deserve to get called out. But it wreaks a bit of the need to kick someone right now. Maybe time will prove me wrong and I’ll come back to eat my words.
I think that you nailed it here.
GoToMeeting is ok, not the easiest thing to get working if it doesn’t just work first time. I’ve been locked out of many webinars as a user and given up but it does have a nice recording system so I can usually catch up on the webinars later.
I used Skype for a while until Microsoft bought it, then not at all. Google Hangouts is also decent to use but bogs down for large groups.
IMO Zoom is by far the easiest to manage, especially for novice users on various operating systems and most of them not particularly computer literate.
I’m not really worried about the security of the meetings themselves. I just don’t want to be in the position of requiring users to install malware to attend a class they’ve paid for, possibly compromising their security long after the class is over.
Perhaps “malware” is a bit harsh, but considering their track record over the past two years, perhaps not.
I’ve participated in Zoom meetings over at least a two year period and they worked very well. I was using it way before the current popularity. But the stealth web server issue in 2019 made many very concerned about the judgement of Zoom’s management, including myself. The new revelations in the past two weeks seem to confirm that this is a company that is not trustworthy. It’s not an issue of programming mistakes, their history is intentionallly doing sneaky things until they get caught. I believe the reason why they are coming in for so much criticism is that it appears that most of these problems are intentional, not mistakes.
To clarify I am not questioning your judgement about evaluating and then rejecting Zoom for reasons of security. That’s up to you, as I said. And you have.
I think, and this is what I said:
my best and only recommendation at this time is to now solicit feedback before your class and find out what your clients may already have, or if they have an opinion, their experience level, and if they are corporate clients with IT Security departments, what products do they have already approved and in use (or find out what is maybe blocked or banned).
It’s not so much about you, although you are leading. It’s about what your clients/students can and are willing do do. If you pick something that everyone can’t use (for whatever reason), then …
If they all say “use Zoom” will you dissuade?
Although the installed-but-never-uninstalled web server fiasco was fixed last summer, Zoom is actually making things more difficult again for users who protect their privacy, again… this time in the name of privacy. A Zoom option lets the host of a meeting know if you’ve shifted your focus away from the Zoom app to another piece of software for more than 30 seconds, but this functionality did not work correctly or at all with Zoom’s in-browser implementation. At any rate that can’t be bypassed now because earlier this week Zoom removed browser-based logins for users (reports indicate these are more easily subverted by malicious people to allow them to re-join meetings after being kicked out).
According to a couple of privacy researchers I follow, the strongest recommendation now to protect privacy and data leakage is use Zoom is to install it inside a Virtual Machine. (Best free version is probably VirtualBox.) Secondarily, one could use Zoom’s iOS app, because iOS App Store rules implement some sandboxing
Something I do, is find experts that I trust in certain small areas, and when they make statements in their areas, then I listen. I don’t always follow their advice, but I check their research, and consider it.
Bruce Schneier, Schneier on Security, is one of those experts for me.
In the meantime, you should either lock Zoom down as best you can, or – better yet – abandon the platform altogether. Jitsi is a distributed, free, and open-source alternative. Start your meeting here.
So now my question is: Who has heard of Jitsi, and has it made you happy to use?
Jitsi is a pretty well-known and respected open source conferencing product, with iOS and Apple Watch clients. It requires management by someone with IT experience, and it has a realtively high CPU overhead. (Although you could pay someone to spin it up as a stack on an administered VM.)
That’s certainly not something I could ask of customers, many of whom are not super technical.
I should have mentioned that a major requirement for our application is screen sharing, as this is going to be a software training class. Also need simultaneous chat, though that could be done separately using Slack (have done that in the past, but it caused quite a bit of confusion for some users having to use two services).
I’m leaning towards GoToMeeting, especially with it’s robust session recording features. Jitsi looks interesting (and I had read Schneier’s article), but it also looks like potentitally a lot of extra work to set up. Also, I am always concerned about relying on a free service.