Description: It's embarrassing that we're using software like Zoom which has a large number of known security issues and just a poor track record overall. There are a variety of other potential options, which I'd like explored.
Impact: This would help us to look more modern / on-top-of-it for a security group.
Scope: How much effort will this take? ok to provide a range of options if or "not yet determined"
Additional info:
List of reasonable alternatives:
Agreed very much with this... this may be good to raise on the CNCF level as well, since it looks like the video conferencing software is provided by CNCF? and to do recording as well.
I think to add to the list of alternatives is webex since there will be a couple of folks that would have corporate accounts to host a meetings. Webex has a meeting record feature as well so we can use it to upload to the CNCF account.
To be fair, Zoom does seem to be addressing these issues as fast as they can, given the very public backlash. That said, I do believe an organization like the CNCF, which pride itself in promoting and supporting open source, should adopt and open-source-first policy in as many areas as possible, including conferencing. It's clear to me that solutions like Jitsi Meet have evolved dramatically in the last few years and have became fully functional, even for large scale meetings.
The only policy we always have with tools is to give projects the choice of what to use is best for them, this providers for the most flexibility and is a strength of the organization. If you want to try another tool, please make a request and we are happy to investigate and support it.
Zoom is addressing these concerns fairly quickly; however, it still has served as a big eye-opener. For Kubernetes, we're at least going to survey the current field of options. I think it'd be good to keep this thread open for general discussion on the subject.
Google is rolling out Meet free to everyone - https://blog.google/products/meet/bringing-google-meet-to-more-people
https://meet.google.com/ is now free for everyone!
While there are probably some workarounds, our default enterprise DLP rules block access to Google Hangouts.
We are OK with Zoom, Blue Jeans, Join Me, Skype, GoToMeeting, Webex, or Teams
Many organizations that use Google Apps internally block access to use that service on an outside domain
An additional troubling piece of this puzzle appears in an article by bloomberg.
Quoted, and possibly behind a paywall:
Corporate clients will get access to Zoom’s end-to-end encryption service now being developed, but Yuan said free users won’t enjoy that level of privacy, which makes it impossible for third parties to decipher communications.
“Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” Yuan said on the call.
The smell here is privacy and security for those who can afford it, and as for the rest _let them eat cake._ I've seen this trend in various places and it's concerning. Is it in opposition to the values for a group of folks working in a FLOSS context to provide security level setting across an open ecosystem? Possibly.
Zoom seems to have changed the position I note above in regards to end-to-end encryption
This issue has been automatically marked as inactive because it has not had recent activity.