What You Should Know Before Leaking a Zoom Meeting (theintercept.com) 37
The Intercept's Nikita Mazurov warns that Zoom has digital watermarks that could expose sources working with journalists or government officials. An anonymous reader shares an excerpt from the report: Many users may not realize it, but Zoom has the capability to insert both video and audio watermarks into a meeting. The video watermarks are readily perceptible to meeting participants. When enabled, the video watermarking feature superimposes the username portion of each participant's email address over the content they are viewing when another participant shares their screen and places the same watermark over the current active speaker. Because the video watermark appears across the entirety of the video frame, blurring may adversely impact the visibility of the underlying material. In contrast, the audio watermarks are not readily perceptible to casual listeners, though they are what in watermarking parlance is known as "overt." That means the fact that they are embedded is easily discerned by meeting participants: When a Zoom meeting has the audio watermark, or what Zoom also calls the "audio signature," feature enabled, the meeting will have a green circular icon with a sound wave and a padlock at the top left of the frame next to the encryption icon.
It is not immediately apparent at what point Zoom injects its "ultrasonic" audio watermark into the audio stream -- whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom's built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark. Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.
Aside from Zoom's own watermarks, a number of elements appearing on an individual's own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for...
It is not immediately apparent at what point Zoom injects its "ultrasonic" audio watermark into the audio stream -- whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom's built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark. Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.
Aside from Zoom's own watermarks, a number of elements appearing on an individual's own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for...
Not interested (Score:3)
Re: Not interested (Score:3)
Dipolylactic acid is ruining America!
Re: (Score:3)
But at least that one is biodegradable.
Paul, (Score:4, Insightful)
Re:Paul, (Score:5, Insightful)
Re: (Score:2)
Re: Paul, (Score:3)
"Anything looks wise, if it is presented as a quote." -- Littar Ally Hilter.
Re: (Score:3)
"It's not a lie if you believe it." – George Costanza
Re: (Score:2)
What You Should Known (Score:2)
Zoom is the WhatsApp of video conferencing. (Score:4, Informative)
Don't use it, don' talk about it, don't report it in the news.
Use Signal or Jitsi Meet. Both superior and reputable. Not Flappy Bird.
Depends on what you're using it for (Score:5, Insightful)
If the meeting isn't discussing something proprietary or confidential then Zoom has some big advantages:
It's multi-platform: Linux, Mac Windows, IOS, Android, and POTS.
It's extremely easy to use.
It's very easy to manage, including keeping trolls, Zoom bombers, and other griefers under control.
Re: (Score:1)
Signal is also
- multi-platform Linux, Mac Windows, IOS and Android, but does not support people calling in.
- It's extremely easy to use
- It's easy to manage.. Sure someone could text-bomb you, but the same is true via plain SMS messages... Signal do have a block function, and you can trace the abuse back to a person easily so using it for abuse can get punished quite easily.
and on top of that.. It's secure in contrast to Zoom... And it integrates easily on your phone and automates securing communication wi
Re: (Score:2)
please try bluejeans and let me know if you still feel that way. zoom is painful by comparison.
Bluejeans by Verizon. Sounds like something to avoid...
Data laundering (Score:4, Insightful)
Re: (Score:2)
The analog loophole.
Though I wonder if they will cry "deepfake" if the video is too blurry.
Re: Data laundering (Score:1)
I was thinking record the audio via a phone and run it through an editor. Just clip frequencies outside of the voice range.
Re: (Score:3)
I was thinking record the audio via a phone and run it through an editor. Just clip frequencies outside of the voice range.
Phones use audio compression and "ultrasonic" (not very likely) will not get through hardly any lossy audio compression. So yes phones will kill ultrasonic, most pc codecs as well no editing required. The article is likely wrong on the details though.
Re: (Score:2)
You may probably get away with screen recording software people use to stream games on Twitch. Better quality, still undetectable by Zoom.
Do not discuss anything secret this way (Score:5, Insightful)
Anybody discussing secret stuff on Zoom/Teams/Skype/... is already doing it wrong, sorry. The leak-angle just drives this home.
Anyone cracked it yet? (Score:2)
So .. if you have recordings from 3 or 4 people and the raw stream can you deduce the types of transformations they do and inject noise within those constraints? Eventually the cat & mouse game may result in them having to blur or highly pixellate the video.
Re: (Score:1)
That depends on the type of noise they insert and obviously you'd have to find more than 2 or 3 willing participants and even then it may not be enough, some companies and some countries (esp. the one where Zoom originates from) wouldn't be opposed to firing (squad) 3 or 5 or even an entire company worth of people.
The only option highly repressed individuals have is to make a white room transcript and insert their own errors which then makes the source extremely vulnerable to accusations of being biased or
Wiretapping laws and privacy (Score:2)
Does Zoom indicate to all participants when the built in recording feature is in use by any particular party?
If you circumvent that (e.g. exploit the analog hole), given patchwork of state laws on how many participants must consent, does federal law govern, or does the most restrictive state law for anyone speaking, or is it the law of the state where the person is actually doing the recording?
Most states say these laws do not apply where no expectation of privacy exists. Is it reasonable to have an expecta
Re:Wiretapping laws and privacy (Score:4, Informative)
Most states say these laws do not apply where no expectation of privacy exists. Is it reasonable to have an expectation of privacy on a Zoom meeting?
Most states (38) are, "One-Party Consent" states, requiring only that one person directly involved in the call need consent. The other 12 states (Nevada technically included based upon their supreme court's rulings) do require all parties to consent. This creates an interesting predicament with interstate calls, but precedent seems to dictate that where the tort was committed has the jurisdiction.
IANAL and I don't play one on TV. Just happen to have looked this up recently.
How to strip orobfuscate the watermarks? (Score:2)
What's the ideal way to remove or obfuscate them?
While they're desirable to leave intact on an archive copy for when criminal behavior gets to court, a "public copy" option is vital to getting support to protect potential whistleblowers.
No government can be trusted.
No business can be trusted.
No person can be trusted.
We need effective ways to work in a world without trust because trust is ephemeral at best.
In Other Words ... (Score:4, Interesting)
There can be no doubt raised that what is "purported" to be a recording of a Zoom meeting is actually a recording of what actually transpired. That is to say that it can no longer be raised as a defense by the scumbuckets in conspiracy to commit fraud recorded, that the recording is a fake.
Sounds like a good thing to me and should lead to the castration of more scumbuckets.
They Learned Something from Reality (Score:4, Interesting)
Winner. The Intercept burned her with their sloppy security measures and dots from the printer allowed to identify the identity of the leaker. Laura Poitras, who has just been fired also accused them of sloppiness(*).
But I don't see how you could avoid detection by taking in account such watermarks , thinking you found a way to avoid them. You can always add new watermarks which are harder to detect. One level of watermark is used for easy identifications and a second or third one is reserved for the important stuff. And whenever one mechanism has been detected/exposed you add a new one.
Or not (Score:2)
One of the authors of the article based on the odd leak of Reality Winner, Richard Esposito, afterwards became spokesman for the NYPD. It seems that whenever he is around, leakers get caught: https://thegrayzone.com/2020/0... [thegrayzone.com]
Re: (Score:2)
This really isn't a problem. (Score:1)
Use Zoomcorder for a layer of anonymity (Score:1)