Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Media Security

What You Should Know Before Leaking a Zoom Meeting (theintercept.com) 37

The Intercept's Nikita Mazurov warns that Zoom has digital watermarks that could expose sources working with journalists or government officials. An anonymous reader shares an excerpt from the report: Many users may not realize it, but Zoom has the capability to insert both video and audio watermarks into a meeting. The video watermarks are readily perceptible to meeting participants. When enabled, the video watermarking feature superimposes the username portion of each participant's email address over the content they are viewing when another participant shares their screen and places the same watermark over the current active speaker. Because the video watermark appears across the entirety of the video frame, blurring may adversely impact the visibility of the underlying material. In contrast, the audio watermarks are not readily perceptible to casual listeners, though they are what in watermarking parlance is known as "overt." That means the fact that they are embedded is easily discerned by meeting participants: When a Zoom meeting has the audio watermark, or what Zoom also calls the "audio signature," feature enabled, the meeting will have a green circular icon with a sound wave and a padlock at the top left of the frame next to the encryption icon.

It is not immediately apparent at what point Zoom injects its "ultrasonic" audio watermark into the audio stream -- whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom's built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark. Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.

Aside from Zoom's own watermarks, a number of elements appearing on an individual's own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for...

This discussion has been archived. No new comments can be posted.

What You Should Know Before Leaking a Zoom Meeting

Comments Filter:
  • by Arthur, KBE ( 6444066 ) on Tuesday January 19, 2021 @08:17AM (#60963518)
    In putting my face onto a platform run by 2PLA, and neither should you.
  • Paul, (Score:4, Insightful)

    by Forty Two Tenfold ( 1134125 ) on Tuesday January 19, 2021 @08:20AM (#60963530)
    “Knowing that a trap exists is the first step in avoiding it” – Thufir Hawat
  • You should "known" conjugation.
  • by BAReFO0t ( 6240524 ) on Tuesday January 19, 2021 @08:37AM (#60963572)

    Don't use it, don' talk about it, don't report it in the news.

    Use Signal or Jitsi Meet. Both superior and reputable. Not Flappy Bird.

    • by wiredog ( 43288 ) on Tuesday January 19, 2021 @09:11AM (#60963670) Journal

      If the meeting isn't discussing something proprietary or confidential then Zoom has some big advantages:
      It's multi-platform: Linux, Mac Windows, IOS, Android, and POTS.
      It's extremely easy to use.
      It's very easy to manage, including keeping trolls, Zoom bombers, and other griefers under control.

      • by Anonymous Coward

        Signal is also
        - multi-platform Linux, Mac Windows, IOS and Android, but does not support people calling in.
        - It's extremely easy to use
        - It's easy to manage.. Sure someone could text-bomb you, but the same is true via plain SMS messages... Signal do have a block function, and you can trace the abuse back to a person easily so using it for abuse can get punished quite easily.

        and on top of that.. It's secure in contrast to Zoom... And it integrates easily on your phone and automates securing communication wi

  • Data laundering (Score:4, Insightful)

    by burtosis ( 1124179 ) on Tuesday January 19, 2021 @08:43AM (#60963598)
    For best results, tape the conference on a VHS recorder and digitize it using H.261. If you can’t tell the difference between a corporate PR snafoo and a Taco Bell order, it’s untraceable.
    • The analog loophole.

      Though I wonder if they will cry "deepfake" if the video is too blurry.

    • I was thinking record the audio via a phone and run it through an editor. Just clip frequencies outside of the voice range.

      • I was thinking record the audio via a phone and run it through an editor. Just clip frequencies outside of the voice range.

        Phones use audio compression and "ultrasonic" (not very likely) will not get through hardly any lossy audio compression. So yes phones will kill ultrasonic, most pc codecs as well no editing required. The article is likely wrong on the details though.

    • by pacinpm ( 631330 )

      You may probably get away with screen recording software people use to stream games on Twitch. Better quality, still undetectable by Zoom.

  • by gweihir ( 88907 ) on Tuesday January 19, 2021 @09:01AM (#60963644)

    Anybody discussing secret stuff on Zoom/Teams/Skype/... is already doing it wrong, sorry. The leak-angle just drives this home.

  • So .. if you have recordings from 3 or 4 people and the raw stream can you deduce the types of transformations they do and inject noise within those constraints? Eventually the cat & mouse game may result in them having to blur or highly pixellate the video.

    • by guruevi ( 827432 )

      That depends on the type of noise they insert and obviously you'd have to find more than 2 or 3 willing participants and even then it may not be enough, some companies and some countries (esp. the one where Zoom originates from) wouldn't be opposed to firing (squad) 3 or 5 or even an entire company worth of people.

      The only option highly repressed individuals have is to make a white room transcript and insert their own errors which then makes the source extremely vulnerable to accusations of being biased or

  • Does Zoom indicate to all participants when the built in recording feature is in use by any particular party?

    If you circumvent that (e.g. exploit the analog hole), given patchwork of state laws on how many participants must consent, does federal law govern, or does the most restrictive state law for anyone speaking, or is it the law of the state where the person is actually doing the recording?

    Most states say these laws do not apply where no expectation of privacy exists. Is it reasonable to have an expecta

    • by aitikin ( 909209 ) on Tuesday January 19, 2021 @11:15AM (#60964198)

      Most states say these laws do not apply where no expectation of privacy exists. Is it reasonable to have an expectation of privacy on a Zoom meeting?

      Most states (38) are, "One-Party Consent" states, requiring only that one person directly involved in the call need consent. The other 12 states (Nevada technically included based upon their supreme court's rulings) do require all parties to consent. This creates an interesting predicament with interstate calls, but precedent seems to dictate that where the tort was committed has the jurisdiction.

      IANAL and I don't play one on TV. Just happen to have looked this up recently.

  • What's the ideal way to remove or obfuscate them?
    While they're desirable to leave intact on an archive copy for when criminal behavior gets to court, a "public copy" option is vital to getting support to protect potential whistleblowers.
    No government can be trusted.
    No business can be trusted.
    No person can be trusted.

    We need effective ways to work in a world without trust because trust is ephemeral at best.

  • In Other Words ... (Score:4, Interesting)

    by Retired ICS ( 6159680 ) on Tuesday January 19, 2021 @11:40AM (#60964304)

    There can be no doubt raised that what is "purported" to be a recording of a Zoom meeting is actually a recording of what actually transpired. That is to say that it can no longer be raised as a defense by the scumbuckets in conspiracy to commit fraud recorded, that the recording is a fake.

    Sounds like a good thing to me and should lead to the castration of more scumbuckets.

  • by tinkerton ( 199273 ) on Tuesday January 19, 2021 @03:01PM (#60964996)

    Winner. The Intercept burned her with their sloppy security measures and dots from the printer allowed to identify the identity of the leaker. Laura Poitras, who has just been fired also accused them of sloppiness(*).
    But I don't see how you could avoid detection by taking in account such watermarks , thinking you found a way to avoid them. You can always add new watermarks which are harder to detect. One level of watermark is used for easy identifications and a second or third one is reserved for the important stuff. And whenever one mechanism has been detected/exposed you add a new one.

  • Comment removed based on user account deletion
  • Most managerial types can just drop their pants, turn to the camera, and speak out of their asses. Aside from being more direct in these uncertain times, it will allow more direct communication with conference attendees and aid the delivery of bullshit which is about all most of these meetings are about anyway.
  • If you need a level of anonymity then try Zoomcorder.com which sends a virtual video avatar to do the recording.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...