使用Zoom进行维权？ 考虑安全性！

Last updated: April 19. If you’re using Zoom, the Global Forum for Media Development’s “Zoom-bombing” prevention & resources guide has some solid recommendations. Zoom continues to fix security problems, so please make sure you have the latest software — but be careful of malware.

上次更新时间：4月19日。如果您使用的是Zoom，则全球媒体发展论坛的“ Zoom-bombing”预防和资源指南提供了一些可靠的建议。 Zoom会继续解决安全问题，因此请确保您拥有最新的软件 ，但请注意不要恶意软件 。

With online organizing as the only short-term option, Zoom has become increasingly popular for activism groups. There’s a lot to like about Zoom: it’s easy to use, it provides phone access as well as video, their free plan allows unlimited meetings, you can use it without an account or sign in and use a pseudonym, it’s got useful functionality like breakout rooms.

借助在线组织作为唯一的短期选择，Zoom在激进团体中越来越受欢迎。 Zoom有很多优点：它易于使用，提供电话访问和视频功能，免费计划允许无限制的会议，您无需帐户即可使用它或登录并使用化名，它具有分组讨论等有用的功能房间。

Unfortunately, Zoom also has a track record of security and privacy problems — and right now the company is the midst of something of a security crisis. A wave of Zoombombing has gotten so severe that the FBI’s issuing warnings. There’s been a steady stream of high priority security bug fixes — which usually means there are a lot more security bug fixes coming. The company’s facing lawsuits and GDPR violations for sharing data with Facebook, Attorneys General from several states looking into their privacy practices, skepticism from cryptographers, bans in New York City and other school districts, campaigns from Color of Change member Dennis Johnson and Fight for the Future … yikes.

不幸的是， Zoom还具有安全和隐私问题的记录 -现在，该公司正处于安全危机之中。 Zoombombing浪潮变得如此严重，以至于FBI发出警告。 高优先级的安全漏洞修复程序源源不断，这通常意味着还会有更多的安全漏洞修复程序。 该公司因与Facebook共享数据而面临诉讼和违反GDPR的行为， 来自多个州的总检察长调查了他们的隐私做法 ， 密码学家的 怀疑 ， 纽约市和其他学区的禁令， Color of Change成员Dennis Johnson的竞选活动和Fight for the未来 ……。

With their business at stake, Zoom is reacting swiftly, including freezing functionality for 90 days to they focus on security. Hopefully they’ll make progress — back in the early 2000s, Microsoft was in a similar situation, and froze Windows development to focus on a “security push” led to major improvements. But it’s not like we can stop organizing while we want for Zoom to clean up their act.

随着业务受到威胁，ZoomSwift做出React，包括90天冻结功能，以专注于安全性。 希望他们会取得进展-早在2000年代初，微软处于类似情况，并且冻结Windows开发以专注于“安全性推动”而带来了重大改进。 但是，当我们希望Zoom清理其行为时，我们似乎无法停止组织。

The last section of this post briefly looks at several options, open source and from companies with better reputations for security and privacy than Zoom. For meetings involving highly confidential stuff, and any organizing where you’re concerned about your meetings being targeted by governments, intelligence services, or white supremacists, consider paying attention to Citizen Lab’s April 3 recommendation:

这篇文章的最后一部分简要介绍了几种选择，这些选择是开源的，以及在安全性和隐私性方面比Zoom更好的公司。 对于涉及高度机密内容的会议，以及任何担心政府，情报部门或白人至上主义者将会议作为目标的组织，请考虑关注Citizen Lab 4月3日的建议 ：

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including …activists, lawyers, and journalists working on sensitive topics

由于存在这些令人困扰的安全问题，因此我们不建议在需要高度隐私和机密性的用例中使用Zoom，包括…活动家，律师和从事敏感主题工作的记者

In fact, some experts who I really respect, for example Eleanor Saitta, recommend not using Zoom at all for activism at this point.

实际上，一些我真正敬重的专家，例如Eleanor Saitta ，建议此时完全不使用Zoom进行激进主义。

But many meetings don’t require heavy security. Citizen Lab’s report also said:

但是许多会议不需要严格的安全性。 市民实验室的报告还说：

For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.

对于那些使用Zoom与朋友保持联系，举办社交活动或组织他们可能在公共场所或半公共场所举办的课程或讲座的人，我们的发现不一定要涉及。

And most of the experts I’ve talked to about this think that Zoom, properly safeguarded, is still a plausible option for now in many activist situations. It’s important to keep in mind that security isn’t the only consideration. Ease of use, familiarity, and performance with bad network connectivity are also valuable.

我与之交谈的大多数专家都认为，在许多激进主义者的情况下，经过适当保护的Zoom仍然是目前看来可行的选择。 重要的是要记住，安全不是唯一的考虑因素。 易于使用，熟悉并具有不良网络连接的性能也很有价值。

And Zoombombing is concerning, but Zoom’s recent changes cut down the risks substantially, and pages like EFF’s Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls have good instructions about how to lock down your meetings and other events to further reduce the risk of something disruptive happening.

而Zoombombing 是有关，但切Zoom的最新变化下基本风险，而像EFF的网页哈登缩放设置，以保护您的隐私，避免巨魔有关于如何将您的会议和其他活动锁定良好的指令进一步减少一些风险破坏性事件。

So if you’re continuing to have meetings on Zoom, here are a few things to think about.

因此，如果您继续在Zoom上开会，请考虑以下几点。

确保您拥有最新版本-提防虚假应用程序和其他恶意软件 (Make sure you’ve got the most current version — and watch out for fake apps and other malware)

Like so many other apps, Zoom regularly releases new versions. Just in the last week, they’ve fixed a vulnerability that potentially gave attackers control over the Mac, and removed the code that sent people’s information to Facebook. So you want to make sure you’re running the latest version. At the same time, though, keep in mind that there is malware and adware installers being created that pretend to be Zoom client installers.

与许多其他应用一样，Zoom会定期发布新版本。 就在上周，他们修复了一个漏洞，该漏洞可能使攻击者可以控制Mac，并删除了将人们的信息发送到Facebook的代码。 因此，您需要确保正在运行最新版本。 不过，请同时记住，正在创建伪装为Zoom客户端安装程序的恶意软件和广告软件安装程序 。

Zoom automatically checks for updates (usually when a meeting winds up) and shows you an alert when a new version is available. You can also update manually from within the app. On an iPhone or iPad, the best bet is to check the App Store and update from there if needed. On a Mac or PC, there’s a “Check for Updates” option in the main menu of a meeting. Here’s what it looks like on the Mac.

Zoom会自动检查更新(通常是在会议结束时)，并在有新版本可用时向您显示警报。 您也可以从应用程序内手动更新。 在iPhone或iPad上，最好的选择是检查App Store并在需要时从那里更新。 在Mac或PC上，会议主菜单中有一个“检查更新”选项。 这是Mac上的样子。

If you have never installed Zoom before, the Zoom Download Center at https://zoom.us/download is the place to start.

如果您以前从未安装过Zoom，则可以从https://zoom.us/download上的Zoom Download Center开始。

注意将链接或密码嵌入到很多人会看到的帖子或电子邮件中！ (Be careful about embedding links or password in posts or emails that a lot of people will see!)

The easiest way for somebody to zoombomb a meeting is to get either a link to the meeting, or the meeting ID and password. That’s also the easiest way for an infiltrator to silently eavesdropping in a meeting, potentially taking screenshots or recording, another threat activism groups should think about. So it’s very important to be careful about sending out the link, meeting ID, and password (if there is one).

某人放大会议的最简单方法是获取会议的链接或会议ID和密码。 对于入侵者来说，这也是最简单的方法，它可以悄悄地窃听会议内容，可能会截取屏幕快照或进行录制，这是另一个威胁行动组织应该考虑的问题。 因此，请务必谨慎发送链接，会议ID和密码(如果有)。

This is always a good thing to do no matter what software you use. Because of all the Zoombombing, it’s especially true right now with Zoom.

无论您使用什么软件，这总是一件好事。 由于发生了所有Zoombombing，现在使用Zoom尤其如此。

Here’s some approaches that can work well:

以下是一些效果很好的方法：

• If the meeting is fairly small, and you have contact information for everybody who’s going to be there, the easiest and safest approach is to send them with the link and dialin info individually — and ask that them not to forward it. One easy way to do this is copy the invitation for the meeting, which includes the link as well as call-in numbers, and send it to the specific people you want to invite via email, text, Signal, WhatsApp, or whatever messenger you use.
  如果会议规模很小，并且您有将要参加会议的每个人的联系信息，则最简单，最安全的方法是分别向他们发送链接和拨入信息，并要求他们不要转发。 一种简单的方法是复制会议邀请，其中包括链接和电话号码，然后通过电子邮件，文本，Signal，WhatsApp或您的任何通讯程序将其发送给您要邀请的特定人员用。

• You can also create a calendar event when you’re scheduling a meeting (although make sure not to choose the Google calendar option, which can hijack your camera and mic; you want the “other calendars” option instead, even if you’re using Google). Once you‘ve got it on your calendar, you can simply invite people to it the way you would any other event.
  您还可以在安排会议时创建日历事件(尽管请确保不要选择Google日历选项，它会劫持相机和麦克风；即使您正在使用，也要使用“其他日历”选项)谷歌)。 将日历保存在日历上后，您可以像其他任何活动一样简单地邀请人们加入日历。

• You can also select an option when you’re creating the meeting to have people register for the meeting by providing their name and email address. This can work well if you know the email addresses of likely attendees (although for semi-public meetings, that often isn’t the case)
  您还可以在创建会议时选择一个选项，以使人们通过提供其姓名和电子邮件地址来注册会议。 如果您知道可能的与会者的电子邮件地址，则此方法可以很好地工作(尽管对于半公开会议，通常并非如此)

• If you don’t have have a specific list of people you want to invite, you can send invitation to an email list, share it in a Facebook or messenger group, or make it into a private Facebook event. One thing to keep in mind is that the larger the list or group is, the greater the chances that the link will eventually get to somebody who wants to disrupt the meeting — or just listen in on what you’re saying. Still, there are times when it’s worth taking the risk of posting the info to a large mailing list or group.
  如果您没有要邀请的特定人员列表，则可以将邀请发送到电子邮件列表，在Facebook或Messenger组中共享邀请，或将其设为私人Facebook活动。 要记住的一件事是，列表或组越大，链接最终到达想要中断会议的人的机会就越大，或者只是听您在说什么。 尽管如此，还是值得冒着将信息发布到大型邮件列表或网上论坛的风险。

In any case, it’s worth putting additional protections in place — and thinking in advance about what you’ll do if somebody starts acting disruptive.

无论如何，值得采取额外的保护措施-并事先考虑如果有人开始采取破坏性行动将要做什么。

了解Zoom候诊室，密码和注册 (Understand Zoom waiting rooms, passwords, and registration)

One excellent change Zoom recently made to improve security is to enable passwords and waiting rooms by default. Both of these are useful; neither is a magic bullet.

Zoom最近为提高安全性所做的一项出色更改是默认情况下启用密码和等候室。 这两个都是有用的。 也不是魔术子弹。

• A “waiting room” prevents attendees from joining a meeting until a host admits them individually from the waiting room. Zoom’s got a lot more information on this in How to Manage Your Waiting Room and Secure Your Meetings with Virtual Waiting Rooms. But it’s not always easy to know whether or not somebody should be admitted; I’ve seen several reports of classes and other meetings that got disrupted by people impersonating the real attendees.

  “等候室”可防止与会者加入会议，直到主持人单独允许他们进入等候室为止。 Zoom在“ 如何管理您的候诊室”中对此有更多信息。 和 使用虚拟等候室保护会议安全 。 但是要知道是否应该接纳某人并不总是那么容易。 我已经看到一些关于班级会议和其他会议的报告，这些报告被模拟真实参与者的人打乱了。

• A password provides valuable additional protection against Zoombombing and eavesdropping by stopping people from “Wardialing” and guessing a meeting ID. That’s good! But if people who want to Zoombomb you get ahold of the password, then it doesn’t actually give you any additional protection.

  密码通过阻止人们进入“ Wardialing ”并猜测会议ID来提供有价值的附加保护，以防止Zoombombing和窃听。 非常好！ 但是，如果要使用Zoombomb的人可以得到该密码，那么它实际上并没有为您提供任何额外的保护。

Once you have a meeting password, then you have to get it to people. The easiest way to do this to embed the meeting password in the link. Zoom calls this a “one-click join”: attendees just have to click on the link. It’s incredibly convenient — but it also means that anybody with the link also has the password.

一旦获得会议密码，就必须将其告知他人。 最简单的方法是将会议密码嵌入到链接中。 Zoom将其称为“一键式加入”：与会者只需单击链接即可。 这非常方便-但这也意味着任何知道链接的人也都拥有密码。

If you have a secure way to get the password to everybody who wants to attend the meeting, consider disabling this option to add an additional level of defense. If you do this, also be careful about sending out the Zoom meeting invitation, which also includes the password.

如果您有一种安全的方法来将密码发送给所有想参加会议的人，请考虑禁用此选项以增加防御级别。 如果这样做，在发送包含密码的Zoom会议邀请时也要小心。

Zoom’s help pages for waiting rooms and passwords go into a lot more detail on lots of other settings related to this functionality, including the ability to customize your waiting room.

Zoom的候诊室和密码帮助页面详细介绍了与此功能相关的许多其他设置，包括自定义候诊室的功能。

With a paid account, you can also turn on registration, requiring people to sign up in advance. You can ask potential attendees for information; you based on their answers, you decide whether or not to send them a link. A couple things to keep in mind about registration:

使用付费帐户，您还可以打开注册，要求人们提前注册。 您可以向潜在与会者询问信息； 您根据他们的答案，决定是否向他们发送链接。 有关注册的几点注意事项：

• It can work well when it’s easy to decide whether or not you to send a link to somebody based on their answers; that’s not always the case.
  当很容易根据他们的答案来决定是否将链接发送给某人时，它可以很好地工作。 并非总是如此。
• Once you send somebody a link, they can share it with other people who can also use it to get into the meeting. Sometimes this is very helpful, but it also opens up possibilities for attackers.
  一旦您向某人发送链接，他们便可以与其他人共享该链接，他们也可以使用该链接参加会议。 有时，这很有帮助，但也为攻击者提供了可能性。
• Make sure to watch for new registrations during the meeting; sometimes people can’t find their link and so need to re-register. You can also automatically accept new registrations but that also means that any potential Zoombombers or infiltrators can get in.
  确保在会议期间注意新的注册； 有时人们找不到他们的链接，因此需要重新注册。 您还可以自动接受新注册，但这也意味着任何潜在的Zoombombers或渗透器都可以进入。

熟悉Zoom的设置和会议中的安全选项 (Get familiar with Zoom’s settings and in-meeting security options)

Zoom’s latest release adds a new security toolbar icon, which makes it easy to get at functionality you can use during the meeting to deal with Zoombombing and other issues. Options include locking the meeting (useful once everybody has shown up), disabling or enabling chat and screen-sharing, and removing participants. In-meeting security options has the details.

Zoom的最新版本添加了一个新的安全工具栏图标，使您可以轻松获得在会议期间可以使用的功能来处理Zoombombing和其他问题。 选项包括锁定会议(在所有人都出现后有用)，禁用或启用聊天和屏幕共享以及删除参与者。 会议中的安全选项具有详细信息。

Zoom also has zillions of additional settings, and many can be useful from a security perspective. Some provide useful “defense in depth” to limit the disruption attackers can cause if they get into the meeting; for example, disabling screen sharing for anybody but the host prevents people from showing everybody offensive memes or videos; turning off “annotations” keeps people from drawing on everybody’s screen. Others provide better protection for recordings, or prevent participants from inadvertently (or intentionally) sharing files with malware.

Zoom还具有数不胜数的其他设置 ，从安全性的角度来看，许多设置很有用。 有些提供了有用的“深度防御”，以限制攻击者进入会议后可能造成的破坏。 例如，禁用除主持人以外的任何人的屏幕共享功能，可以防止人们向所有人显示令人反感的模因或视频； 关闭“注释”可防止人们在每个人的屏幕上绘画。 其他的则可以为录制提供更好的保护，或防止参与者无意(或有意)与恶意软件共享文件。

Here’s a few pages cover this information in detail (although note that none of them have everything, and it may them a while to get updated to reflect Zoom’s latest releases):

这里有几页详细介绍了此信息(尽管请注意，它们都不包含所有内容，并且可能需要一段时间才能更新以反映Zoom的最新版本)：

• Global Forum for Media Development’s “Zoom-bombing” prevention & resources guide

  全球媒体发展论坛的“爆炸式增长”预防和资源指南

• Zoom’s How to Keep Uninvited Guests Out of Your Zoom Event (from March 20)

  Zoom的如何避免不速之客进入您的Zoom活动 (从3月20日开始)

• EFF’s Harden Your Zoom Settings to Protect Your Privacy and Avoid Trolls (last updated April 10)

  EFF 强化您的缩放设置以保护您的隐私并避免巨魔 (最近更新于4月10日)

• UC Berkeley’s Settings for Preventing Zoom-Bombing (last updated in late March) and UW’s Protect your Zoom meeting space and class sessions

  加州大学伯克利分校的“防止缩放炸弹设置” (最新更新于3月下旬)和华盛顿大学的“ 保护您的Zoom”会议空间和课堂会议

• Frame Shift Consulting‘s Tips for Safer Zoom Meetings (April 2) has good thoughts about roles within the meeting.

  Frame Shift Consulting的“安全缩放会议的提示” (4月2日)对会议中的角色有很好的想法。

Of course, a lot of this functionality is also useful for running effective and inclusive meetings! So in some situations it may make sense to leave some of this functionality enabled as long as you’ve taken other precautions. Recently I was on a webinar that was (unsurprisngly) targeted by Zoombombers; the panelists shrugged it off, booted the miscreants, and continued on without missing a beat. As moderator Kimberlé Crenshaw said, Black civil rights protestors responded to the Klan surrounding and screaming at them by raising their voices and singing about freedom at the top of their lungs … so we can respond to Zoombombing by talking about freedom at the top of our lungs.

当然，许多功能对于运行有效且包容的会议也很有用！ 因此，在某些情况下，只要您采取了其他预防措施，就可以启用某些功能。 最近，我参加了一个由Zoombombers(毫无疑问)针对的网络研讨会； 小组成员耸了耸肩，解开了罪犯，然后继续前进，没有错过任何拍子。 正如主持人金伯莱·克伦肖(KimberléCrenshaw)所说，黑人民权示威者对周围的可兰族作出回应，并通过抬高声音并在肺部顶部歌唱自由来向他们大喊……因此我们可以通过谈论在肺部顶部的自由来回应Zoombombing。 。

考虑替代方案 (Think about alternatives)

Zoom’s not the only game in town. Even if you continue to use Zoom for many of your meetings, it’s worth thinking about more security-conscious options for situations where confidentiality is important. Web Conferencing Security from the Australian Cyber Security Centre has some solid guidance on both how to select a web conferencing solution and how to use it securely; EFF’s What You Should Know About Online Tools During the COVID-19 Crisis is also important reading (for tools in general, not just Zoom).

Zoom不是镇上唯一的游戏。 即使您在许多会议上继续使用Zoom，也值得考虑在机密性很重要的情况下采用更多注重安全性的选项。 澳大利亚网络安全中心的网络会议安全在如何选择网络会议解决方案以及如何安全使用方面都提供了一些可靠的指导。 EFF 关于COVID-19危机期间在线工具的了解也很重要(对于一般工具，不仅是Zoom)。

End-to-end encryption (E2EE) is one important consideration here. Cryptographer Matthew Green’s Does Zoom use end-to-end encryption? has a good short explainer of why it matters, and how Zoom falls short.

端到端加密(E2EE)是这里的重要考虑因素。 密码学家Matthew Green的“缩放功能是否使用端到端加密？ 有一个很好的简短解释，解释了它为什么重要以及Zoom如何不足。

Here’s a short list of potential alternatives:

以下是潜在替代方案的简短列表：

• Signal is the gold standard for security. Its functionality is very limited compared to Zoom (group chat, 1–1 video and voice calls, but no videoconferencing), so it’s not really a replacement, but it’s a good choice for any information that’s so secret that you would be badly harmed if it got out.

  信号是安全性的金标准。 与Zoom(群组聊天，1-1的视频和语音呼叫，但没有视频会议)相比，它的功能非常有限，因此它并不是真正的替代品，但是对于任何如此秘密的信息，如果您受到严重伤害，它是一个不错的选择。它出来了。

• Wire, from the UK, is a collaboration platform built with a strong focus on security, including E2EE, open-source code, and several published security audits. Their Pro plan supports videoconferences with up to four people, and has a 30-day free trial.

  来自英国的Wire是一个协作平台，重点关注安全性，包括E2EE，开源代码和一些已发布的安全审核。 他们的Pro计划最多可支持四人的视频会议，并有30天的免费试用期。

• Tixeo, from France, has Zoom-like functionality and a strong focus on security, also including E2EE. They have a 30-day free trial, but no free option.

  来自法国的Tixeo具有类似Zoom的功能，并且高度重视安全性，其中还包括E2EE。 他们有30天的免费试用期，但没有免费选择。

• Jitsi Meet is an open-source solution with rich functionality that works directly in the browser; they’re working on E2EE. Then again, it has major accessibility issues; I’ve also seen reports of problems with Firefox (especially if there are 10 or more users) and Safari. meet.jitsi.org is an easy way to try it out, although bear in mind that without E2EE the people running the site (or anybody who’s hacked in) have access to all meetings hosted there. You can also download the software and host your own server.

  Jitsi Mee t是具有丰富功能的开源解决方案，可直接在浏览器中运行； 他们正在开发E2EE 。 再说一次，它还有重大的可访问性问题 。 我还看到了有关Firefox(特别是如果有10个或更多用户)和Safari问题的报告。 Meet.jitsi.org是一种简单的尝试方法，尽管请记住，如果没有E2EE，运行该网站的人员(或被黑的任何人)都可以访问在那里举行的所有会议。 您也可以下载软件并托管自己的服务器。

• Cisco’s WebEx has just introduced a much richer free offering and also has end-to-end encryption option. Their chat is also much better than Zoom’s.

  思科的WebEx 刚刚推出了更加丰富的免费产品 ，并且具有端到端加密选项 。 他们的聊天也比Zoom更好。

• Microsoft’s Teams is a relatively new player, and organizations that have Office 365 don’t have to pay extra for it. Teams works best if everybody has accounts in the same domain (they’ve announced a new “friends and family” version, but it’s not yet available), which isn’t necessarily a great match for activism use cases, but on the positive side it has a lot more collaboration functionality than Zoom. Similarly, Google Meet might be an option if you have G Suite.

  微软的团队是一个相对较新的参与者，拥有Office 365的组织不必为此支付额外费用。 如果每个人都在同一个域中拥有帐户(他们已经发布了新的“ 朋友和家人 ”版本，但尚不可用)，则团队工作最佳。这不一定适合激进主义用例，但从积极的方面来说它比Zoom具有更多的协作功能。 同样，如果您拥有G Suite，则可以选择使用Google Meet。

• Google’s Duo has end-to-end encryption, so might also be worth considering for smaller meetings. Microsoft’s Skype (which now makes it easy to set up video meetings) is also be an option, although it lacks key activism functionality like the ability to pre-schedule meetings.

  Google的Duo具有端到端加密，因此对于较小的会议可能也值得考虑。 微软的Skype( 现在可以更轻松地建立视频会议 )也是一个选择，尽管它缺乏关键的行动功能，例如可以预先安排会议的功能。

• And sometimes you don’t need spiffy video functionality. Will an old-fashioned conference call work for you?
  有时，您不需要出色的视频功能。 老式电话会议对您有用吗？

There’s lots of other choices out there as well — the responses to Eleanor Saitta’s thread include suggestions like Vidyo, Amazon Chime, and Webinar Jam, and here’s a crowdsourced spreadsheet with several dozen video options. As you’ve probably figured out by now, they all have challenges. And it’s not like Zoom’s the only software that has security and privacy issues! Which is riskier, a crufty old code base like WebEx (where the original development team has long since left) or a newer code base like Zoom where a lot of stuff is being discovered and fixed? And, as noyb’s recent Interrupted Transmission report highlights, everybody has a ways to go on the privacy side.

还有很多其他选择-对Eleanor Saitta主题的回复包括Vidyo，Amazon Chime和Webinar Jam之类的建议， 这是一个众包的电子表格，其中包含数十个视频选项。 您可能已经知道了，它们都面临挑战。 而且，这并不是Zoom唯一具有安全性和隐私问题的软件！ 哪一个风险更大，是像WebEx这样的笨拙的旧代码库(原始开发团队已经离开了很久了)，还是像Zoom这样的新代码库(其中发现并修复了很多东西)？ 而且，正如noyb在最近的《 中断传输》报告中所强调的那样，每个人都可以在隐私方面进行努力。

In software, as in life, there aren’t any magic bullets. Still, there might well be better options than Zoom for at least some your group’s meetings.

在软件中，就像在生活中一样，没有任何神奇的子弹。 尽管如此，至少在某些小组的会议上可能还有比Zoom更好的选择。

If you do wind up using something else, the kinds of thinking I discuss here still applies. No matter what solution you’re using:

如果您确实使用其他方法，我在这里讨论的那种想法仍然适用。 无论您使用哪种解决方案：

• You want to be running the most recent software and following best practices for configuration
  您想运行最新的软件并遵循最佳配置实践
• You need to be careful about distributing links and meeting IDs
  您在分发链接和会议ID时需要小心
• Passwords are helpful but not a panacea
  密码很有用，但不是万能药
• There are lots of settings and tradeoffs to get familiar with.
  有许多设置和权衡需要熟悉。

….

…。

Thanks to Aaron, Jesse, Kathy, Livio, Emily, Tara, Barbara, Angyl, Dragos, Tim, Kristen, and Cynthia for feedback on previous drafts. Thanks also to Larry, Claude, Amy, Kat, Jeff, George, Matt, Eleanor, Tarso, Ilya, and Lynwen for the useful info and links, and to Livio for the screenshot of the update dialog.

感谢Aaron，Jesse，Kathy，Livio，Emily，Tara，Barbara，Angyl，Dragos，Tim，Kristen和Cynthia对以前的草案提出的反馈意见。 也要感谢Larry，Claude，Amy，Kat，Jeff，George，Matt，Eleanor，Tarso，Ilya和Lynwen提供了有用的信息和链接，并感谢Livio提供了更新对话框的屏幕截图。

Change log

变更记录

April 3: emphasize checklist at the top, strengthening recommendations to look at alternatives for confidential stuff, clarifying waiting room situation, adding links.

4月3日：在顶部强调清单，加强建议以查找机密材料的替代方案，明确候诊室情况，添加链接。

April 4: including link to Zoom announcement of April 5 changes, screenshot for “require registration”, other minor cleanups.

4月4日：包括指向4月5日更改的Zoom公告的链接，“需要注册”的屏幕截图以及其他次要清理功能。

April 6: edits reflect Zoom’s latest updates, which turned passwords and waiting rooms on by default; add link to school systems banning Zoom; tighten discussion of Teams; other minor cleanups.

4月6日：所做的修改反映了Zoom的最新更新，默认情况下密码和候诊室处于打开状态； 向禁止放大的学校系统添加链接； 加强团队讨论； 其他较小的清理。

April 7–8: Updated guidance on waiting rooms, added Eleanor Saitta’s perspective, tweaked the Teams discussion again, added a few more links.

4月7日至8日：更新了候诊室指南，补充了Eleanor Saitta的观点，再次调整了小组讨论，并增加了一些链接。

April 9: update with security toolbar info, new Citizen Lab post, and Microsoft Teams link

4月9日：更新了安全性工具栏信息，新的Citizen Lab帖子和Microsoft Teams链接

April 10: update with EFF and Matthew Green links

4月10日：使用EFF和Matthew Green链接进行更新

April 18: include Jitsi E2EE, Australian Cyber Security Centre, and EFF links, along with other minor cleanups.

4月18日：包括Jitsi E2EE，澳大利亚网络安全中心和EFF链接，以及其他小的清理工作。

April 19: include Global Forum for Media Development link

4月19日：包括全球媒体发展论坛链接

翻译自: https://medium.com/hashtag-resist/using-zoom-for-activism-think-about-security-1c4f2903275a