Banned by Tesla and Google! IPFS may help Zoom solve privacy issues

On April 9, the conferencing software Zoom became one of the global hot words.

In the context of the new coronavirus pandemic, millions of people have been forced to work and study from home, which has also boosted the explosive growth in the number of users of cloud video conferencing software represented by Zoom.

Unfortunately, as more people flocked to Zoom, it became a target of harassment, and a phenomenon known as "Zoombombing" began to appear, in which uninvited users invaded the meeting. In addition, Zoom's security and privacy issues emerged one after another, attracting a series of criticisms.

According to the BBC report on April 4, these problems include sending user data to Facebook, falsely claiming that the application has "end-to-end encryption", and allowing virtual meeting hosts to track the information of participants (such as IP, etc.). Among the series of problems discovered by former US National Security Agency (NSA) hacker Patrick Wardle, there is also an information security vulnerability that makes it easier for Mac users to hack into their computer webcams and microphones when using the software.

Concerns about Zoom's security have forced some schools, including New York City, to ban it from online classes. The New York City Department of Education told teachers that they should stop using Zoom for classes and use Microsoft Teams instead.

On April 7, a Zoom shareholder filed a lawsuit in the U.S. District Court for the Northern District of California, alleging that Zoom exaggerated its privacy standards and failed to disclose that its services were not end-to-end encrypted.

Elon Musk's Tesla and rocket company SpaceX recently banned their employees from using Zoom, citing major privacy and security issues, and the Taiwanese government also notified government agencies to stop using the Zoom app.

On April 8, Google disabled the video conferencing software Zoom on employees' laptops for security reasons.

Zoom CEO Eric Yuan apologized to users last week, saying the company had not met the community's expectations on privacy and security and was taking steps to fix the problems.

But it seems that no one buys it. In order to restore its image, Zoom is determined to seek the help of Alex Stamos, former Facebook security director, to solve its increasingly serious privacy problems.

This move attracted coverage from world-renowned media outlets including Reuters, BBC, CNN, and the Wall Street Journal.

Alex Stamos is famous for challenging privacy issues

Alex Stamos, who was invited by Zoom this time, is the former CSO (Chief Solutions Officer) of Facebook and Yahoo. He is currently a professor at Stanford University.

He is best known for blasting Mark Zuckerberg for accumulating too much power through Facebook and should step down as Facebook CEO.

While at Facebook, Stamos provided candid explanations of the inner workings and reasoning behind the opaque social network, and also suggested that the company needed to take a serious approach to user privacy.

Stamos also played a central role in responding to Russian trolls' interference in the 2016 U.S. presidential election and is known for confronting other company leaders on challenging privacy issues.

Stamos believes that the real challenge facing every company trying to meet the needs of millions of people seeking low-friction collaboration is how to empower their customers without empowering those who wish to abuse them, and encourages the industry as a whole to use this moment to reflect on its own security practices and have candid conversations about what we can all do better.

In fact, Zoom is just a microcosm of privacy issues in the era of big data.

The disclosure of the Prism Gate incident in the United States has had a shocking impact on the human society under the Internet, which is no different from the impact of the atomic bomb explosion on the world decades ago. More than one country has been involved in the theft of privacy. As time goes by, more secrets have been exposed by Snowden and presented to the world. Big data technology has made the Prism Gate possible, and big data has also put people's privacy in this era on the stage.

Privacy issues require reforms from the underlying technology

In the face of the increasingly serious problem of privacy leaks, it is not enough to rely on people like Alex Stamos alone.

At the media level, more publicity support is needed to raise people's awareness of protecting privacy and striving for data ownership.

However, a more thorough solution is to reform the underlying Internet technology.

At present, blockchain technologies such as IPFS seem to have made new progress in data authorization and encrypted statistics.

Take IPFS as an example.

Like many distributed data storage technologies, IPFS uses what is called a distributed hash table (DHT for short).

In practice, this means that when an IPFS node introduces new content, it announces to all of its connected peers that it has that content. This is done so that the IPFS network knows where that content is located. The more peers the original node announces content to, the easier it is to discover that content.

For most of the world, these content announcements happen behind the scenes and are just part of how the IPFS network works. However, depending on the business model of an enterprise, these content announcements can be very valuable, so they are incentivized to record as many of these announcements as possible.

Record hash value

For companies that wish to track this data, all they have to do is make a slight modification to their IPFS nodes. The tweak simply adds code that logs each DHT announcement, rather than letting DHT records expire as they normally would.

Since this strategy requires the recording node to be connected to the announcement node, it works best when trying to record notifications from a specific node. In order to record the entire IPFS network as a whole, you need to maintain a connection to every IPFS node that stores content. This requires a strong network of nodes spread across the world.

Users can also be tracked

It’s not just the host node that can be tracked. Users who request content can be tracked, too! When a user running a node requests content from the network, every node they are connected to receives a message requesting that content. Similar to logging content announcements, content requests can also be logged. In fact, if a node doesn’t have the requested content, the node relays the request to other nodes to try to find the content, which means that more nodes may be logging that information.

How does IPFS achieve privateness?

Let’s talk about a few ways to use IPFS while maintaining privacy.

1. Private IPFS Network

Private IPFS networks provide the highest level of privacy from the outside world. Private IPFS networks are the same as public networks, and only participants can communicate with other nodes in the same private IPFS network. This means that only those nodes in the private network can see content announcements/content requests, etc.

2. Content encryption

Applications that intend to maintain public IPFS network usage may want to encrypt content uploaded to the IPFS network. Encrypted content can still be tracked, but the main difference is that the content will be unreadable without the decryption key.

3. Gateway usage

In terms of privacy, they are still a useful tool for users who wish to hide their identity when requesting content on the IPFS network. Requesting content through a public gateway allows users to retrieve content from the IPFS network without running their own node. While the rest of the network can still see the gateway requesting content, the request will only appear as one of many requests made through that gateway.

With the application of technologies such as IPFS, we believe that the problem of privacy leakage can be gradually improved. Zoom's request for support from Alex Stamos is a good sign. I hope that more companies can take real action to protect data privacy and strengthen data security.

Sources:

https://baijiahao.baidu.com/s?id=1663473828127193957&wfr=spider&for=pc

http://finance.sina.com.cn/stock/relnews/us/2020-04-09/doc-iircuyvh6809914.shtml

This article is original from Star Continent, welcome to follow and learn with us!