Zoom只為付費(fèi)用戶提供高級加密,免費(fèi)用戶面臨安全風(fēng)險
Robert Hackett
2020-06-05
圖片來源:GettyImages
為了贏得消費(fèi)者的芳心,許多科技界巨頭都提供端對端加密,,作為一種默認(rèn)防護(hù)措施,。這種安全措施可以避免闖入者和潛在的竊聽者偷聽他人的對話。
近幾年,,端對端加密已經(jīng)成為聊天和視頻通話應(yīng)用的標(biāo)配,,所以人們很容易理所應(yīng)當(dāng)?shù)卣J(rèn)為,這類應(yīng)用就該采取這種技術(shù),。Facebook的WhatsApp,、蘋果(Apple)的FaceTime和Alphabet的Google Meet等免費(fèi)產(chǎn)品都支持這種功能,,即使這些公司自己也無法查看用戶通信的內(nèi)容。
但Zoom Video Communications卻沒有采用端對端加密,。新冠疫情爆發(fā)迫使人們居家隔離,,使該公司的視頻會議軟件爆紅。該公司計劃僅為其付費(fèi)用戶保留這種安全性更高的加密形式,。
上周,,路透社最先報道了Zoom公司的這一決定。其CEO袁征在周二召開的投資者盈收電話會議上證實(shí)了這一決定,。(該公司年收入比分析師的預(yù)測高出近一倍,,遠(yuǎn)遠(yuǎn)超出了金融分析師的預(yù)期。)
袁征表示:“我們認(rèn)為該功能應(yīng)該屬于為企業(yè)和專業(yè)用戶提供的服務(wù),?!彼a(bǔ)充說,公司不會為免費(fèi)用戶提供這項(xiàng)功能,,“因?yàn)橐坏┯腥死肸oom從事不法行為,,我們希望配合聯(lián)邦調(diào)查局和地方執(zhí)法部門的調(diào)查?!?
進(jìn)退兩難
對于注重隱私的消費(fèi)者而言,,端對端加密當(dāng)然是福音,但它卻是讓政府頭痛的問題,。執(zhí)法部門認(rèn)為,,從恐怖主義到虐待兒童等案件中,該項(xiàng)技術(shù)妨礙了調(diào)查人員追查線索和收集證據(jù),。
廢除端對端加密依舊是司法部的主要工作,。美國司法部長威廉?巴爾曾多次抨擊蘋果不幫助解鎖一名恐怖分子的手機(jī),這令人不由想起2016年蘋果與FBI的對峙,。去年秋天,,巴爾與英國和澳大利亞官員聯(lián)合致信Facebook,要求該公司推遲在所有通信產(chǎn)品中采用端對端加密技術(shù),。
端對端加密技術(shù)在國會同樣是被抨擊的目標(biāo)。美國參議院正在考慮起草《消除對交互式技術(shù)的濫用和普遍忽視法案》(EARN IT Act),,該法案可能迫使科技公司在其代碼中安裝“后門”,。該項(xiàng)法案的初衷是允許政府獲取犯罪嫌疑人的通信記錄,但最終可能妨礙對所有人的端對端加密保護(hù),。
端對端加密不同于其他加密方式,,因?yàn)樗褂脗€人設(shè)備上存儲的加密密鑰(實(shí)際上就是一個密碼)進(jìn)行數(shù)據(jù)加密。因?yàn)橹挥袇⑴c對話的各方知道解密數(shù)據(jù)的專門代碼,,因此除了指定接收人以外,,其他人都無法讀取信息內(nèi)容,。
在其他人眼中,加密數(shù)據(jù)就像是天書一樣,。
緩慢而穩(wěn)定
Zoom決定只對部分客戶提供端對端加密,,可以視為是一種妥協(xié)。
今年早些時候,,該公司因?yàn)榘踩碗[私問題備受批評,,當(dāng)時其CEO袁征承諾暫停所有工程設(shè)計業(yè)務(wù)90天,團(tuán)隊(duì)將集中精力解決“信任”問題,。一方面,,Zoom平衡了對用戶的隱私保護(hù);另一方面,,它努力讓自己站在監(jiān)管人員的一邊,。
在業(yè)務(wù)飛速增長的同時,Zoom也面臨著法律上的阻力,。聯(lián)邦貿(mào)易委員會已經(jīng)表示,,正在對Zoom在隱私政策方面涉嫌誤導(dǎo)用戶的行為展開調(diào)查。Zoom的服務(wù)已經(jīng)因?yàn)榕按齼和瘑栴}攤上了聯(lián)邦官司,;《紐約時報》最近有關(guān)該案的調(diào)查報告中引用了一位聯(lián)邦檢察官在法院的結(jié)案陳詞,,這位檢察官形容Zoom的服務(wù)是“兒童色情領(lǐng)域的奈飛”。
只對付費(fèi)用戶提供端對端加密,,使他們可以為享受最強(qiáng)大的隱私保護(hù)設(shè)置,。通過這樣做,Zoom保證可以留住這些用戶,,免費(fèi)用戶則將面臨更大的風(fēng)險,。這一決定的另外一項(xiàng)好處是,可以鼓勵個人和企業(yè)用戶使用付費(fèi)產(chǎn)品,,推動Zoom的業(yè)務(wù)繼續(xù)飛速發(fā)展,。
加密通信應(yīng)用Keybase的聯(lián)合創(chuàng)始人馬克思?克羅恩在代碼共享網(wǎng)站GitHub上發(fā)表了一篇文章。文章中寫道,,未來Zoom將公開征求意見,,繼續(xù)“完善”其加密計劃。Keybase最近被Zoom收購,,但交易金額未對外披露,。
有人可能將Zoom的決定解釋為默認(rèn)提供更低的安全保護(hù)。但這樣做能提升業(yè)務(wù),,免于遭到監(jiān)管人員的調(diào)查,,還能保證公司對于濫用其平臺但沒有給其帶來任何好處的用戶有所動作。正如美國公民自由聯(lián)盟的技術(shù)人員喬恩?卡拉斯告訴路透社,Zoom的策略似乎是一種合理的方法,,可以“擺脫無賴”和“真正做出可怕行徑”的人,。(財富中文網(wǎng))
翻譯:劉進(jìn)龍
審校:汪皓
為了贏得消費(fèi)者的芳心,許多科技界巨頭都提供端對端加密,,作為一種默認(rèn)防護(hù)措施,。這種安全措施可以避免闖入者和潛在的竊聽者偷聽他人的對話。
近幾年,,端對端加密已經(jīng)成為聊天和視頻通話應(yīng)用的標(biāo)配,,所以人們很容易理所應(yīng)當(dāng)?shù)卣J(rèn)為,這類應(yīng)用就該采取這種技術(shù),。Facebook的WhatsApp,、蘋果(Apple)的FaceTime和Alphabet的Google Meet等免費(fèi)產(chǎn)品都支持這種功能,即使這些公司自己也無法查看用戶通信的內(nèi)容,。
但Zoom Video Communications卻沒有采用端對端加密,。新冠疫情爆發(fā)迫使人們居家隔離,使該公司的視頻會議軟件爆紅,。該公司計劃僅為其付費(fèi)用戶保留這種安全性更高的加密形式,。
上周,路透社最先報道了Zoom公司的這一決定,。其CEO袁征在周二召開的投資者盈收電話會議上證實(shí)了這一決定,。(該公司年收入比分析師的預(yù)測高出近一倍,遠(yuǎn)遠(yuǎn)超出了金融分析師的預(yù)期,。)
袁征表示:“我們認(rèn)為該功能應(yīng)該屬于為企業(yè)和專業(yè)用戶提供的服務(wù),。”他補(bǔ)充說,,公司不會為免費(fèi)用戶提供這項(xiàng)功能,,“因?yàn)橐坏┯腥死肸oom從事不法行為,我們希望配合聯(lián)邦調(diào)查局和地方執(zhí)法部門的調(diào)查,?!?
進(jìn)退兩難
對于注重隱私的消費(fèi)者而言,端對端加密當(dāng)然是福音,,但它卻是讓政府頭痛的問題,。執(zhí)法部門認(rèn)為,從恐怖主義到虐待兒童等案件中,,該項(xiàng)技術(shù)妨礙了調(diào)查人員追查線索和收集證據(jù),。
廢除端對端加密依舊是司法部的主要工作。美國司法部長威廉?巴爾曾多次抨擊蘋果不幫助解鎖一名恐怖分子的手機(jī),,這令人不由想起2016年蘋果與FBI的對峙。去年秋天,巴爾與英國和澳大利亞官員聯(lián)合致信Facebook,,要求該公司推遲在所有通信產(chǎn)品中采用端對端加密技術(shù),。
端對端加密技術(shù)在國會同樣是被抨擊的目標(biāo)。美國參議院正在考慮起草《消除對交互式技術(shù)的濫用和普遍忽視法案》(EARN IT Act),,該法案可能迫使科技公司在其代碼中安裝“后門”,。該項(xiàng)法案的初衷是允許政府獲取犯罪嫌疑人的通信記錄,但最終可能妨礙對所有人的端對端加密保護(hù),。
端對端加密不同于其他加密方式,,因?yàn)樗褂脗€人設(shè)備上存儲的加密密鑰(實(shí)際上就是一個密碼)進(jìn)行數(shù)據(jù)加密。因?yàn)橹挥袇⑴c對話的各方知道解密數(shù)據(jù)的專門代碼,,因此除了指定接收人以外,,其他人都無法讀取信息內(nèi)容。
在其他人眼中,,加密數(shù)據(jù)就像是天書一樣,。
緩慢而穩(wěn)定
Zoom決定只對部分客戶提供端對端加密,可以視為是一種妥協(xié),。
今年早些時候,,該公司因?yàn)榘踩碗[私問題備受批評,當(dāng)時其CEO袁征承諾暫停所有工程設(shè)計業(yè)務(wù)90天,,團(tuán)隊(duì)將集中精力解決“信任”問題,。一方面,Zoom平衡了對用戶的隱私保護(hù),;另一方面,,它努力讓自己站在監(jiān)管人員的一邊。
在業(yè)務(wù)飛速增長的同時,,Zoom也面臨著法律上的阻力,。聯(lián)邦貿(mào)易委員會已經(jīng)表示,正在對Zoom在隱私政策方面涉嫌誤導(dǎo)用戶的行為展開調(diào)查,。Zoom的服務(wù)已經(jīng)因?yàn)榕按齼和瘑栴}攤上了聯(lián)邦官司,;《紐約時報》最近有關(guān)該案的調(diào)查報告中引用了一位聯(lián)邦檢察官在法院的結(jié)案陳詞,這位檢察官形容Zoom的服務(wù)是“兒童色情領(lǐng)域的奈飛”,。
只對付費(fèi)用戶提供端對端加密,,使他們可以為享受最強(qiáng)大的隱私保護(hù)設(shè)置。通過這樣做,,Zoom保證可以留住這些用戶,,免費(fèi)用戶則將面臨更大的風(fēng)險。這一決定的另外一項(xiàng)好處是,,可以鼓勵個人和企業(yè)用戶使用付費(fèi)產(chǎn)品,,推動Zoom的業(yè)務(wù)繼續(xù)飛速發(fā)展,。
加密通信應(yīng)用Keybase的聯(lián)合創(chuàng)始人馬克思?克羅恩在代碼共享網(wǎng)站GitHub上發(fā)表了一篇文章。文章中寫道,,未來Zoom將公開征求意見,,繼續(xù)“完善”其加密計劃。Keybase最近被Zoom收購,,但交易金額未對外披露,。
有人可能將Zoom的決定解釋為默認(rèn)提供更低的安全保護(hù)。但這樣做能提升業(yè)務(wù),,免于遭到監(jiān)管人員的調(diào)查,,還能保證公司對于濫用其平臺但沒有給其帶來任何好處的用戶有所動作。正如美國公民自由聯(lián)盟的技術(shù)人員喬恩?卡拉斯告訴路透社,,Zoom的策略似乎是一種合理的方法,,可以“擺脫無賴”和“真正做出可怕行徑”的人。(財富中文網(wǎng))
翻譯:劉進(jìn)龍
審校:汪皓
In the contest to win over consumers, many tech giants have taken to offering end-to-end encryption as a default safeguard. The security measure helps prevent interlopers and would-be eavesdroppers from snooping on people’s conversations.
End-to-end encryption has become such a fixture of chat and video-calling apps in recent years that it can easily be taken for granted. Free products such as Facebook’s WhatsApp, Apple’s FaceTime, and Alphabet’s Google Meet all support the feature, which prevents even the companies themselves from scrutinizing the contents of users’ communications.
Not so at Zoom Video Communications. The company, whose videoconferencing software became ultra-popular as the coronavirus pandemic started forcing people to shelter at home, plans to reserve the heightened form of encryption solely for its paying customers.
Eric Yuan, Zoom’s CEO, confirmed the decision, first reported by Reuters last week, in an earnings call with investors Tuesday. (The company blew financial analysts’ expectations out of the water, nearly doubling its annual revenue forecast.)
“We think this feature should be a part of our offering” for business and professional customers, Yuan said. He added that the company doesn’t plan to offer free users the same luxury, “because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose.”
Stuck in the middle
While end-to-end encryption can be a boon for privacy-conscious consumers, it can be a headache for governments. Law enforcement argues that the technology prevents investigators from following leads and collecting evidence in cases ranging from terrorism to child abuse.
Quashing end-to-end encryption remains a high priority for the Justice Department. U.S. Attorney General William Barr has repeatedly blasted Apple for failing to help unlock the phone of a terrorist—a confrontation that calls to mind the Apple vs. FBI fight of 2016. In the fall, Barr cosigned a letter with peers in the U.K. and Australia asking Facebook to delay its rollout of end-to-end encryption across all its messaging products.
The encryption technology is under fire in Congress too. The Senate is currently entertaining a bill, called the EARN IT Act, which could force tech companies to install “backdoors” in their code. The proposed law is designed to allow the government to gain access to suspected criminals’ communications, but it could end up thwarting end-to-end encryption protections for everyone.
End-to-end encryption differs from other forms of encryption in that it encrypts data using a secret cryptographic key, essentially a password, stored on a person’s personal device. Since only the parties privy to a conversation have the special codes required to decipher the data, no one but the intended recipients can read the contents of messages.
For everyone else, the encrypted data looks like gobbledygook.
Slow and steady
Zoom’s decision to enable end-to-end encryption for some, but not all, customers can be interpreted as a compromise.
When the company was under fire for security and privacy lapses earlier this year (Zoombombing, anyone?), CEO Yuan promised to pause all other engineering work for 90 days while his team concentrated on fixing the “trust” issues. On the one hand, Zoom had to balance the privacy of its users; on the other, it sought to remain on the right side of regulators.
For all Zoom’s zoomph, the company faces legal headwinds. Already, the Federal Trade Commission has indicated that it is probing Zoom for potentially misleading people about its privacy. And Zoom’s service has also appeared in federal lawsuits concerning child abuse; one federal prosecutor, who was quoted in a recent New York Times investigation, described the service as “the Netflix of child pornography” in a closing argument at court.
By rolling out end-to-end encryption for only paying customers, Zoom assures that it can maintain records on people who enjoy the strongest privacy settings. The move, which leaves freeloaders more exposed, has the added benefit of encouraging people and businesses to shift to the paid product, bolstering Zoom’s rocketing business.
Max Krohn, cofounder of Keybase, an encrypted messaging app that was recently snatched up by Zoom for an undisclosed amount, said in a paper posted to the code-sharing site GitHub that the company would seek public comment and continue to “refine” its encryption plan over time.
One could interpret Zoom’s decision as offering weaker security by default. But it also boosts the business, potentially keeps regulators at bay, and provides cover that the company is doing something about abusive users of its platform from whom it had nothing to gain. As Jon Callas, a technology fellow at the American Civil Liberties Union, told Reuters, the strategy seems to be a reasonable way for Zoom “to get rid of the riffraff” and the people who do “real horrible stuff.”
財富中文網(wǎng)所刊載內(nèi)容之知識產(chǎn)權(quán)為財富媒體知識產(chǎn)權(quán)有限公司及/或相關(guān)權(quán)利人專屬所有或持有,。未經(jīng)許可,,禁止進(jìn)行轉(zhuǎn)載、摘編,、復(fù)制及建立鏡像等任何使用,。
