Zoom out: on the semi-public nature of public events

Zoom out: on the semi-public nature of public events

2021- 03- 16
imagem de uma video call

Apparently, the FCCN considers normal to install apps that does not control, on computers that are not its own, to access academic events that should be public. Secure access via browser is not recommended, nor is it properly referred in the FCCN Colibri support documentation.

The new academic normality, implemented with the Colibri service by the National Scientific Computing unit of the Foundation for Science and Technology (FCT-FCCN), has a problem. What might appear to be a simple technical misunderstanding translates, in practice, into disrespect for the equality of citizens:

  1. The user is induced to install the Zoom application (page 10) to watch public events although it is possible to access them via browser (Firefox, Chrome, etc.);
  2. In fact, the manual and tutorial available are misleading, by omitting that to access via the browser the user must be previously accredited, either through his academic credentials, if he has them, or 'zoom user' credentials for those who do not.

As shown on the respective page, the Colibri service “is a web collaboration service” that “works on the Zoom platform”. Zoom is a conference service accessible via browser or via app, and in this case the Colibri links for this master or doctoral exames, as example event of University of Évora or the Instituto Superior Técnico, are nothing more than normal links to Zoom meetings, but which in the case of Colibri lead to an authentication page where only people connected to university institutions can authenticate. Despite any user with previous Zoom login, this authentication is also valid for browser access to said public exams, this is not explicitly mentioned in Colibri's manual or at the explanatory video.

Access through a proprietary application cannot be considered public access, even if it is free. The Zoom app is proprietary and has historically had serious security issues (as reported in The Independent UK, BBC News, Público or recently listed in Tomsguide e Makeuseof).

When computer security problems are increasingly demanding attention, FCT-FCCN is disseminating a culture of new normality to the academic community in which it is assumed that it is legitimate to install proprietary applications in citizens' computers.

Will the FCT-FCCN perform a technical audit of the source code of each version of Zoom that is released? Is the FCT-FCCN in a position to guarantee that each new version of Zoom is free from security problems and respectful of users' privacy? In the absence of evidence, we have to admit that it is not, and access via browser would prevent any risks.

ESOP has tried several times to contact the Colibri technical support but the answer given is unacceptable, ignores anyone concerned with the safety of their equipment and goes against the spirit of the Open Standards (Lei n.º 36/2011 de 21 de Junho), which should have led to a solution based on HTML, CSS and WebRTC standards, accessible from different browsers and operating systems.

In fact, if the citizen creates an Zoom account and is logged in before clicking on the Colibri link, he can access the event without any problem and without having to install any application, nor authenticate himself with university credentials, but this is not explained or mentioned in the manuals and explanatory videos of the Colibri platform, as it was not addressed by the respective technical support, when contacted by ESOP for this purpose.

ESOP warns to the lack of freedom of choice, the impacts on the security of citizens' computers and possible non-compliance with the Open Standards Law and again asks the Colibri service to correct the documentation and publicly announce that the Colibri events are accessible from any browser.


Links to FCT / FCCN / Colibri websites:

Colibri, (2020, 9 novembro). Assistir à reunião via browser, Colibri v3. Acedido em: fevereiro 2021, em: https://educast.fccn.pt/vod/clips/bu608ap3w/streaming.html?locale=pt

Colibri, 2021. Sobre o Colibri. Acedido em: fevereiro 2021, em: https://videoconf-colibri.fccn.pt/doc/about 

FCT-FCCN (2020, 15 de abril). Quem Somos: ao Serviço do Ensino e da Ciência. Acedido em: fevereiro 2021, em: https://www.fccn.pt/institucional/quem-somos/ 

FCT-FCCN (2020, 15 de abril). Tutorial COLIBRI. Acedido em: fevereiro 2021, em: https://www.fccn.pt/wp-content/uploads/2020/05/tutorial_colibri.pdf 


Links Online News:

Pequenino, K. (2020, 8 Abril). Zoom processada por esconder falhas de privacidade. Público. Acedido em: fevereiro 2021, em: https://www.publico.pt/2020/04/08/tecnologia/noticia/zoom-processada-esconder-falhas-privacidade-1911621

Molloy, D. e Tidy, J. (2020, 3 de Abril). Zoom 'unsuitable' for government secrets, researchers say. BBC News. Acedido em: fevereiro 2021, em: https://www.bbc.com/news/technology-52152025 

Smith, A. (2020, 14 de Dezembro).The year of Zoom: How the video app overcame scandals, security problems, and Skype. The Independent UK. Acedido em: fevereiro 2021, em: https://www.independent.co.uk/life-style/gadgets-and-tech/zoom-year-2020-scandals-skype-b1778228.html 

Wagenseil , P. (2021, 23 de Fevereiro). Zoom security issues: Here's everything that's gone wrong (so far). Tomsguide. Acedido em: fevereiro 2021, em: https://www.tomsguide.com/news/zoom-security-privacy-woes

Price, D. (2020, 21 de Novembro). Is Zoom Safe to Use? 6 Privacy Issues to Consider. Makeuseof. Acedido em: fevereiro 2021, em: https://www.makeuseof.com/is-zoom-safe/


Link para Legislation:

Lei n.º 36/2011 de 21 de Junho. Diário da República, 1.ª série, N.º 118, 21  de  Junho  de  2011. Acedido em: fevererio 2021 em: http://dre.pt/pdf1s/2011/06/11800/0359903600.pdf


Others referenced links:

ULisboa, 2021. Calendário de provas Académicas. Acedido em: fevereiro 2021, em: https://posgraduacao.tecnico.ulisboa.pt/calendario-de-provas-academicas/ 

Universidade de Évora, 2021. Provas de Mestrado e Doutoramento Acedido em: fevereiro 2021, em: https://www.uevora.pt/estudar/provas-publicas/provas-mestrado-doutoramento