Re: DingTalk software concerns?

[Ramon Rentas <rentas () MACALESTER EDU>]

I never heard of that app until now, so I did some google searches and
found lots of articles warning about the app's weak security that would
allow the Chinese Government to spy in the app's users.  Below is one of
such articles.

https://www.cnbc.com/2019/10/14/china-xi-jinping-ideology-app-has-backdoor-that-could-let-beijing-snoop-on-users-report.html

Good luck,

Ramón
---

Ramón Rentas

Associate Director for Infrastructure, Security & Enterprise Services

Information Technology Services

rentas () macalester edu

1600 Grand Avenue

Saint Paul, MN 55105 USA

[image: mac-sec-horizontal-logo-150w.jpg]
                                                        *Never email your
password to anyone!*

The information transmitted may contain confidential material and is
intended only for the person or entity to which it is addressed.  Any
review, retransmission, dissemination or other use of, or taking of any
action by persons or entities other than the intended recipient is
prohibited.  If you are not the intended recipient, please delete the
information from your system and contact the sender.  The opinions
expressed are those of the sender, and not necessarily those of Macalester
College.


On Thu, Feb 11, 2021 at 8:09 AM Bole, Jim A <jbole () albany edu> wrote:

> We have a faculty group planning to teach students at a Chinese
> university. The university, as well as a lot of folks in China, use
> DingTalk.
>
>
>
> Our faculty wants to install it to conduct classes, much in the same
> manner as they use Zoom.
>
>
>
> Anyone have any experience with this?
>
>
>
> I do have some privacy concerns for the faculty members using the
> software. It’s entirely possible that their activities would be tracked by
> someone in China. And that tracking could potentially include things like
> our network ranges, etc.
>
>
>
> But it looks like the software itself isn’t malicious. The mobile app has
> been vetted by Apple and Google.
>
>
>
> I’ve reviewed their privacy page:
> https://page.dingtalk.com/wow/dingtalk/act/privacy-en-lite?
>
>
>
> I’ve reviewed their security whitepaper (attached). First time I’d heard
> of ChaCha20 encryption.
>
>
>
> While it does have some interesting language, it covers most of the basics.
>
>
>
> It’s an interesting use case and I’d appreciate any feedback.
>
>
>
> Jim Bole
>
> Chief Information Security Officer
>
> Information Technology Services
>
> University at Albany
>
>
>
>
>
> **********
> Replies to EDUCAUSE Community Group emails are sent to the entire
> community list. If you want to reply only to the person who sent the
> message, copy and paste their email address and forward the email reply.
> Additional participation and subscription information can be found at
> https://www.educause.edu/community

**********
Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the 
person who sent the message, copy and paste their email address and forward the email reply. Additional participation 
and subscription information can be found at https://www.educause.edu/community