1/ The reason I've been pushing back for days against the exaggerated and insufficiently contextualized reporting against Zoom is that, once it becomes a trend that "Zoom is insecure", there are hundreds of organizations where the IT staff doesn't have the means to push back.

2/ consider NYC Dept of Ed now banning Zoom. It's not clear they even recommended an alternative. Now teachers and students in the largest school district in the country have to rethink all of their plans without any certainty they'll end up with a more secure tool.

3/ I can imagine there were more than a few well meaning parents involved in this. What would you do as a parent if you read all this terrible stuff about Zoom insecurity, you don't necessarily have the training to understand it deeply, and then saw your kids using it?

4/ I think it behooves us, in the security space, to think about tradeoffs and threat models for *real-world* use cases of the product. And to contextualize everything we say to the press and to the world.

5/ As experts, we have a deep responsibility here. If we don't provide the risk/benefit context, who will?

We've got to do better.