It has come to our attention that there might be a serious security issue with BBB recordings. This seems to be an already known issue which is why I’m not going through the trouble of doing a specific disclosure here.
My question is: how can we tell which recordings there are on our server?
If I look in /admins/recordings on our instance, I see only public recordings which is a relief, but if I search for a recording, i find more!
How do you manage recordings to make sure they are not publicly accessible? And how do you deal with the issue that recordings are done even though the recording button has not been pressed?
for context, we had been using tor.meet.coop for a while until we realized the server was unmaintained and found the critical issues mentioned here. since then, the DNS record was taken offline, but from what I understand the underlying server (ca.meet.coop) is still online, along with our user and recordings database…
is there a way our personal data could be wiped from there?
if you need it, i have a spreadsheet of users I found while browsing around the admin interface before the DNS record was yanked…
