Show HN: Zoom Redirector

Never zoom for me ever again with their malware.

I refuse to use or install their product.

That is great for you. For a lot of people it's becoming a requirement of their jobs, and quitting in a global pandemic over an app seems like a non-optimal response.

Why is it malware?

RCE vulnerabilities, joins rooms without consent, tries very hard to persist beyond uninstalls. And their security attitude mirrors SCdF's: Your company forces you to use us, fuck you.

this attitude is actually a major part of the problem - if engineers would consistently speak up instead about this not meeting security / privacy standards maybe we could have nice things. unfortunately people either really are this incompetent and don't know or lack the balls to do so. Either way we all lose out.

zoom seriously needs to die. no friggin way I'd ever engage in a responsible disclosure with this company - no matter who gets thrown under the bus.

let me expand (copy pasta from my comment on sibling post[0]):

this isn't the first time zoom got caught red-handed[1]. Last year they were called out for installing a local web server in order to disable security controls to get around the deprecated NPAPI[2] ... this is _literally_ what malware does. Seriously fuck zoom!

[0] https://news.ycombinator.com/item?id=22658173

[1] https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...

[2] https://en.wikipedia.org/wiki/NPAPI

No one is saying don't speak up.

You're commenting on a post that is about a link that helps people use a web version of Zoom, which by its definition doesn't have the malware issues that people talk about (unless they are breaking sandboxing in the browser which would be pretty major).

What I was replying to was the "no grey area allowed" black and white dying on a hill response to the existence of the tool at all. This is why non technical people roll their eyes at technical folks and ignore us, because so many of us live in this world where we aren't willing to negotiate or hold more than a single thought in our heads at once.

I don't want to use Zoom, I bring up alternatives at my org all the time, and meetings that I control do not use it, and I do not install their binaries on my own devices, instead opting to use the web client when required. But the reality is that I don't get to make that call all the time, and if it's a choice between using Zoom on the web and not communicating at all, then the choice seems pretty clear to me.

I understand your sentiment and am even inclined to agree with it. but I have been there before just too many times. there is always a momentum for such a discussion as long as the product hasn't yet fully saturated the market. that said, even if that window of opportunity is utilized by critics (e.g. engineers and early adopters) there still is a high risk that this type of behavior (by Zoom) gets normalized. it's the same old pattern: we create small hacks and workarounds which nobody except a minority knows or cares about - eventually they'll release features which we're no longer able to workaround - by then employers consider it as a "critical software to do business" - by which any discussions about flaws have become impossible. (too big too fail)

if we don't speak up now and give them FIRE, then the covid19 crisis will have been the reason why another surveillance technology gets normalized. working under tracking a la "upwork.com" - where marketeers decide how to screen capture and key-log all input is somehow normal.

note: I'm not attacking your point and didn't think you agree to Zoom's way of doing things. I just feel really strongly about not giving them any benefit of the doubt because they have already got a history of abusing trust.

my comment in the sibling thread mentions why this literally can't be fixed with a browser add-on: https://news.ycombinator.com/item?id=22662212

again: not an attack on your comment, not attacking OP's work either. and we probably agree on more than we disagree here by what I can tell

Do you have a recommended alternative?