←back to thread

Show HN: Zoom Redirector

(github.com)
279 points arkadiyt | 1 comments | 22 Mar 20 22:11 UTC | HN request time: 0s | source
Show context
DyslexicAtheist ◴[23 Mar 20 08:54 UTC] No.22662212[source]
I don't want to diss an effort made with good intentions. though this is like using duct tape on fatally flawed design - it doesn't solve the problem. We're dealing with an inherently hostile company which aggressively uses dark pattern, ignoring privacy and security best practices. Not only are they ignoring these things they actively bypass the security control on the host-system where it is installed - this is literally what malware does. You don't put duct tape on malware so it works better for you!

If they would be a Chinese company they'd be banned and probably even sanctioned. Stop using this shit and stop justifying its use just because your employer makes you use it. Grow some balls (or eggs) and speak up naming it for what this is (malware) - so that we can all have nice things and not be forced to engage in endlessly justifying ourselves because "team or company XYZ is using it too and it works great for them ..."

replies(4): >>22662425 #>>22662461 #>>22662654 #>>22663295 #
skrebbel ◴[23 Mar 20 09:48 UTC] No.22662425[source]
I have absolutely no idea what you're on about. How is Zoom malware?

By "actively bypass the security" do you mean "it's a program that you need to install on your computer"?

Can you elaborate why Zoom is malware in ways that VS Code, VLC Media Player or Photoshop aren't?

EDIT: I mean the question honestly, as a question. I might have missed something. I mean, I saw yesterday's HN topic on a tweet that claims it sends info about all active programs to a server. But I saw nothing to substantiate that other than an "attention tracking" feature which is way less invasive than what's described in that tweet and off by default.

Did I miss the evidence, or some other damning privacy invading misfeature?

replies(2): >>22662486 #>>22662641 #
rainforest ◴[23 Mar 20 10:05 UTC] No.22662486[source]
The videoconferencing industry seems to believe it's necessary to bypass regular OS protections to make the UX "better".

For example: https://www.theverge.com/2019/7/8/20687014/zoom-security-fla... By design, instead of using a URL handler, they run a HTTP server on your machine to bypass the "open with" dialog. There are good reasons not to trust the binaries they ask you to run.

Here, it turns out they offer a web client after all, which is nice and sandboxed, but they default to trying to run a binary on your machine where you have less control over what it does.

replies(1): >>22662785 #
kristianc ◴[23 Mar 20 10:58 UTC] No.22662785{3}[source]
> Update, 5:15PM ET July 9th: Zoom has published a blog post detailing its response to this vulnerability, including how it will patch its software and uninstall the webserver it has installed on Macs. More details here, and original story follows.

Seems like they don't, and haven't since July.

replies(2): >>22662867 #>>22663315 #
1. rainforest ◴[23 Mar 20 12:21 UTC] No.22663315{4}[source]
This is an example. Why would you trust an organisation that engineers "solutions" to security measures but does so without due care and attention leading to a widespread critical security bug?