How the Zoom macOS installer does its job without you clicking ‘install’

The whole torrent of grey area, just over the line and outright shady behavior at Zoom is a problem in itself even if all the separate instances in isolation aren't grounds to stop using them. Their responses to security issues and today's revelation of misleading marketing on E2E encryption make it clear they're not just making isolated mistakes. Shady is at the core of how they operate, this is an indication that Zoom has a company culture of accepting borderline behavior. Otherwise it wouldn't be so widespread.

As a customer this is a reason for me to stop using Zoom. Not in the last place because I'm quite sure we're only seeing the public tip of the iceberg of all the unacceptable things happening within Zoom.

Unfortunately, the current system and people in power seems to not give a damn about security and shady behavior, as long as the thing they are using is working and working well. Zoom is an example of very useful and performant software with shady company behind it, that's why people will continue using it.

Same with Uber, Google and bunch of other companies. It doesn't matter what they do, as their product is helping people enough for people to look past the terrible things.

Enterprise customer DO give a damn about security. They can be slow to react, but rules are also there for a very long time. If Zoom doesn't want to loose most of their marketshare in favor of WebEx, they should probably address these issues.

> Enterprise customer DO give a damn about security

You are wrong. Even without extensive experience in the space, you can very easily see how even large companies don't secure themselves at all. The US has had equifax recently, and it's not like that was an isolated example either. There just isn't a security culture at the eye-watering heights of corporate upper management and while everyone's as busy making money as they are, there never will be. It doesn't fit into the system, and anyone who tries to change it gets muscled out by people who don't want it to change - because that is simply what's most efficient.

They're much more likely to lose it to Microsoft Teams, which has been doing great the last several weeks.

This has been my experience as well. Large companies pay lip-service to security that protects their customers; they want just enough for legal deniability in the event of a breach, but not so much that it impacts operations or profits.

However, they can be...enthusiastic when it comes to security around protecting themselves. If you report an issue with customer information on a public S3 bucket, they might get around to fixing it someday, but if there are "trade secrets" or the like in that bucket, the issue is going to get fixed immediately and someone with a big title probably won't be coming in tomorrow.

As an employee of a corporate can tell you that they do not care about security more than money. cheaper the better. Money > Security

“Enterprise customer DO give a damn about security.“

When I look at IT they give a damn about some security but then completely ignore other huge problems. I think a bigger concern for them is cost, liability and convenience for the administrators.

I think you underappreciate one point here: We can still have long term alternatives to Zoom (and we can have them now).

Google and Uber are already difficult to replace or to otherwise challange.

They're using malware-like behaviors to spread out and reach more customers, even at the cost of security.

Correct, and we blocked zoom.us on the corporate network. No way we're allowing this malware within our walls.

We already have meet.google.com that works well for us, and external clients can easily join through a web browser.

Uber is trivially easy to replace with Lyft or $generic-taxi-app.

Lyft only operates in US and Canada. Uber is available in 63 countries. The convenience you get just having that one Uber app work is not easily replaced. But yeah you could always try to find the local ride sharing companies app, but it can be far less convenient.

How do you persuade enough taxi drivers to use $generic-taxi-app in enough areas to make it worthwhile for someone to choose to use it instead of Uber?

They probably learned a lesson from Whatsapp which was a nightmare of insecurity in the early days that cutting corners gets results and approximately no one cares (except the tiny minority like us who would never use it anyway).

Only a tiny minority of wealthy people frequently travel internationally. This is not a major selling point that will save Uber.

This is hilariously wrong. I brought up Zoom issues at our enterprise client - no one gives a shit (this is in Germany, so rather privacy focused). As a consultant I felt a need to bring the issues up, backed with sources of course.

So why does no one care? Because Zoom UI/UX apparently works 100x better than most other solutions. People dont even REACT when I mentions Jitsi or just using the Teams solution that every Microsoft customer has anyways.

The enterprise I was talking about is using a mix of Microsoft Teams and Zoom. Our team started with Teams, now we are using Zoom because I don't even know. Others also move from Teams to Zoom.

I bring this up to lots of people and the response is rolling eyes and "shut the fuck up" in business euphemisms. Zoom is viral now and privacy has no say in its success.

Could also be an issue of pricing. I wouldn't be surprised if Zoom is cheaper than MS. Maybe someone with knowledge on the sourcing side could comment on that.

Sorry, I wasn't clear enough. The enterprise already has a Teams license which is part of an Office/Microsoft deal that they will of course continue to have.

So Teams is there, will stay there and it works well but people are still moving to Zoom anyways.