←back to thread

How the Zoom macOS installer does its job without you clicking ‘install’

(twitter.com)
796 points _Microft | 1 comments | 31 Mar 20 11:41 UTC | HN request time: 0s | source
Show context
t0mas88 ◴[31 Mar 20 12:06 UTC] No.22736717[source]
The whole torrent of grey area, just over the line and outright shady behavior at Zoom is a problem in itself even if all the separate instances in isolation aren't grounds to stop using them. Their responses to security issues and today's revelation of misleading marketing on E2E encryption make it clear they're not just making isolated mistakes. Shady is at the core of how they operate, this is an indication that Zoom has a company culture of accepting borderline behavior. Otherwise it wouldn't be so widespread.

As a customer this is a reason for me to stop using Zoom. Not in the last place because I'm quite sure we're only seeing the public tip of the iceberg of all the unacceptable things happening within Zoom.

replies(2): >>22736799 #>>22738601 #
capableweb ◴[31 Mar 20 12:23 UTC] No.22736799[source]
Unfortunately, the current system and people in power seems to not give a damn about security and shady behavior, as long as the thing they are using is working and working well. Zoom is an example of very useful and performant software with shady company behind it, that's why people will continue using it.

Same with Uber, Google and bunch of other companies. It doesn't matter what they do, as their product is helping people enough for people to look past the terrible things.

replies(3): >>22736841 #>>22737789 #>>22737910 #
Fiahil ◴[31 Mar 20 12:29 UTC] No.22736841[source]
Enterprise customer DO give a damn about security. They can be slow to react, but rules are also there for a very long time. If Zoom doesn't want to loose most of their marketshare in favor of WebEx, they should probably address these issues.
replies(6): >>22737049 #>>22737090 #>>22737713 #>>22737745 #>>22737945 #>>22739109 #
krageon ◴[31 Mar 20 13:01 UTC] No.22737049[source]
> Enterprise customer DO give a damn about security

You are wrong. Even without extensive experience in the space, you can very easily see how even large companies don't secure themselves at all. The US has had equifax recently, and it's not like that was an isolated example either. There just isn't a security culture at the eye-watering heights of corporate upper management and while everyone's as busy making money as they are, there never will be. It doesn't fit into the system, and anyone who tries to change it gets muscled out by people who don't want it to change - because that is simply what's most efficient.

replies(1): >>22737136 #
1. mywittyname ◴[31 Mar 20 13:11 UTC] No.22737136[source]
This has been my experience as well. Large companies pay lip-service to security that protects their customers; they want just enough for legal deniability in the event of a breach, but not so much that it impacts operations or profits.

However, they can be...enthusiastic when it comes to security around protecting themselves. If you report an issue with customer information on a public S3 bucket, they might get around to fixing it someday, but if there are "trade secrets" or the like in that bucket, the issue is going to get fixed immediately and someone with a big title probably won't be coming in tomorrow.