
Maybe we shouldn’t use Zoom after all - JumpCrisscross
https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
======
dijit
I have avoided weighing in on all the talk about Zoom recently. Mostly because
I'm an outsider, my company does not use Zoom.

However I've used Zoom once or twice, for interviews or in one case working
with a friend on a pair programming session.

At my company we use teams, slack, skype and discord (yes, really).

Heres the thing though; The first time I used Zoom I was actually petrified
(as I usually am) that I have to install /another/ application and figure out
compatibility issues, especially because I'm one of those crusty die hard
linux users. I panicked so bad that I resorted to using my phone.

(Tip: don't attend interviews with your phone recording from your hand, it
looks super unprofessional I'm told)

The second time I had a zoom meeting I just clicked the URL in the meeting
request and it worked!

You have to understand, I'm coming from a place where things almost never
work. Exchange? nah, maybe 2007, or was it 2003, who knows. Teams? Their linux
port not only consumes all available CPU on my laptop (which is not a slouchy
laptop) but it doesn't even function correctly with basic stuff. Slack works a
treat (as long as I don't do screen sharing) and I suspect that this is
largely why it caught on too.

My point is simple here: Proper convenience is hard to get right. On-boarding
is a enormous part of why Slack is trouncing other instant messaging efforts
(IRC especially).

The security is lackluster but very honestly (and with a heavy heart) I have
to say that the majority of people don't care until it affects them.

We don't know how Zoom will respond, but for what it's worth, I like that
their product works well on my platform, they deserve massive props for that.

~~~
keithnz
I have to say that I'm a sinner, I read these articles and think, well, I
don't actually care that much, but its good other people do and hopefully zoom
improves what they are doing, but it's doing a good job and it's easy for
everyone who needs to use it. Heck, my mums using it for virtual meetups
wither her friends (all hovering in the 70s age group)

~~~
haggy
Yea, don't be hard on yourself here. This pandemic has taught me a VERY
valuable lesson: you can't control or care about everything. You just can't.
For your own sanity there are many times when you have to throw your hands up
and say "sorry but I just don't have the time or energy to add this to my long
list of wtf's". Like you said there are others out there that are dedicating
most or all of their time to issues that you can't. Life is a giant
distributed system. If you try to take on every issue that comes your way then
you're going to burn out, blow up, expire, etc.

------
shirro
Zoom works so well, given a lot of us can't work or learn face to face at the
moment, I think we just have to work with Zoom constructively. There are
equivalent or better solutions in niches but no general solution that really
stacks up. Report security issues. Keep them honest. And don't use it for
discussions that are potentially highly sensitive - buyer beware.

I would much rather use an open technology with FOSS software with end to end
encryption and all the nice things but I know from experience that no such app
is going to be on every platform with all the features and be useable by non-
technical people.

There is a lot of negative media being generated at the moment and while I can
see the problems and I am sure the people reporting them are all genuine in
their motivations I don't trust the media not to be pushing an agenda when one
company is doing so well out of this and their competitors are struggling.
Skype had Zoom's space, and many of the same security and other problems and
they were bought and mismanaged into irrelevance. Whatever Zoom is doing, they
are still doing it better than most of their competition.

I think we need to give Zoom a bit of space to make things right. They are
suddenly under a huge spotlight. People are so divisive and ready to attack.
Save your energy for battling bigger problems like staying alive and keeping
an income.

~~~
bscphil
> I think we need to give Zoom a bit of space to make things right. They are
> suddenly under a huge spotlight. People are so divisive and ready to attack.
> Save your energy for battling bigger problems like staying alive and keeping
> an income.

They've been under a negative spotlight for a year now because of their poor
security - they've had that chance already.

------
y-c-o-m-b
Reliability goes a long way and Zoom is very reliable, especially considering
the recent spike of users.

I value privacy, but I think the jury is still out on this company. They need
time to react to the public scolding they're enduring as of late. Hopefully
things change for the better and they take security more seriously after this.

EDIT: A word

~~~
dig1
Had a meeting tonight with over 50 participants. Screen sharing. Not a single
hitch or problem.

In the past tried multiple times with Hangouts (dies after you get more than 4
on board), jitsi meet (not good with bad connections), Slack (good luck with
video), Hipchat (video doesn't work for more than 3 participants) and Skype
(connection drops). On one of my previous gigs, we ditched everything and took
Mumble + google docs for showcase.

Before Zoom, Skype was good enough, until they messed it up. My presumption is
that all of these tools are developed in perfect environment: ideal network,
minimal latency, close peers, single OS. As soon as you start to drift from
those presumptions, complete breakdown happens.

~~~
bob33212
In the real world you cannot have everything. Fast, cheap, reliable, scalable,
secure, easy to use, os agnostic. Pick several or be disappointed about the
theoretical perfect company that should exist and provide all.

~~~
theamk
Zoom is pretty much it, isn't it? (unless you require cheap == free) It did
have some security issues, but they patched them eventually.

It is not resistant to government/owner monitoring (and this is a separate
thing from "secure"), but even if they did add true E2E, they'd still be a
proprietary software often running on proprietary OS.

------
gchamonlive
I used zoom today and the experience from a tech viewpoint is horrifying...

It messed up my PulseAudio settings so bad I could not get my bluetooth
headphone working until I started the app again. It really sent shivers down
my spine. What the hell is this app doing to my arch installation?

Then it started going in and out of fullscreen. It launched itself back and
forth from my workspace. The goddamn app was all over the place.

Not to mention the processing spikes. My CPU which under heavy compiling never
goes above 80, was around 90 degrees. At one point I was actually considering
opening wireshark to see if it was receiving jobs and cryptomining on my
computer.

I am not paranoid, but I am neved using this piece of garbage again in my main
installation. It has to be treated like a piece of malicious software that is
doing god knows what to your installation. It must be run in a virtual
machine, with a NAT separation from the rest of your network, with control
over CPU resources and with total isolation from the rest of your config.

It really did NOT behave well.

EDIT: I guess the worst part is that I am kinda expected to use this thing.
People in management just decided they were going to use zoom without
consulting the tech department. And I can see the appeal. It works for one. It
empowers the speaker, detects really well turn taking, and just gives a good
general sense of control. But from a tech standpoint is really terrifying.
Click detection? Device control hijacking (pulseaudio)? Not respecting aspect
and desktop placement? Those are outrageous and I can't see people outside IT
understanding these concerns.

~~~
chapium
Runs flawlessly on win10 and OSX.

~~~
gchamonlive
To be fair, everyone using Ubuntu saw no problems. But Ubuntu is known to have
somewhat deep system customisation. You can't expect someone using Ubuntu to
respect the KISS principle. However, this no way justifies how bad it behaved
under Arch. You don't see other major application doing the same kind of mess
in someone's system.

EDIT: I usually frown upon such comments, but in this case I think I might do
that. I have a windows installation for games, I will just use it to run Zoom.
If we come to think of it, it IS already running Windows, so Zoom isn't the
worse thing running there...

------
leshokunin
I've seen about 10 different articles against Zoom during the past 3 days. I
really don't enjoy using Zoom, but the volume and frequency of criticism is
odd. Has anyone figured out where it's coming from?

~~~
jjtheblunt
The macOS version of Zoom installs or installed an unannounced web server on
macOS that runs even when Zoom isn't running, and could perform remotely
controlled actions on the macOS host.

~~~
samatman
This, in a nutshell.

I'm a simple man. When my OS vendor has to push an update to remove a
misbehaving program from my computer, I consider it malware, and will never
install it again.

------
rshnotsecure
Zoom has about 130,000 subdomains. Cisco, established 20 years earlier and
operating in the same space and many more, has 45,000.

About 40-50k of Zoom's subdomains are customers. Company.Zoom.Us.

About 5k of the subdomains reference MMR. Likely this means "Meet Me Rooms"
which are seen in data centers.

About 200 contain the word tracking, 300 the word face, and 400 the word
elasticsearch. Something like 700 contain the word vip. Maybe 1000 gitlab.
They really like gitlab! These are not customers again and the whole structure
is impressive and strictly followed.

IPA is the most used term after zoom of course. I think it is a reference to
"international phonetic alphabet" for the China based engineers. Anita is used
around 4K times. Likely this references the CFO since 2018.

Most interestingly, every US state and every Chinese province has about 10-20
subdomains carved out for it.

So xj-restricted.acv.ipa.zoom.us refers to "Xinjiang".

And xz-influxdata.amp.ipa.zoom.us refers to "Tibet".

Finally as a last example "va-accounts.asset2.ipa.zoom.us" refers to Virginia
one would assume. All the other states are there. Didn't check other countries
though.

Have never worked at like an MPLS company but overall fascistic fastidiously
well designed naming schema that they had the discipline to adhere to. These
can get out of hand so fast at companies so again cool.

~~~
ultimoo
This is some great sleuthing! Thanks for sharing it. If you don't mind me
asking, how did you list out all the 130k subdomains?

~~~
hunter2_
That's a great question. I'm no DNS expert, but I know that anonymous zone
transfers are not normally a thing.

------
overgard
Maybe I'm weird, but I find video conferencing really jarring -- id rather
just have the audio. The thing to me is that since the camera is offset from
the screen, you never make eye contact with the person you're talking to, you
both look like you're looking at something else when you're looking at each
other. That, and seeing a reflection of every face I make on screen makes me
really self conscious. "Do I always look that bored?" It's so easy to get
stuck in your own head watching yourself talk. It just feels like its in a
jarring uncanny valley. Id rather just use the phone.

~~~
damontal
I try to look directly at the camera when speaking rather than the image of
the other person. Or if you position the laptop camera far enough away it
matters less.

------
haecceity
I don't think the average user cares so much about security and privacy as
hacker news readers.

~~~
rootusrootus
Even on HN, plenty of people have differing priorities, and it can vary
depending on the context. For me, my work meetings and family meetings aren't
sensitive, so encryption isn't a big deal. For my family in particular, the
fact that even grandma can click a single link and be looking at her entire
family in a matter of seconds is a huge win. We tried WebEx. We tried Teams.
Then I suggested we try Zoom, and it was an instant hit. Would I like for Zoom
to address the issues? You bet. Will I give up the audio quality and brady
bunch-style screen for the whole family to gather around? Not a chance!

~~~
jseliger
The big "problem," if one can call it that, is that Zoom seems to work
seamlessly, simply, and reliably, while no one else does.

This is a scenario where one product really works, particularly for non-
technical users, and the others don't appear to.

The big feature is "it works." Whoever is behind it appears to understand
"death before inconvenience."
[http://paulgraham.com/road.html](http://paulgraham.com/road.html). Much open
source software never achieves widespread adoption because it is technically
impressive but inconvenient or poorly designed to users.

------
kevindong
My company went 100% remote recently for obvious reasons. Quite a few people
are trying to advocate for the company buying a company wide license. The de
facto standard is currently Google Hangouts Meet (my company uses G Suite so
it comes included).

A lot of people whine about Hangouts Meet, but honestly I find it completely
adequate (but not much more). Zoom is marginally more user friendly, but I
don't think it's meaningfully better. Certainly not enough to spend
$15/user/month [0] while G Suite, in its entirety is $12/user/month [1].

[0]: [https://zoom.us/pricing](https://zoom.us/pricing)

[1]:
[https://gsuite.google.com/pricing.html](https://gsuite.google.com/pricing.html)

------
shmerl
Someone should start offering big scale services based on Matrix.

------
jdlyga
We use BlueJeans at work, and for my part time master's program. It doesn't
have virtual backgrounds like Zoom, but it is very reliable and easy to use.

~~~
yibg
We ditched BlueJeans for zoom at work and it’s so much better. With BlueJeans
the video stutters more, audio quality is worse and the video doesn’t work
about 1/3 of the time until I reboot my machine. On top of that BlueJeans
drains my battery like crazy. Zoom just works so much better for me.

------
mr_gibbins
<rant>

The people behind Zoom have no obligations to you (not you, OP, the general
'you') at all.

They built the product with the Facebook SDK wired up to report your activity
back to Zuckerberg. They told you about it in the T&Cs which you agreed to.
They built the product, as they rightly point out, for a different,
constrained market where Zoom gatecrashing wasn't considered - not the whole
world in a pandemic crisis, where people will always try to exploit platforms
for exposure and profit.

If you don't like Zoom or what they are doing, don't use it. They owe you
nothing. Acting like Zoom have some kind of social responsibility to you
because it's suddenly the most convenient tool when you're stuck at home is
ridiculous.

------
uk_programmer
> Then there’s Zoombombing, where trolls take advantage of open or unprotected
> meetings and poor default settings to take over screen-sharing and broadcast
> porn or other explicit material. The FBI this week warned users to adjust
> their settings to avoid trolls hijacking video calls.

I haven't really been following what is going on with Zoom. I have been
vaguely aware of quite a few security issues.

However today I was linked youtube live stream from a friend on discord of
some guy trolling random school classes while by pretending to be some sort of
African Warlord. While his act was quite initially amusing and tbh harmless,
it certainly didn't leave a positive impression of the software in my mind.

------
sys_64738
I use it to do my day job. My company blesses its use so these security issues
are a side show to get sorted out by Zoom. I need to pay my bills and put food
on the table.

------
tozeur
The one video chat app alternative no ones talking about because the majority
of HNers don’t work in Microsoft shops: Teams, with 44 million DAU.

~~~
starfallg
True. Most HNers would use Slack, and most would argue that MS Teams is a poor
copy of Slack.

~~~
ccktlmazeltov
If you could pick your app would you choose {workplace, zoom, slack} or
{yammer, teams, teams}

You gotta really love pain if you choose the latter one.

------
libraryatnight
I'm not defending their recent transgressions, but Zoom works exceptionally,
is intuitive, and I don't see these issues slowing them down much. I'd hope
they make things right, or as right as they can, but the HN/Tech blog reaction
seems disproportionate to the actual news. It's starting to feel weird.

------
turowicz
What worried me the most is the “zoom.us” in the name installer file. As if
they went the extra length making sure you are comfortable it’s a US company.
In fact it is, so why even making a point of that?

------
crispinb
Lazyweb question here as I've only marginally followed this issue - are most
of the reported security problems (obviously bar the lack of end-end
encryption) obviated by using the web app?

------
goodcjw2
There seems to be a tons of critics on Zoom in the privacy and data privacy
domain recently, wondering whether it will indeed have meaningful impact on
the usage rate on the product itself.

------
buboard
by this time i think these are covert reverse-psychology marketing pieces. I
mean, despite the bad press, facebook kept increasing in usage.

------
Fnoord
[https://archive.is/m4yrZ](https://archive.is/m4yrZ)

------
ThePowerOfFuet
[http://archive.md/m4yrZ](http://archive.md/m4yrZ)

------
ngcc_hk
Surprise UK gov use zoom. Video conferencing is not new. I know double O is
faked but gchq as well.

------
RRRA
I can't wait for signal to support group video chat...

~~~
_emacsomancer_
And desktop video....

------
mike50
Computer illiterates learn a lesson. News at 11.

------
bryan_w
Whoever is orchestrating this hitjob against zoom, is doing a bad job of it.

Most people are going to ignore articles like this. After a certain amount of
stories, outrage fatigue sets in and people start to see it as a hit piece and
dismiss it, no matter how bad it really is.

~~~
dumbfoundded
No one forced Zoom to do any of the shady things they're doing. The idea of it
being a "hitjob" feels silly given all of the article's claims have evidence.

It's simply what you get for going in the spotlight.

That being said, I do feel the tech industry gets more than it's fair share of
criticism. Maybe it's just we've become complacent with the ways that other
industries abuse their customers.

~~~
Animats
_No one forced Zoom to do any of the shady things they 're doing._

I wonder how much Facebook is paying Zoom to snoop on Zoom's customers.

------
bitwize
Zoom should be considered malware, as it was written with malicious intent, or
with sufficiently advanced incompetence as to be indistinguishable from
malice.

~~~
catalogia
Advanced malice often pretends to be incompetence.

------
dade_
Are 4 letter brand names making our kids stupid? Before Zoom, products had
longer names like WebEx, Hangouts and GoToMeeting. Longer names challenge our
children to learn how to spell longer, more complex words, even if they are
completely made up. “I fear for the children, and therefore recommend that
parents and teachers keep their children from using Zoom.” - Doctor quote from
some chiropractor

/s Sorry, I had to call it. I expect the headline next week.

