The key thing here is they think this is a fair trade-off because Safari asks if you want to open Zoom.
> This is a workaround to a change introduced in Safari 12 that requires a user to confirm that they want to start the Zoom client prior to joining every meeting. The local web server enables users to avoid this extra click before joining every meeting. We feel that this is a legitimate solution to a poor user experience problem, enabling our users to have faster, one-click-to-join meetings. We are not alone among video conferencing providers in implementing this solution.
I do not believe that this is a fair trade-off given that any website can act on this locally installed server.
EDIT: I think they need to be made aware that this isn't acceptable. My reply to their support team:
I do not believe this is a fair trade-off - allowing any arbitrary web site local control of privileged software installed on my machine - because Safari offers a security prompt (specifically so that any arbitrary web site does not gain control of privileged software on my machine). I will be switching ~/.zoomus/ZoomOpener.app off, and considering other options until it has been fixed.
How on earth does Apple allow this ? I'm not excusing Zoom, but this is Apples fault.
That said I have to say zoom's the only businessy meeting client I've used that doesn't require running through hoops on Linux. Maybe I should check if there are any devious backdoors installed on my system...
The whole point of making the AppStore a walled garden is such that these things don't happen. If an AppStore App can install a server in your machine that remains there and reinstalls the App after it has been deleted, and can be used to spy you via the camera or DDoS you. Then... the AppStore sucks.
Oh, definitely. I cancelled my subscription because of this, but I wonder if the reason will make it through the corporate fog.
What is worrying is that more and more companies think it is fine to install "helpers", "openers" and other cruft. I recently removed several, and I still have to use software that scares me sometimes (DYMO web printing, Brother web printing). This should not be considered OK.
I really doubt it. Given the change control policies of huge corps and how awful it is to get anything new/get rid of anything they'll just toe the zoom party line and keep it.