Hacker News new | past | comments | ask | show | jobs | submit login

> It's not spyware, this was not something that was intended to be abused

Do you have a source for that. It doesn’t peek around my computer a little and/or send back any telemetry? I’m being serious, I’d like to know.

I had to install Zoom in school in 2014, I ended up uninstalling it the next week and reformatted after the quarter. I’m with Apple here. It’s shit insecure non-consenting software that wastes battery 99.99% of the time.

> I had to install Zoom in school in 2014

This is a good point; we shouldn't act as though users are necessarily making an informed choice or meaningfully consenting to all the software that's on their computers. Lots of people are forced to install software at economic gunpoint (and probably can ill afford a separate computer to isolate it on).

You can't depend on users and the marketplace to select against insecure software. The market is too distorted to function that way; the people forcing others to use shitty software are often isolated from the consequences themselves, so there's no effective feedback loop to stop it. Having the OS vendor step in is really the only good solution in the short term.

IIRC, part of the functionality included silent background updates from a domain that nearly expired, and was only renewed when pointed out to them during the discovery of this.

Thanks, that cuts through a lot of the fluff.

The part that freaks me out is you can’t uninstall it.

“The undocumented web server remained installed even if a user uninstalled Zoom.”

I’m not sure if this is common. Sony got caught with their XCP rootkit (I’m not sure if they called it this at the time) you had to fill out a “uninstall request” form on their site with your email and location[0]. I’m not sure if the uninstaller fixed the vulnerability.

So maybe a rootkit might describe this if the vulnerable webserver is privileged. In Sony’s case, the side effects were unintentional (though their history with DRM is egregious). I think Zoom is just polluted MVP in production.

[0] https://web.archive.org/web/20051104044919/http://cp.sonybmg...

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact