Hacker News new | past | comments | ask | show | jobs | submit login
Zoom monitors activity on your computer (twitter.com/ouren)
405 points by kangax on March 22, 2020 | hide | past | favorite | 139 comments



When someone sends you a zoom invite, cancel the download, then click the having problems link to download again. Cancel it again. It will show you a link to join by browser.

A few other meeting apps have dark patterns like this. One of my favorite things about Hangouts Meet is it's web first.


What I find irritating is this proliferation of meeting apps like these, all using their own proprietary variations of protocols and consuming huge amounts of system resources, when there has been a standard protocol for it that's been around since the late 90s, with a variety of different clients available: SIP. One could be sent a SIP URI for a meeting and it would work in any client.

Maybe it's like IRC vs all the other IM "solutions", except with an even larger difference in userbase.

Edit: looks like Zoom does use SIP too, but it's not that obvious how to use your own client: https://support.zoom.us/hc/en-us/articles/201207626-Video-La...


At a previous job there was no "blessed" app. We used Mac/Win/Linux and different apps seemed to work better depending on the situation (screen sharing, group chat, one-on-one video chat). Not only in resource usage, but if you had more than one open I'd see issues with sharing resources like video and audio.


Excuse my ignorance but is there a good implementation out there that uses this protocol? Jitsi perhaps?


I have used Jitsi. Last week I did a few pairing sessions where the both of us were sharing our screens and still had our webcams on in the corner and it was awesome.

We tried to do a standup with (I think) 8 people and it was terrible - people would randomly not get any audio for stretches of time, video would get choppy or lost completely, it was not pleasant.

I will keep using it for pairing since I haven't found another tool that gives me that kind of flexibility and it was in fact very good. I believe the whole experience is limited by the connection quality of the worst participant.


I've been using Jitsi Meet a lot as well.

It has terrible Firefox support but works decent if all participants are using Chromium / Chrome[0]. Asking other people to install Chromium makes me feel dirty but I don't know any other login-free cross-platform open source easy-to-use video conferencing apps than Jitsi Meet.

[0]: https://github.com/jitsi/jitsi-meet/issues/4


That could have been the issue, I haven't asked to be honest.

It does tell you that Firefox is not supported when you log in though, so I'd have expected people to say something but hey ho...


Hopefully WebRTC becomes more thoroughly implemented cross-browser Chromium has waaaay better support since WebRTC is primarily maintained by a team at Google.


The question is, why doesn't Zoom use WebRTC in favor of the plug-in. WebRTC uses the SRTP Cryptosuite which is pretty secure and can be made very secure https://wiki.freepbx.org/display/DIMG/SRTP+Cryptosuite

Zoom is unencrypted by default? So you have to physically turn encryption on. Also, it is very unclear if your data is encrypted at rest. "End to end encryption" does not necessarily mean "end-to-end encryption" as has been shown many times before


I haven't used Jitsi, but different apps and approaches work better in different situations. Are you screen sharing? Audio chat? video chat? Large meeting with multiple people? Mac/Win/Linux? Is your connection bad? High latency? Low throughput? No solution was very robust and if you're working internationally and people have their own equipment it can be a mess. People are also get really familiar with one piece of software and hate installing yet another.

The churn between companies like Google and Microsoft (each offering, and deprecating multiple solutions) doesn't help.


Jitsi Desktop uses SIP (never used it)

Jitsi Meet (browser client) uses WebRTC, and is really nice!


The problem with SIP was that without a central directory there was no easy way to find someone. Plus the client interfaces were, quite frankly, fugly, and management decision-makers dismissed them in favour of Skype etc.


Well the best product usually wins in this space. Usually this means well-managed vanity features like sleek design, animations, emote, but also occasionally more heavy weight performance improvements like video quality and sound quality. Ultimately if the standards and protocols you mentioned provided for that, they'd have won, but they didn't so here we are.


Standards are distinctly not products. Also, the thing that tends to win in this space is lock-in and network effects.


There is no real difficulty switching. At work, we use multiple solutions, including Zoom. Zoom has been the most reliable. If one was more reliable or had a killer feature, we could switch in an instant.

Slack has chat history that makes it difficult to switch. What does Zoom have?


Sounds like you don't work in a large organization with lots of standing meetings and extremely non-technical users. That must be nice.

Many large companies have lots of extremely valuable non-technical users who can just barely figure out how to follow step-by-step instructions to setup calls with even the most point-and-click interface. The switching cost there is extremely high.


What really wins is if management thinks the interface is pretty.


https://www.infosecurity-magazine.com/news/uk-government-zoo...

https://www.sec.gov/Archives/edgar/data/1585521/000119312519...

The top of page 21 in the first set of SEC documents:

Quote " Many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of personal data. In addition, some of our customers require us to notify them of data security breaches. Security compromises experienced by our competitors, by our customers or by us may lead to public disclosures, which may lead to widespread negative publicity. In addition, we have a high concentration of research and development personnel in China, which could expose us to market scrutiny regarding the integrity of our solution or data security features. Any security compromise in our industry, whether actual or perceived, could harm our reputation, erode confidence in the effectiveness of our security measures, negatively affect our ability to attract new customers and hosts, cause existing customers to elect not to renew their subscriptions or subject us to third-party lawsuits, regulatory fines or other action or liability, which could harm our business. "


This is one of the reasons why I always join a Zoom call from my phone, by calling their international numbers [1].

Recruiters sometimes ask me to turn my video on during interviews… I politely decline and move on to other opportunities.

Their app is so privacy invasive, I cannot understand why people keep using it, specially considering 2018 vulnerability [2].

Feross Aboukhadijeh talks about Zoom security problems in Stanford’s CS253 Web Security course [3][4].

[1] https://zoom.us/zoomconference

[2] https://www.tenable.com/blog/tenable-research-advisory-zoom-...

[3] https://web.stanford.edu/class/cs253/

[4] https://feross.org/


Looks like Zoom is discussed in Lecture 18: https://web.stanford.edu/class/cs253/lectures/Lecture%2018.p...


I tested "Join by Browser" recently. On macOS (Mojave), it only seemed to work in Chrome, and the video resolution of the other person was poor, but it did work. Also, I did not need to click a "Having problems" link before the "Join by browser" link to appear, so maybe this feature is being deployed more widely now.

Since you mentioned Google Meet, I recently tried that with a group of 6-7 people, and it only lasted about 10 minutes before multiple participants (myself included) started having issues. It seems like it needs more time to bake, but since we're talking about Google, it's probably unlikely to ever receive that time before they kill it and reinvent it a year later.


We've been using Google Meet at my work for daily "standups." Typically 4-6 people, lasting 15-30 mins. Been very smooth sailing, even using Firefox. Out of curiosity, what kind of issues were you running into?


It was a SaaS demo, so we had one person sharing their screen, several participants watching, and a couple dialed in via phone. I was one of the ones watching the presentation. About 10-15 in, a few of us, including myself and the presenter, were booted off the call. Attempts to rejoin were all met with vague error messages about there being some sort of network issue. (None of us were co-located at the time.) I was able to rejoin by phoning in, but the presenter was never able to reconnect on his computer. We eventually abandoned Meet and used WebEx instead.

This has been my only experience with Meet, but first impressions do tend to carry a certain weight. It's entirely possible this was an unfortunate coincidence, and that the service is typically as reliable as other solutions. My limited personal experience with Meet, and previously with Hangouts, does not support this however.


No Firefox support was my only complaint for Google meet. After that was fixed I never had issues again.


There is an account preference option for the one scheduling new meetings whether the join with browser link is present in meeting landing pages. At least, that's how it works with our university license...


Whereby (https://whereby.com/) is also web-first and works really, really well. Simple, no fuss, people don't have to install anything to join your meeting. Highly recommended.


> We in Whereby are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the FREE version, and does not rely on widespread collection of general user data. [0]

Interesting. Thank you!!

[0] https://whereby.com/information/tos/privacy-policy/


I use whereby as well, I highly recommend it.


Knowing what I know about Zoom and being careful what I install on my computer, I use all such apps on my iPad except for Teams.


there is now a browser extension which does this automatically https://news.ycombinator.com/item?id=22659216


there is a setting in the meeting creator's account to have the link right away


The one thing nobody ever mentions about this is the Chinese connection. Zoom is 100% developed in China. They have a datacentre in tianjin. Even states in their financial papers. The S1 form that one of the risks is the fact the product is predominantly developed in China. By PRC citizens.

Encryption is also off by default? why is this?

The Zoom App also collects screenshots and transcriptions of shared data. This is fine if you are Facebook or Google.


Thanks for this! I've just been refusing to use it


Discord seems to be better than most others


I'm surprised it was that complicated. I helped a friend out with Zoom last weekend and she had been using the browser exclusively until I pointed out they have an app. She's not very good with computers but zoom is fairly easy to use.

Also reading the EFF article on Zoom I feel like these are great usability features. The issue is if Zoom collects and stores the information.


via Zoom Support Reply: https://twitter.com/zoom_us/status/1241768006327336963

"Hi, attention tracking feature is off by default - once enabled, hosts can tell if participants have the App open and active when the screen-sharing feature is in use. It does not track any aspects of your audio/video or other applications on your window."

Points to this article: https://support.zoom.us/hc/en-us/articles/115000538083-Atten...


The twitter thread in the OP says "collects data on the programs running" without backing anything up. Seems like FUD from the face of it. Yes, the privacy may not be perfect (according to EFF admins can see time spent by others in the organization on meetings etc.), and zoom can notify the meeting organizer about participants not having the window in focus. But that's it?

Not exactly the gravity touted in the linked twitter thread, saying "If you manage the calls, you can monitor what programs users on the call are running as well". No proof of that...

Kinda scared by how much a single tweet can make something blow up, without a shred of evidence backing the claims up.


The more interesting aspect to me from the EFF article was that admins can also see your geolocation, who you are meeting with and when, etc. Basically, if Zoom is your platform for communicating, your Zoom admin knows a LOT of metadata about your people that they might not be aware is knowable.


is the feature to be enabled by the host? Or by each individual participant?


All of which doesn’t say whether it’s the host or the attendee that gets to determine whether this feature is on or off.


EFF seems to be the source: https://www.eff.org/deeplinks/2020/03/what-you-should-know-a...

> If attendees of a meeting do not have the Zoom video window in focus during a call where the host is screen-sharing, after 30 seconds the host can see indicators next to each participant’s name indicating that the Zoom window is not active.

It doesn't seem too invasive, although of course it'd still be annoying if you have two monitors etc.


This feature is primarily used in educational-type settings so instructors can tell that students aren't paying attention to something else.

As far as I've been able to determine, there is no collection of "apps" or other data, just "not paying attention" time.


So what if the student has their notes app pulled up? That's a legitimate reason to trigger the alert. The student could also just be playing xbox or something unbeknownst to the professor and still appear alert on the webcam.

It seems like it trades a lot of privacy for something students will evade with no effort at all.


Exactly. At least the student whose window is not in focus is at their computer


It seems reasonable for Zoom or any app to know whether its window has focus. That doesn't imply spying on anything else you're doing.


I think the issue is not that Zoom knows if its application window has focus, but that it reports focus state to anyone other than the user.

For example:

1. Zoom knows it’s not focused on Bob’s machine, and notifies Bob that someone has begun sharing their screen.

2. Zoom knows it’s not focused on Bob’s machine and notifies Sally of this.

Scenario 1 seems acceptable and helpful. Scenario 2 is invasive and unnecessary.


This reminds me of read receipts in chat apps. Hate them with a passion. I usually just leave the chat itself unopened and read the notifications until I'm ready to actually reply.


It can be helpful for certain scenarios. And others don't have to enable it. For companies, at least in the enterprise plan you can also disable it company-wide (according to reports by others). So companies can simply opt out for everyone.


Is it only tracking whether the zoom window is focused (as in, a Boolean)? Is there evidence of more?


That’s why we have been building https://qbix.com/platform

To have an open source alternative. Want videoconferencing on your own site? You can! See here for instance.

https://yang2020.app/meeting

We have a harder challenge of making all the SDP offers work cross browser, but Chrome should def work.

Code: https://github.com/Qbix (If you like it, star it lol ⭐️)

Contact me if you want to learn how to use the Qbix platform. I will be teaching classes and put it online. We are following the wordpress model. My email is in https://qbix.com/about

Quick question for the networking experts here... with everyone connecting from home, what percentage are behind a LAN firewall that you need to use TURN servers? What if you avoided those servers and made peer to peer infra entirely, how many people would we lose?

(Is a complete graph of everyone sending to everyone worse than an SFU once you get too many users? Isn’t it exactly the same number of streams, just in a star topology? Can’t we just nominate a few of the browsers to do what the SFU does, namely forwarding video to the others? Is the issue only with resolution?)


with everyone connecting from home, what percentage are behind a LAN firewall

From home? Essentially 100%.

that you need to use TURN servers?

That's less clear. I'm not sure how many home firewalls are impenetrable by STUN as well. I worked on Twilio's WebRTC-based audio product back in 2012-2014. In the beginning we only supported STUN. We did get some customer support requests about initial connection failures (which I mostly attributed to STUN failures), but never kept track of stats on what the success/fail ratio was. We eventually added TURN support (after I left that product team), but based on how long it took us to do that, my guess would be STUN was effective for most setups. Also consider that many (most?) of our users were probably behind restrictive corporate firewalls, and I'd expect home firewalls to be more lenient.


> Can’t we just nominate a few of the browsers to do what the SFU does, namely forwarding video to the others?

IIRC this is basically what skype did back when it was P2P, those clients were called supernodes and would route calls for clients that could not be directly P2P. To be a supernode you needed to be internet-routable and have good bandwidth.

Supernodes could be used for hole punching or to relay calls (as you talk about).

See more here: https://en.wikipedia.org/wiki/Skype_protocol


What does this specifically have to do with videoconferencing? As far as I can tell, this is a general cross platform application framework. If that's the case, what is the value proposition vs something like the current dot net stack?


this isn't the first time zoom got caught red-handed[1]. Last year they were called out for installing a local web server in order to disable security controls to get around the deprecated NPAPI[2] ... this is literally what malware does.

About the same time this story broke I interviewed for a Paris based AppSec company and their CTO asked me to install Zoom. It was really awkward because I had to ask: "Is this a trick question??"

Seriously I wouldn't touch Zoom with a 20 foot stick!

[1] https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...

[2] https://en.wikipedia.org/wiki/NPAPI


From https://zoom.us/privacy:

> Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products. We may gather the following categories of Personal Data about you:

> - Information commonly used to identify you, such as your name, user name, physical address, email address, phone numbers, and other similar identifiers

> - Information about your job, such as your title and employer

> - Credit/debit card or other payment information

> - Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)

> - General information about your product and service preferences

> - Information about your device, network, and internet connection, such as your IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version

> - Information about your usage of or other interaction with our Products (“Usage Information”)

> - Other information you upload, provide, or create while using the service ("Customer Content"), as further detailed in the “Customer Content” section below


So, all this doesn't sound great, but... the specific accusation in the tweet is that they're tracking other applications that are open. Their privacy policy does not say they do that, and the Zoom twitter account says they don't either[0]. Now, it's a matter of trust, of course (and after [1] I wouldn't blame people for a lack of trust), but to state authoritatively that Zoom tracks other open applications seems like completely unsubstantiated fear-mongering.

[0] https://twitter.com/zoom_us/status/1241768006327336963

[1] https://www.schneier.com/blog/archives/2019/07/zoom_vulnerab...


All points are so vague that this behaviour might be in either:

- General information about your product and service preferences

- Information about your device, network, and internet connection ...

- Information about your usage of or other interaction with our Products

- Other information you upload, provide, or create while using the service


Sure, as I said, the privacy policy isn't great, but the tweet specifically accused Zoom of tracking and recording what other applications people are running. There seems to be no evidence of that.


This is the part that is not so reassuring:

Does Zoom sell Personal Data?

No part of that paragraph makes me feel better, and it ends with this...

" If you opt out of “sale” of your info, your Personal Data that may have been used for these activities will no longer be shared with third parties."


> your name, user name, physical address, email address, phone numbers, and other similar identifiers

My problem with this isn't the info they collect, it's how they would collect it, which this privacy policy doesn't seem to clarify.

As it stands, this policy technically gives them the right to crawl through all my personal files or even listen using the microphone to search for and collect this information.

I'm not saying they are doing this, but the policy is not reassuring. I wish there was enforced legislation (so GDPR is excluded, as regulators don't give a fuck) to curb this. There should be a legal requirement describing exactly the information collected, how is it collected, transmitted, sorted and which third-parties it is given to, if any.


Could it be CYA legalese because there’s a screen sharing feature?


This is standard language to cover everything in normal use. Billing details is obvious. Profile info is provided when you signup and use the service. The system info is used to run and optimize the calls.

Zoom isn't actively scraping your info, and there's 0 evidence of anything in the Tweet.


Lawyerspeak: "It's just boilerplate."

Translation: "Yeah, that's one of the parts where we really screw you, but you don't have a choice, lol."


You have a choice to not use Zoom.


Sure! Except it was mandated by your boss. Or you have a choice between a bunch of offerings with the exact same screwball terms. This might not actually be true for videoconferencing now that it's getting somewhat democratized and competitive.

Point is: "just boilerplate" is just rationalization. An honest person would never present it as comforting and a knowledgeable person would never find it comforting. Of course, the world is full of dishonest people, so it gets used all the time. Hence "lawyerspeak."


True, though you could dial in from a phone (even a landline), unless you were being asked to not only attend but also share your screen.


Do you refuse to use any other software mandated by your company? What's the difference?

It's standard policy to cover any potential personal data that they might receive. What is your concern exactly? That they shouldn't spell it out? That would be illegal under current data regulations.


The receipt from the top comment about joining from the browser works nicely.


Not really if your lecturer or boss requires it for lectures, meetings or team communication.


What information do you not want to share that you think they have but don't need?


[flagged]


Let me tell work that I can't collaborate remotely anymore on video because I am using my agency to refuse to use Zoom even though everyone else at the whole company does. Then they can use their agency to put me on a PIP because my choice hindered my ability to do my job.

I'm sure you realize it's not as easy as you say, but I suppose it's easier to assert that situations don't have nuance because then you can make blanket statements like you did.


Are you ok with all the other software they use?


Yet.

There is an incentive to do so and they have taken measures to legally protect themselves if they do. That's grounds enough for alarm, even without evidence of them actually doing it.


Alarm for what? It's enterprise video conferencing tech. They make their money from subscriptions. Your personal data is rather useless to them and now a liability under data regulations.

Worrying about Zoom here (and I'm not sure the tweet is accurate) seems to ignore all context of the product and business.


> Alarm for what?

That privacy policy is a clear indication that Zoom is only concerned about protecting themselves at all costs. They may not be acting maliciously, but they clearly aren't dedicated to acting ethically either.

I'm not saying it's an emergency, but a privacy policy like that should at least set off some warning flags for a privacy-concious user.

> They make their money from subscriptions. Your personal data is rather useless to them...

I don't care if the data os valuable to them as long as it's valuable to someone.

> ...and now a liability under data regulations.

The liability is worth it if the price is right.


Every company will protect themselves. Why is this controversial? Please list the companies that open themselves up to litigation and show me how that's ethical.

"as long as it's valuable to someone"

This is so vague as to be meaningless. What about your browser, ISP, OS, phone, and the million other services that you use? Context matters.

"The liability is worth it if the price is right."

Are you claiming that a company selling enterprise video tech for 100s of millions and operating under all the latest data regulations is somehow trying to squeeze out a few pennies by selling some worthless data while risking massive lawsuits?


Yes if you use the app you need to enter some information for example, profile, login to an account, etc

That being said, I don't see anything surprising on the list.

> such as your name, user name, physical address, email address, phone numbers, and other similar identifiers

That sounds like billing information


These don't look that bad, but what's describe in a tweet (tracking focus app etc) is much worse, it doesn't seem to be in the privacy policy though (or they masked it?). So where's the information about focused window come from?


Your name, physical address, email address, phone number, employment, credit card, Facebook profile, IP address, MAC address, device ID...is not that bad?


These are technical details for normally working with the app. They charge you, so they need you name and credit card. You ask for a support, so they need your ip etc. They list what they may gather, because privacy policy should cover everything, doesn't mean they require all that info at once. I also didn't provide them many of these items.


That data is either required to run or provided to them by you directly.


MAC address? Unless they have some Layer2 detection shit running they don't need that. And besides, they wouldn't need it on their servers.


They have to name every possible thing they can potentially receive. Mac addresses are available as part of networking details if you're using their desktop software. Zoom is enterprise video conferencing that only recently gained attention for average consumers.


>They have to name every possible thing they can potentially receive.

Then they are missing a lot.


Like what?


Example: A program on your PC can open all files your user owns. Then transmit those files (or parts from them).


That's not considered PII information for a privacy policy. They also don't store your files.


It's still private files. So an oversight by Zoom. A picture of you is absolutely a PII.

>They also don't store your files.

Nobody can prove that. Assume the worst, especially with a company like Zoom.

Remember it was about:

>They have to name every possible thing they can potentially receive

And files certainly fall into that.


That's not how PII is defined nor how privacy policies work. They list potential PII received in standard categories with normal product usage and backend processing.

Otherwise every server on the internet can be sent data by you at anytime which effectively makes listing things pointless.


Definition is wrong then.

That's the point.


No it's not. As I explained, it's well developed legal structure that's used by several countries for major legislation and has decades of precedence. There's also further complexity on how data is submitted, stored, and processed.

Any random file is not considered PII. It doesn't automatically identify you and it's still your responsibility if you send your private files everywhere.


I haven't provided them with most of that.


Then they don't have it.


How do you know that? These statements leave other possibilities open:

It covers all Personal Data that you affirmatively provide during your interactions with us, information that we automatically collect when you interact with our Products, and information that we collect about you from third parties

Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products.


It says "when you use or otherwise interact with our Products."

It's not unreasonable. I'm not sure what your claim is here, because you'll find this language in every single online business. You realize Zoom sells enterprise video conferencing right? They have no use for your data otherwise.


I think other running programs would fall under

> information that we collect about you from third parties


Your own device is not considered a third-party. That's most likely other email/directory/conference software used by a company to provision Zoom.


How are they supposed to charge you for the service without your credit card billing information?

How is it supposed to work at all without your IP address?


There is a feature for when doing webinars that can track focus:

https://support.zoom.us/hc/en-us/articles/115000538083-Atten...


That's awful.


It only tracks if the Zoom window has focus, not via facial recognition. How is that bad?


What value is that if I have multiple monitors?


The GDPR’s specific, granular and informed clauses for opt-in couldn’t have been more timely. I wonder how long it is before Zoom have to stop providing services to the EU?


That's shocking. How are they able to collect this?


Is that a technical question? All of that information is immediately available because you typed it in when you made your account, or because of the nature of the internet.

Seriously, you've given this information to any service you've ever signed up for and / or ran.


Downside of what may be a societal long term shift to work from home is even LESS privacy. I find that ironic, but not surprising.


I'm not sure this is an example of that. It is not atypical for office buildings to have cameras/timeclocks/access control which records the movements of employees throughout the day, packet inspection and/or MITM of your network traffic, and a boss that literally looks over your shoulder.


If Zoom would be a Chinese company they'd immediately be branded threat-actor! A company that bypasses security controls on the host[1] has no place in a corporate network, covid19 crisis or not.

[1] see news from ca July 2019


Yes, governance is of material importance to privacy.


At least most work from home roles justify company owned equipment.

I certainly avoid mixing activities (I don't have access to a company computer at home, but I don't use the work computer or network for personal stuff).


That's messed up. Our zoom usage at the company has skyrocketed these past few weeks. I was marveling at how smooth and seamless the process was. Though I was a bit peeved zoom always steers you to the installed app instead of keeping it in the browser. Now I know why...


Super timely. Even on my linux box I noticed yesterday that zoom, even though I had "closed" the application, was still running `ps -ef | grep zoom` so I killed it.

After reading this, I've deleted it too. Super weird.


I saw a tray icon after I closed it out when I ran it this morning, on Xubuntu with the Cinnamon desktop. I right-clicked it and selected Exit, and it did indeed exit.

ETA: Checking the dpkg file listing shows that everything goes into /opt/zoom except a /usr/bin/zoom symlink to /opt/zoom/ZoomLauncher.


True, I used zoom about a month ago and it's still running a process in the background.


Um, why haven't you killed it?


Does https://jitsi.org/ solve these problems?



Didn't Apple shut that down?


Yes. And people on HN complained that it is yet another example of Apple “locking down” the Mac for killing an app that secretly installed a backdoor and let an app reinstall itself.


https://www.forbes.com/sites/kateoflahertyuk/2020/03/25/zoom...

Still seeing loads of red flags in mainstream media. This is not a Secure business tool


Truly, I was passing an online interview on programming position, and almost in the end of the process I had remembered that I could be asked on the design patterns, I opened browser, came to the site with patterns' descriptions and... the interviewer's last questions was: "I think that's all... But I have yet one question on the design patterns."


I made a simple sandboxed WebView wrapper for Windows, that should address the privacy issue and remove the annoying need to deal with constant "download the app" nagging: https://losttech.software/Downloads/FuZoom/


Now is probably the worst possible time to reveal this news.

Because right now, people have much more pressing matters and need to communicate.


Now is the time to be on our guard, much more than in times of peace and quiet.


Thanks for the heads up, just uninstalled.


Working on a webbased foss sip/WebRTC/p2p conferencing solution(WIP): https://github.com/garage11/ca11


Is it related to screen sharing? They allow sharing a specific window. Without knowing about other processes you may not share the window. You have to specifically allow it in System Preference on Mac though.


I don't use Zoom. But I'll assume it's the same as Google Meet and so now I'll complain about Google Meet.

1. When the call quality is less than 100%, it is difficult to attribute this blame to the other person, my equipment, my connection, or the service provider. A heartbeat signal could fix this.

2. When somebody else is presenting, I can't point on THEIR screen. I have fumble through "higher, higher, too high, it's on the bar, do you see the bar?, yes, click on that one, you're right it doesn't really look like a pencil does it?"


Pretty low move by Zoom. Again. There is nothing in their interface letting users know they've been monitored. Nothing.


Does anybody have a good alternative to zoom that does not do this?


An open source alternative might be Jitsi Meet https://jitsi.org/jitsi-meet/. I haven't tried it though.




If you would prefer to self host, there's always FreeSWITCH [0]. It can act as a server for meetings. There is a webRTC client called Verto Communicator that seems to work quite well, or you can use SIP clients.

The documentation is a bit lacking, but it's actually a very capable system for unifying voice, video and chat communications – and a whole lot more.

[0] https://freeswitch.com/


I've been using both Uberconference and Google Meet (G Suite only). Both of these run entirely in a browser without any extensions or applications.


[flagged]


Speculation based on racial profiling, aside from the obvious fairness issues, is actively damaging to the privacy cause in the US because it frames the issue in nationalist terms. This diverts attention from the more insidious threat of American government spying on American citizens, slowly boiling the frog of our privacy and paving the way for a future repressive regime and police state.


Yeah, hello, delete it.


Hello all I am taking cless via zoom meeting someone come and type fuck you how can find who is he can you help me in this how can find id and ip address


Goes without saying that there is massive "pattern of life" info emitted by what you attend and with whom.

No wonder it's such a great little product.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: