It does make me feel a bit better though - sometimes I go overboard with security and spend hours making certificate validation work everywhere etc - the people actually making money skip all that and just ignore it. They typically get away with bad practices until they really get massive, as long as the software works well otherwise.
Sometimes when coding I think there is technically an obscure race condition security flaw and, from time to time, leave a TODO instead of spending those grueling hours. This weirdly makes me sleep better at night.
IMHO those you mention who make money are, in this case, qualified further to a category of products that in essence are not complicated. Video conferencing is not complicated until you have scaling problems. Similarly, Facebook was not complicated until it got millions of users at which point most of their interesting code had to do with scaling.
My point is that Zoom is replaceable and in fact, IMO should be replaced. Their tactics of using these dodgy techniques is because they want to have an edge over competition along the lines of "it just works".
I would contrast this to pure research services that add value that would otherwise not be there. Examples of this would be at the time that they were startups: Google (search algorithms) or Spotify (music categorisation algorithms). I'm not saying that today either of Google or Spotify are paragons of morality. At the hardware level I would include Tesla (battery tech) and Intel (processors).
My point is that the shady practises are at this point Zoom's product offering. If their video scaling algorithms are superior (and not just lifted from some open source libraries) then that should be their product offering. Not "it just works" via security exploits.
How much of this is related to the software though and how much is related to home internet speeds, camera quality, microphone quality, etc.? Most laptops ship with really low quality webcams and mics, and that’s predominantly what people are using.
The difference between Zoom and Google Hangouts is staggering. Zoom works way better. I actually love it from a usability perspective, though it's frustrating because if Apple/Microsoft/Google could agree on an open standard with open-source clients/protocols Zoom wouldn't be necessary.
I've just been using Slack video (for small groups or one-on-ones) and BlueJeans for larger meetings. I've tried Zoom and didn't see what it added on top of BlueJeans except for feeling like malware.
Dropbox won early on for having the same user-friendly affordances. I can't say if I was making Zoom, that I wouldn't err on the side of usability at first, also.
When I was first asked to install Zoom I hadn't heard of it, so I googled "Zoom malware" (to see if it's malware, as I assumed someone would have written that up if it was.) I didn't find a clear "zoom is malware" blog post at the time. So I said that's good enough for me and installed it.
Later when I heard that Zoom installs and leaves a web server open on your machine, even if you uninstall it, I felt duped, since I did my due dilligence by Googling if it's malware. If it leaves a webserver running after uninstall, it's obviously malware, same as if it launched a Windows search for "passwords.txt". There's no real room for interpretation here.
But I didn't find that at the time.
Whereas if I did that Google search today I would find that it:
If I were considering installing it today, I would install it only in a virtual machine after Googling what kind of protections to use when trying malware in a VM. (Since it can be expected to play shenanigans with your network and with the host's USB devices etc.) Just basic stuff, as Zoom isn't very sophisticated.
After I read all this I was angry. Not because all of this makes it obviously malware but because it's sloppy malware, and I specifically Googled whether it was sloppy, obvious malware and didn't get a clear "yes, Zoom is malware."
By the way sending data to Facebook doesn't make my list of links, as that is par for the course and anyone might do that. I have a pretty high tolerance for crap and to be honest Zoom is the only mainstream software that failed it so far.
Though I guess technically I still use Zoom every day (until I buy a new computer), you know, since I did install it that one time, before I uninstalled it...
How do I uninstall the web server - or better, can you please point me to guides to remove the bits left after the uninstall. I don't mind uninstalling/reinstalling this till I get a VM setup.
Ha, for sure. E.g. SnapChat didn't actually delete the pictures in the first versions. Apparently, they didn't know how. So they renamed them with a different extension so the photo app didn't find them. But tether your phone, and voila! they were all still there on the phone.
> They typically get away with bad practices until they really get massive
They get away with it because they aren't liable for any damage caused by exploitation of vulnerabilities caused by their bad practices. If they had to indemnify the victims of their negligence, I guarantee they'd care a lot more about doing things right.
Sometimes when coding I think there is technically an obscure race condition security flaw and, from time to time, leave a TODO instead of spending those grueling hours. This weirdly makes me sleep better at night.
At any rate, "sunlight is the best disinfectant"!