alt Hacker NewsI'll pass on your zoom call
Comments
So at one point Zoom surreptitiously installed a web server on the Mac causing a security vulnerability
https://appleinsider.com/articles/19/07/10/apple-removes-zoo...
> Jitsi - their biggest offense in my book is their name, which is hard to say is or is not really offensive.
And who can't remember not using a video conference app that didn't have an inoffensive name?
If "jitsi" is offensive, who to? If not, which video conferencing app names are?
How much time did it take to write this rather than Google "join zoom in browser"?
Reminds me of the saying "Pessimists are often right. Optimists are often rich."
When Zoom took the world by storm due to the pandemic, they're security was known to be horrible. They aquihired the keybase team who are crypto experts and this presumably had some measure of positive effect.
Do you recall back in the day when zoom used to Root kit your computer?
> If there's one that I really need to be on, I'm going to spin up a VM on my computer so that it has no idea of the other files laying around, such as my ~/passcodes.csv. If you are such a negligent bullhead as to get me onto your call, you'll be unable to see me because my VM cannot access my camera! By design! Same for my microphone, so I'll plug in a USB mic if I really need to speak up. More likely than not though, I'm exhausted by now. I'll spend the full duration of the call eeking a small echo of pleasure from the continuation of this rambling alarm, for your sheepish audience to rub their enablist shame in.
This is written in an edgy tone but it's pretty much SOP with QubesOS. Why would you install _anything_ in your main VM? Not just Zoom, but anything you import in a deep dependency graph can access your figurative ~/passcodes.csv anyway.
> If there's one [zoom call] I really need to be on, I'm going to spin up a VM on my computer so that it has no idea of the other files laying around, such as my ~/passcodes.csv`
Oh come now. You don't really think Zoom is exfiltrating unrelated files from your computer, do you? If they got caught doing this, it would be such a major scandal... why risk it? And even though the client is closed-source I do think they'd get caught. It just isn't fathomable to me.
If you have to take the call, and your main concern is desktop client malware...
At a startup a few years ago, since I was the engineering dept., I had to be on a lot of enterprise sales/partnership calls, and much of the time we had to use the other company's favorite videoconferencing software.
Rather than installing those dumpster fire desktop apps on my Linux laptop that had the keys to our kingdom, I expensed an iPad that would be dedicated to random videoconf apps.
We still get violated numerous ways, but at least compartmentalized from the engineering laptop.
(I also used the iPad for passive monitoring of production at night, like a little digital photo frame in my living room, after putting away the work laptop.)
MatrixRTC (aka Element Call) looks promising. I hope it develops into something nice.
Zoom is founded by a Chinese origin guy.
Its security issues are already discussed earlier elsewhere, such as in this Reddit thread.
https://www.reddit.com/r/privacy/comments/18d1bgi/is_zoom_st...
[In the past is that Zoom said they were HIPAA Compliant, eg. had end-to-end encryption, and weren't. This was a huge issue at the beginning of the Pandemic when everybody started using them. This has since been fixed, but this wasn't their only lie or breach of trust.
A few years ago, Zoom tried to insert a clause in their ToS that would have allowed them to use audio, video or chat content for training AI. But due to a LOT of backlash they backpedalled on that and now they "just" use telemetry data, product-usage data, diagnostic data and similar data “that Zoom collects or generates in connection with your or your End Users’ use of the Services or Software”.
Zoom has had multiple instances of extremely sketchy behavior, including: * Deploying a rootkit on Macs to allow silent reinstallation of Zoom after removal. * Having vulnerabilities in said rootkit that took months to patch after trying to ghost the researcher. * Using useless encryption. * Lying about end-to-end encryption (they weren't even zero knowledge!) * Routing entirely US calls through China. * Lacking any reasonable access control to stop bombers.
They have been caught lying-- not corporate speaking, not fudging a bit, outright lying-- on multiple occasions and had to replace parts of their leadership structure to try to fix the bad PR around it.]
I like Zoom. I have relied on it since 2020. I have Zoom calls almost every day. How long until I experience some sort of problem? Some time within the NEXT six years?
it sounds like you don’t wanna talk to anybody, and nobody wants to talk to you.
Post author must be fun at parties
Do people really still use Zoom in 2026?
I hate Teams, but it's so common now that I can't remember the last time I ever took a call that wasn't on it. If I had to take one from another platform I'd assume it was sketchy!
I really love use fairmeeting.net as my jitsi goto server for any quick drawing board sessions or screensharing/video calling zoom alternative.
I have used it for more over than 1 year/6 months with my friend where we both used and we used to very consistently think of how this service is free and how great it is etc.
Thanks to fairmeeting.net ngl! One of the best services period. I wanted something in browser without too much hassle and something with a perma-link so I can join from different devices (I only had a pc back then and so I used to join with a kiosk tablet which only had browser & do other shenanigans)
I found element calls to be interesting too but still personally I prefer fairmeeting.net! It's really stable when we used it for so many hours for so many days.
I should probably donate to fairmeeting.net ^^
If someone from the fairmeeting.net team is listening, I don't mind donating 10$ or such (yes a little broke haha!) to fairmeting if crypto option can be supported in the official website
I do feel like there were some very minor features behind a donation paywall but honestly for 99.9% people its okay and what me and my friend used to do was use it with tldraw and make drawing boards and send messages with discord (I really wanted him to use matrix/we sometimes used signal) + fairmeeting.net + tldraw (before it required a sign in to create multiple pages, man that feature was so great for anonymous users)
Anyways, I spent an hour or two trying to build a claude script which can make jitsi servers easier to deploy by using cloudflare api+dns feature & podman
it's running on meet.fossbox.cloud enjoy everybody! (Please don't abuse it haha, sharing it in the same spirit as fairmeeting!)
The script is Claude generated and under unlicense. Pasting both gist(github) and opengist(my server) links:
https://opengist.fossbox.cloud/Admin/db747020aae14503b23e5a4...
https://gist.github.com/SerJaimeLannister/d9f1511854b4dc5b17...
> You can run zoom in the browser. At least you could some years ago. Encryption is relevant depending on what you're doing but not everything needs to be super secret. A common practice is to email or use secure file shares while on the call to maintain that security.
Edit: Just wanted the last sentence to show Jitsi instance at https://meet.fossbox.cloud
I kind of decided that I can help create an instance too instead of donating right away as my server runs <10$ (currently 8$ for 3 months 3 TB bandwidth everyday and afterwards a 100mbps cap plus more decentralization)
Although I might shut down the server if I would need to utilize the resources though so if I ever do that, sorry about that!
Alright time to sleep :> Good night!
Edit: the server's xmpp isn't working, gonna try to get a fix of it before I sleep! (seems like I had proxy true and it had to be proxy false)
Edit2: looks like its a bigger issue, I am gonna have to fix it later. Personally I don't know but I just like the workflow of using cloudflare api for dns management & building on it and I have built some other internal tools for myself for making ease of development so currently its gonna have an issue of self issued certificate which I will have to fix later most likely
I mean, sure, fine, but nobody cares that some rando on the Internet doesn't agree to the ToS of Zoom. The article has no actionable information, is not interesting, and is beating an old subject to death.
When I get on conference calls on business software that is primarily sold to and intended for businesses, I'm not usually doing so with the assumption of privacy. I'm usually doing so in the context of the semi-public activity I do at work.
We decline all US based video calls. Use our Zoho Meet or get lost.
If you’re joining a zoom call but don’t enable the camera and only maybe plug in a usb mic - just don’t join?
You can run zoom in the browser. At least you could some years ago. Encryption is relevant depending on what you're doing but not everything needs to be super secret. A common practice is to email or use secure file shares while on the call to maintain that security.