> If there's one [zoom call] I really need to be on, I'm going to spin up a VM on my c...

Wowfunhappy • today at 3:59 AM • 4 replies • view on HN

> If there's one [zoom call] I really need to be on, I'm going to spin up a VM on my computer so that it has no idea of the other files laying around, such as my ~/passcodes.csv`

Oh come now. You don't really think Zoom is exfiltrating unrelated files from your computer, do you? If they got caught doing this, it would be such a major scandal... why risk it? And even though the client is closed-source I do think they'd get caught. It just isn't fathomable to me.

Replies

yjftsjthsd-h • today at 4:11 AM

There's also security vulnerabilities. A while back there was a Firefox bug that let websites upload arbitrary files, which got used to steal SSH keys.

sciencejerk • today at 6:33 AM

They wouldn't do it "intentionally". It would be an mistake "accidentally" made by a Developer or AI, that under the right conditions allows Zoom employees, etc arbitrary file reads on the host...

mat0 • today at 6:07 AM

Or just open the call in the browser. It’s much easier to do that than to spin a vm. At this point I just distrust the author

antonvs • today at 5:54 AM

For the average user, you're probably right. In more secure environments, relying on the rational behavior of outside parties for your security isn't tenable.

alt Hacker News

Replies