I love how when you go to enter a Zoom meeting, they bury the no-install, run-in-browser link in small type in a footer. And then, if you manage to see the link and use the browser, they withhold "Gallery View", forcing you to deal with the extremely annoying "Active Speaker View".
It's unfortunate that they bought and destroyed Keybase [1] in a bid to improve their security and even still there seems to be no improvement. Guess even the best folks can't make an impact if company culture prevents it.<p>[1] <a href="https://github.com/keybase/client/graphs/commit-activity" rel="nofollow">https://github.com/keybase/client/graphs/commit-activity</a>
Why do you guys not use <a href="https://whereby.com" rel="nofollow">https://whereby.com</a> (formerly appear.in), it’s free for 4 people, in-browser only, no-login, WebRTC, allows sharing the screen alongside faces.<p>But they made the 5+ rooms $9 per month, which is way too expensive. There are not enough competitors for WebRTC conf tools, it should be quite simple and $4-5 a month (WebRTC doesn’t incur data costs on the servers since the data is peer-to-peer).
Have you seen Zoom’s stock price? Wall Street don’t give a shit about security unless the company goes under due to a massive fine.<p>Let’s accept the fact that US govt doesn’t give a shit about little privacy/security like this. EU will sometimes strike a big hammer but even that is sporadic.<p>Zoom has built momentum on “dark growth hacks” and they’re reaping the rewards. This is standard Silicon Valley.
Zoom is a joke on Linux. You enter a meeting, it goes automatically into full screen mode and when you put in windowed mode, the window can get lost. Then you need to reconnect the session.
I argue Zoom does understand GDPR and the ePrivacy Directive from a legal perspective.<p>The specific citation about the length of a cookie is a recommendation and not a law[0]. The key word is 'should'.<p>I'm not a lawyer nor claim the ability to interpret GDPR legally, but I have seen companies that actively worked to edge case GDPR to their advantage (I was part of one). We would have lawyers and other 'GDPR experts' tell us what was possible and what wasn't then simply extend into the grey area.<p>Here, I reject the Halon's Razor[1].<p>[0] <a href="https://gdpr.eu/cookies/#:~:text=All%20persistent%20cookies%20have%20an,you%20do%20not%20take%20action" rel="nofollow">https://gdpr.eu/cookies/#:~:text=All%20persistent%20cookies%...</a>.<p>[1] <a href="https://en.wikipedia.org/wiki/Hanlon%27s_razor" rel="nofollow">https://en.wikipedia.org/wiki/Hanlon%27s_razor</a>
Google Meet features seem so much better suited for government and education, especially if using G Suite on top of it. It is like the same price of Zoom but includes a lot of other great features, including unlimited storage using Google Drive.
Disclaimer: I used to work at ThreatSpike Labs but left before this article was written and before any of the findings on this article were discovered.
Read between the lines: a company established on the territory of a state where there is no concept of "private property" does not understand that it is impossible to collect personal data.
If you have run the native programme (for me it keeps breaking up in the browser), run it from a dedicated unpriviledged user, without installing it on the system. (Run ./opt/zoom/ZoomLauncher.) If you have to log in (I couldn't change the input device without logging in), when your browser tries to open the not installed programme, copy the link and give it as a command-line argument to ZoomLauncher.<p>Looking forward to a working alternative.
I find the name of the <i>NPS_0487a3ac_throttle</i> cookie suspicious enough, but the article does not comment on it. Is this a common practice? Throttling the website for users who uninstalled your application?
I'm sure Zoom would be doing privacy-iffy things even if in full compliance with the GDPRAnd the possibility they might be surveying other cookies, and uploading them elsewhere, would be a giant concern if verified.<p>But the specific complaint here, about a cookie with an expiration longer-than-12-months, seems pretty silly.<p>It's not stored on some remote machine - it's stored locally, transparently. The user – and their own software – can control this easily & completely. If there's a good rationale for expiring cookies earlier, a browser can easily do it directly - it needn't involve regulators, or ineffectually hoping every one of thousands of different companies/websites do something the laws of one place ask.
This is excellent work by threatspike and we should commend/support efforts like this that help keep us informed of the sneaky and intrusive actions of certain pieces of software
My bet is that Zoom <i>understand</i> the GDPR just fine, and don't care.<p>They have repeatedly shown that they will do whatever they want, and then act contrite later if they're caught out. They are not trustworthy, and I won't run their software on any nonsandboxed environment AT ALL. There's utterly no reason to.
The author is referring to the ePrivacy directive - its not the same as the GDPR.<p>Does he mean the ePrivacy regulation?<p>The ePrivacy regulation (not directive) is no binding law yet.
wow as with everything that's come out about them it feels like they're trying to get the job done but with limited platform support and badly<p>it's not absurd for a product manager to want your desktop zoom app to inherit your browser login<p>though as a user if I saw this behavior I would have a few wtfs. But as a user I would <i>never ever</i> install zoom on a laptop<p>my takeaway from this isn't GDPR implications, it's that desktop OSes need to get serious about permissions, especially filesystem walkabouts
“Zoom cookies are firstly written when the user connects to the website zoom.us and accepts the cookies options.”<p>That was the moment Zoom received your consent to store data transmitted by cookies. Adding a few more cookies to the pile, regardless of expiration date, doesn’t change the agreement.<p>Rummaging round the cookie bin on uninstall is a nice find and deserves a raised eyebrow but this doesn’t really have anything to do with GDPR.