8

With COVID-19 pandemic there was a boom of video conferencing. Although there are good free and open source alternatives like Jitsi (with e2ee coming soon), Zoom became popular. Is not a secret that have some privacy issues (EFF, ProtonMail Blog, The Guardian, The Verge).

For the ones forced to install it, it would be nice to have a friendly way to install it and run it without giving up privacy so easily. Maybe using it inside a sandbox like firejail (there is a zoom profile), selecting file system access.

If installed using snap package: It's worth noting that even removing "Play and record sound" from Permissions on Ubuntu software it's still can play and record sound. IMO a serious security bug on snapd/snappy/snap-store. Maybe this wouldn't happen on Wayland?

Also, audio-record connection (AKA interface) shouldn't auto-connect, but people behind snap store override this rule on purpose.

screenshot

Update

Zoom is available as a Flatpak: flatpak install flathub us.zoom.Zoom

Pablo Bianchi
  • 14,308
  • 4
  • 74
  • 117
  • It should be noted that, by the very nature of what it is *supposed to do*, even assuming best intentions, it needs quite wide-ranging capabilities: access to the camera, the microphone, and the network are simply required to do its job, yet also allow it to record everything you do and live-stream it to `$EVIL_ACTOR_OF_YOUR_CHOOSING`. If you want to do file sharing, it also requires access to the file system, and for discovery, access to the address book. – Jörg W Mittag Jun 01 '20 at 14:49

1 Answers1

5

Zoom is available as a Snap: snap install zoom-client

Snaps are confined to their own filesystem using squashfs loop mounts and AppArmor rules. However, Zoom needs routine access to quite a lot of your hardware (USB ports, audio, screen, camera, network) in order to be useful. Also, the application needs to be detectable by others on the system (so e-mail invitation links work). So complete sandboxing seems a challenge.

Some problems with Zoom (like the ability to bruteforce an access code) are outside the OS' control.

user535733
  • 58,040
  • 10
  • 106
  • 136
  • New user might not realize how many permissions are given by default: `snap connections zoom-client`. Also, it seems doesn't [work on fine on 18.04](https://imgur.com/Lvrhsdq). Do you mean [this](https://www.samuraisecurity.co.uk/zoom-default-insecure/) about the brute force attack? – Pablo Bianchi Jun 01 '20 at 04:26
  • 1
    Edited the second paragraph to talk about connections. We both know that the solution to "it doesn't work" in this community is to test, report bugs, improve it until it does work. – user535733 Jun 01 '20 at 04:34
  • I would be happy to hear your opinions about the inconsistencies/security issues I'd notice on snapd. Also, about the [security issues using X](https://mjg59.dreamwidth.org/42320.html). – Pablo Bianchi Sep 20 '20 at 21:55