Two of those articles were from mid-2019 and it seems those major security flaws have been resolved (not discounting the seriousness of the flaws, but I don't believe they're currently an issue). Zoom still needs more work to become a decently secure platform, but most of what you hear now is just that people need to remember to password protect their conferences.

The one from Verge is three weeks old. Now, I don't trust Verge very much (if at all) but if it's been over a year and they still have serious security issues (like routing everything through China, The CCP is not a friend, my friend), there is something very very wrong, and I trust Zoom less than I trust Verge.

1 members found this post helpful.

I respect, acknowledge and appreciate your observations. Unfortunately I need Zoom to keep in touch with my social group. The application security is not something that sits well with me.

Well, only if you don't mind the contents of your conference to be available to the employees of Zoom and the company itself to mine and exploit.

Whatever is in your conference is unencrypted on the zoom servers themselves. If that's not a problem to you (and it is not a given that it must be problem for you), then you're golden.

Otherwise, maybe check out https://jitsi.org/ You could even run your own server.

I've only used it for work and like many, it's mandatory. Luckily, since I'm military, we are only allowed to host with a "Zoom for Government" account, so it is secured. But the fact they don't have E2E encryption for everyone is just plain stupid.

With the most recent version of zoom-linux (3.5.392530.0421) I can't login via the SSO option. This is odd, since zoom's information regarding the March 2323 version states "Resolved an issue where some users were unable to sign in with Single Sign On (SSO)". For me, it's the other way round - it created an issue. I downgraded to an older version that I've stored (2.9.265650.0716) and then the SSO login worked.

Anyone else having experienced this?

Don't know if downgrading will affect basic functionality in any other way.

The web interface is of course always an option. And there's another version announced for release later this week, maybe that will solve the problem.

Zoom worked out of the box for me, but I'll point out that the linux client does not have all the features of the Windows one. In particular, you cannot control breakout rooms as the Host. That's exactly what I need it for (education....breaking students into groups....need it!), so I'm stuck on windows for the time being.

(Until I get Wine running, I suppose....)

It's gonna be a very lonely bored and disappointed hacker who hacks my zoom conferences.

Linux version on my machine allows breakout rooms and as far as i can tell does about everything that windows does except make me angry.

I probably would not run that on your production machine anyway, it has tons of security and privacy issues and is based in China so who knows what kind of system info it's harvesting and who has access to your system while it's running. I would run it on a separate machine or VM to be safe.

I ended up being coaxed to install it too, I put it on my phone, I figure my phone is already spying on me anyway, and I don't let it connect to my main vlan.

I don't know enough about encryption to know if this will satisfy those worried about end to end security:

Also this, for those who prefer their data not to be processed in certain countries:

This is for the release coming up on April 27, 2020. Link here... My own use of Zoom is for family get togethers during the lockdown and for that I am very, very happy.

And who knows what kind of system info Intel CPUs are harvesting and who has access to your system when you boot up an Intel machine? Who knows what kind of system info Dell UEFI firmware is harvesting and who has access to your system when you boot up a Dell machine? Who knows what kind of personal info Google and Facebook are harvesting, day and night, winter and summer, northern hemisphere and southern?

That's why all my new builds are AMD. Hopefully AMD is not pulling the same crap as Intel though... Unfortunately we don't have much control over hardware level spying. Phones are a huge issue too, wish there were some more easily obtainable open source options or at very least alternative OSes that work on existing phones that aren't just an android spin.

The only feature of Zoom on Windows that is not present in ZoomLinux that I have found is playing a movie on your video greenscreen background which is not supported in ZoomLinux. Of course if having an animated background on your videochat background is important to you, you can work it out with OBS if you are motivated to do so.

All night, All day, angels watching over me...

Right. So. How do you think Zoom is able to tell who's speaking? (You know, so it can highlight that user's video?)

There's a number of ways to do that thing (I've actually worked on a video conferencing application back in my telecom days, albeit on the OAM side), but the easiest way is to examine the video streams. Well, if they are unencrypted, but if you want to mine that stuff anyways...

The alternative would be to have a separate stream of data that indicated you were talking; not impossible to implement by any means whatsoever, but that doesn't mean that Zoom is interested in doing that.

I know that @bassmadrigal stated above the that the US military believes Zoom to be sufficiently private for their particular use cases. Many moons ago, I was in the US military as a signal puke; were I still in, I would insist upon a security audit.

https://cve.mitre.org/cgi-bin/cvenam...CVE-2020-11500

https://en.wikipedia.org/wiki/Zoom_Video_Communications