SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yes. The CEO of Zoom was not prepared for the unprecedented need for the software, and he admitted that their security policies were lacking. My understanding is that they've worked to improve the security of their application.
Two of those articles were from mid-2019 and it seems those major security flaws have been resolved (not discounting the seriousness of the flaws, but I don't believe they're currently an issue). Zoom still needs more work to become a decently secure platform, but most of what you hear now is just that people need to remember to password protect their conferences.
Two of those articles were from mid-2019 and it seems those major security flaws have been resolved (not discounting the seriousness of the flaws, but I don't believe they're currently an issue). Zoom still needs more work to become a decently secure platform, but most of what you hear now is just that people need to remember to password protect their conferences.
The one from Verge is three weeks old. Now, I don't trust Verge very much (if at all) but if it's been over a year and they still have serious security issues (like routing everything through China, The CCP is not a friend, my friend), there is something very very wrong, and I trust Zoom less than I trust Verge.
The one from Verge is three weeks old. Now, I don't trust Verge very much (if at all) but if it's been over a year and they still have serious security issues (like routing everything through China, The CCP is not a friend, my friend), there is something very very wrong, and I trust Zoom less than I trust Verge.
I respect, acknowledge and appreciate your observations. Unfortunately I need Zoom to keep in touch with my social group. The application security is not something that sits well with me.
Two of those articles were from mid-2019 and it seems those major security flaws have been resolved (not discounting the seriousness of the flaws, but I don't believe they're currently an issue). Zoom still needs more work to become a decently secure platform, but most of what you hear now is just that people need to remember to password protect their conferences.
Well, only if you don't mind the contents of your conference to be available to the employees of Zoom and the company itself to mine and exploit.
Whatever is in your conference is unencrypted on the zoom servers themselves. If that's not a problem to you (and it is not a given that it must be problem for you), then you're golden.
Otherwise, maybe check out https://jitsi.org/ You could even run your own server.
Well, only if you don't mind the contents of your conference to be available to the employees of Zoom and the company itself to mine and exploit.
Whatever is in your conference is unencrypted on the zoom servers themselves. If that's not a problem to you (and it is not a given that it must be problem for you), then you're golden.
Otherwise, maybe check out https://jitsi.org/ You could even run your own server.
I've only used it for work and like many, it's mandatory. Luckily, since I'm military, we are only allowed to host with a "Zoom for Government" account, so it is secured. But the fact they don't have E2E encryption for everyone is just plain stupid.
Distribution: Slackware 64 -current multilib from AlienBob's LiveSlak MATE
Posts: 1,073
Rep:
Trouble with recent zoom-linux (built with SBo script)
With the most recent version of zoom-linux (3.5.392530.0421) I can't login via the SSO option. This is odd, since zoom's information regarding the March 2323 version states "Resolved an issue where some users were unable to sign in with Single Sign On (SSO)". For me, it's the other way round - it created an issue. I downgraded to an older version that I've stored (2.9.265650.0716) and then the SSO login worked.
Anyone else having experienced this?
Don't know if downgrading will affect basic functionality in any other way.
The web interface is of course always an option. And there's another version announced for release later this week, maybe that will solve the problem.
Zoom worked out of the box for me, but I'll point out that the linux client does not have all the features of the Windows one. In particular, you cannot control breakout rooms as the Host. That's exactly what I need it for (education....breaking students into groups....need it!), so I'm stuck on windows for the time being.
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
I probably would not run that on your production machine anyway, it has tons of security and privacy issues and is based in China so who knows what kind of system info it's harvesting and who has access to your system while it's running. I would run it on a separate machine or VM to be safe.
I ended up being coaxed to install it too, I put it on my phone, I figure my phone is already spying on me anyway, and I don't let it connect to my main vlan.
I don't know enough about encryption to know if this will satisfy those worried about end to end security:
Quote:
AES 256-bit GCM encryption
Zoom is upgrading to the AES 256-bit GCM encryption standard, which offers increased
protection of your meeting data in transit and resistance against tampering. This
provides confidentiality and integrity assurances on your Zoom Meeting, Zoom Video
Webinar, and Zoom Phone data. This version of the Zoom client will support GCM
encryption when it is automatically enabled for all accounts on May 30.
Also this, for those who prefer their data not to be processed in certain countries:
Quote:
Select data center regions when scheduling a meeting
Users can now select which data center regions they would
like their in meeting traffic to use when scheduling a meeting.
This is for the release coming up on April 27, 2020. Link here... My own use of Zoom is for family get togethers during the lockdown and for that I am very, very happy.
I probably would not run that on your production machine anyway, it has tons of security and privacy issues and is based in China so who knows what kind of system info it's harvesting and who has access to your system while it's running
And who knows what kind of system info Intel CPUs are harvesting and who has access to your system when you boot up an Intel machine? Who knows what kind of system info Dell UEFI firmware is harvesting and who has access to your system when you boot up a Dell machine? Who knows what kind of personal info Google and Facebook are harvesting, day and night, winter and summer, northern hemisphere and southern?
Distribution: Mint 20.1 on workstation, Debian 11 on servers
Posts: 1,336
Rep:
Quote:
Originally Posted by Gerard Lally
And who knows what kind of system info Intel CPUs are harvesting and who has access to your system when you boot up an Intel machine? Who knows what kind of system info Dell UEFI firmware is harvesting and who has access to your system when you boot up a Dell machine? Who knows what kind of personal info Google and Facebook are harvesting, day and night, winter and summer, northern hemisphere and southern?
That's why all my new builds are AMD. Hopefully AMD is not pulling the same crap as Intel though... Unfortunately we don't have much control over hardware level spying. Phones are a huge issue too, wish there were some more easily obtainable open source options or at very least alternative OSes that work on existing phones that aren't just an android spin.
The only feature of Zoom on Windows that is not present in ZoomLinux that I have found is playing a movie on your video greenscreen background which is not supported in ZoomLinux. Of course if having an animated background on your videochat background is important to you, you can work it out with OBS if you are motivated to do so.
Right. So. How do you think Zoom is able to tell who's speaking? (You know, so it can highlight that user's video?)
There's a number of ways to do that thing (I've actually worked on a video conferencing application back in my telecom days, albeit on the OAM side), but the easiest way is to examine the video streams. Well, if they are unencrypted, but if you want to mine that stuff anyways...
The alternative would be to have a separate stream of data that indicated you were talking; not impossible to implement by any means whatsoever, but that doesn't mean that Zoom is interested in doing that.
I know that @bassmadrigal stated above the that the US military believes Zoom to be sufficiently private for their particular use cases. Many moons ago, I was in the US military as a signal puke; were I still in, I would insist upon a security audit.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.