Follow

New blog post: How to use the Zoom malware safely on Linux if you absolutely have to

“When I agreed to speak at Creative Mornings Istanbul tomorrow, I didn’t know they were holding the event over Zoom. I guess it’s fitting that the series I’m speaking at is called Insecure.“

ar.al/2020/06/25/how-to-use-th

@aral FYI if you click the ZOOM url, then click download app and ignore the page it opens, it shows a web version of zoom. github.com/arkadiyt/zoom-redir makes it automatic

@peregrine Fucking dark pattern after dark pattern. Wow. (Thanks, Jason, good to know.)

@peregrine @aral I tried the web version of zoom with Firefox for the first time recently and I wasn’t able to talk.

Is it because of my browser, or participants in web browsers can just follow what happens without taking part?

@Crocmagnon @aral Usually you can talk. I know they use wasm so if your browser doesn't support that it might break. Or if you block webrtc you might have trouble.

@ashwinvis @aral The point here is firejail... which is more secure than Flatpak especially in X. You also don't get the bloat from a bundle install..

@ashwinvis Because Flatpak has a “sandbox” not a sandbox.

@aral Or use zoom from the browser? Even Firefox is supported now. Though I guess the web client does not have some advanced features.

@aral

Yeah, when I saw your announcement, I was immediately irritated that it was on zoom.
But I din't say anything 'cause I assumed you had taken a educated choice, probably with your teeth pressed together; and me pointing out the obvious wouldn't have helped at all.

Thanks for bringing it up here!

@aral Under X11 a program launched with firejail can still get quite some information.

For example:
```
firejail # Open shell in a jail.
import -window root screenshot.png # Take screenshot.
xclip -o # Get selected text.
```

It is also possible to log all keystrokes from the jail.

```
firejail
xinput test-xi2 --root | grep --line-buffered -A 2 "(KeyPress)" | grep detail
```

@aral
Do you have up-to-date details on Zoom's flaws? Apart from the Chinese government having access to all the meetings and shutting down ones they don't agree with, I can't find any info on flaws they aren't claiming to have since fixed in recent updates. I'd need better reasons than Chinese spying to persuade the average person not to use it...

@aral I had to use Zoom also on one occasion, but I could use the browser version.Is this an option for you?

Sign in to participate in the conversation
Aral’s Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!