Hacker News new | ask | show | jobs
by madars 2278 days ago
Except Zoom web version doesn't work: the incoming/outgoing audio is garbled (tested with Chrome, they do not support Firefox). This is in part because they were obviously too good for WebRTC native audio and instead gutted ffmpeg and compiled it to WebAssembly (I wish I was kidding but I'm not: https://webrtchacks.com/zoom-avoids-using-webrtc/).

Moreover, Zoom has a history of RCEs (leaving an active web server after you uninstall Zoom? so that a website can reinstall Zoom without any user interaction? why not! https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...), and anti-privacy behavior: meeting host gets a copy of all private messages sent between participants (there is no notice of this; https://twitter.com/rcalo/status/1237957509324746752); host can monitor if your Zoom window is active (https://twitter.com/zoom_us/status/1241768006327336963); and Zoom has audio fingerprint tracing (so if you get a leaked recording Zoom can blame a particular participant: https://venturebeat.com/2019/01/22/zoom-is-bringing-ultrason...). Running it under strace reveals it is fingerprinting your device as well (idk if that gets sent anywhere but iOS app sends stuff to Facebook...).

Zoom is creepy and should not be used. I keep a separate VM for it, as it clearly can not be trusted.
2 comments
JadeNB 2278 days ago
> This is in part because they were obviously too good for WebRTC native audio and instead gutted ffmpeg and compiled it to WebAssembly (I wish I was kidding but I'm not: https://webrtchacks.com/zoom-avoids-using-webrtc/).

Not a Zoom apologist I—I am also deeply creeped out by the fetish for covert data exfiltration in a platform that is so widely used in these quarantine days—but, as far as the tech goes, the story you linked seems to say that they do use WebRTC as of September 2019.

link
manigandham 2278 days ago
Sounds like this would be a good compilation for a complete story instead of individual bits.
link
madars 2278 days ago
Agreed! Been meaning to write something like that but a complete story probably needs second-sourcing all the bits, experiments, etc. Regrettably, the trend is clear.
link