[desilentio]

> As for Zoom, I don't understand why people trust them or still use their product if they are at all concerned about security. It makes very little sense.

I certainly don't trust them, but I do use Zoom (from a dedicated unprivileged user, so it can't do any harm beyond recording my conversations), because my colleagues use Zoom, and because there doesn't seem to be any working alternative. I got them to try Jitsi once, which simply didn't work.

PS. There may be working /secret-source/ alternatives, but I don't know why one should think Zoom /more/ untrustworthy than them.

[aaisola]

Google's Meet has improved considerably and most importantly it comes free with G-Suite. They are also pushing it quite hard as every calendar invite has a Google Meet link automatically included.

The reason that people went with Zoom is "because it worked." As other products improve it's hard to see what Zoom's moat is and why we should continue to pay for it.

[bhauer]

> The reason that people went with Zoom is "because it worked." As other products improve it's hard to see what Zoom's moat is and why we should continue to pay for it.

Ironically, I would say Google Meet defines "it just works" for me way more than does Zoom.

Joining a Google Meet:

1. Enter the URL in your browser.

2. Click join.

Joining a Zoom:

1. Enter the URL in your browser.

2. Accept launching an executable.

3. Watch a window or two pop up and close.

4. Decide if you're using video or not.

5. Watch more windows pop up and close.

6. See the main Zoom window appear.

7. Decide if you're using audio or not.

Perhaps part of my beef with Zoom is how many times its window shuffling steals focus during the several seconds needed to join a meeting. If I'm trying to get work done while waiting for a meeting to start, the focus stealing is very obnoxious.

[anticensor]

Joining a BigBlueButton/Jitsi meeting:

1. Enter the URL in your browser.

2. Choose a nickname or log in.

3. Click join.

4. Decide if you're using video or not.

5. See a video test.

6. Decide if you're using audio or not.

7. See an audio test.

(steps 5 and 7 are absent in a Jitsi meeting)

[desilentio]

It's not necessary for everyone to have a Google account?

[tony101]

"You don't need a Google Account to participate in Meet video meetings. However, if you don’t have a Google Account, the meeting organizer or someone from the organization must grant you access to the meeting."

https://support.google.com/meet/answer/9303069

[wil421]

As another poster said, the very large company I work at bans Zoom. We can use Teams, Webex, Skype, etc.

How can you say there is no alternative?

[hackmiester]

Teams does not allow users to place themselves in breakout rooms. Webex does not allow Linux users to grant control of their screens.

When you use these platforms all the time, you find these little issues. Generally speaking, Zoom does it best, despite their problems.

[mensetmanusman]

You can set up channels in a ‘team’ and use those for breakouts.

[hackmiester]

This would require all the attendees to be members of the team ahead of the meeting; this isn't how we use Zoom.

[mensetmanusman]

Ya, definitely requires more pre-planning, but maybe it’s still a hack that could be used. Just delete the ‘team’ afterwards.

Maybe there is a way to automate this with some VB/Python script?

[floatingatoll]

Each of those alternatives is just as likely to offer government wiretap support to any government that asks as Zoom is, unless I’ve missed statements of refusal to do so to the contrary from them.

[baja_blast]

I think the concern is trade secret theft. Sure the US or EU might demand a wiretap but their goals are different. You don't see the CIA stealing trade secrets and handing them over to Apple or Microsoft. Businesses are primarily worried about their IP.

[BlueTemplar]

That would probably be the NSA, and why would you expect them to NOT do industrial espionage ?

[nix23]

Well they do...it's not new:

https://www.bbc.com/news/25907502

[walrus01]

I know of more than one company where installing zoom on any company owned equipment, or using zoom on your own client devices for company business is a fireable offense.

These are companies that deal with some very sensitive data.

[desilentio]

Sorry, I didn't think in terms of degrees of untrustworthiness. What I miss is an open-source alternative. Doesn't Microsoft let the NSA tap into Skype calls?

[acoard]

>Doesn't Microsoft let the NSA tap into Skype calls?

Yes, but it seems like Skype was doing that prior to being acquired (though Microsoft seems to have accelerated things). From some quick Googling to refresh on PRISM –

>• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

>• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

>Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

> According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

https://www.theguardian.com/world/2013/jul/11/microsoft-nsa-...

[wolco2]

Don't forget about teams.

[bborud]

I wouldn't assume that any given service is secure just because it hasn't been outed yet. Your guess is as good as mine with regard to which service is more secure or less secure.

What is immensely important is to raise the cost of lying to where it becomes something investors care about. The only real thing a company and its investors are afraid of is losing its customers.

If we teach companies it is okay to lie by staying with them, they will lie more.

[BlueTemplar]

There are at least half a dozen of open-source alternatives. Have you tried all of them ?

For instance Big Blue Button : it's not perfect, because it's Canadian, it's hosted on Microsoft's Github, and might have some outstanding security issues [1], but I would probably still trust it more than Zoom or anything GAFAM.

[1] https://en.wikipedia.org/wiki/BigBlueButton#Security

[bo1024]

How about Jitsi?

https://meet.jit.si/

https://jitsi.org/

[mcrittenden]

They said: "I got them to try Jitsi once, which simply didn't work."

[bo1024]

Ah thanks, I didn't see that was the same person higher up.

[jes5199]

never heard of these also-rans

[robotnikman]

Cisco Webex is used in my workplace. We forbid anyone from installing Zoom over security concerns

[pbhjpbhj]

What specific concerns that aren't also relevant to Webex?

[jdright]

What does not work with jitsi? I've been using a lot recently and it is by far the easiest one to use. One link and done. I have lots of video and audio issues with zoom. Now, if you're a company, bluejeans may be the best one.

[mqus]

If you're going to have 10+ People in the meeting, there will be issues. Video/Audio getting bad, People loose have signal, etc. There is also a very noticable load on even more powerful PCs once you have some more people in the call.

So jitsi might work for one-on-ones but slightly bigger conference calls are a no-go.

[jdright]

I tried this and can confirm! I always had about 6-8 persons and never got this issue before. Well, this actually explains a lot of comments I see about Jitsi.

[anticensor]

For 10-100 people, use BigBlueButton instead.

[toast0]

There was a period a few months ago where jitsi was consistently crashing chromebooks. Obviously, if a webpage can crash the OS, it's an OS problem, but it still made jitsi unusable for those with chromebooks.

[BlueTemplar]

Well, obviously you're not going to have good performance from a web app. Why didn't they install the native app ?

[toast0]

The native app doesn't work with the free 8x8 rooms, as far as I could tell.

I'm not sure I consider not crashing the OS when the conference starts 'good performance' so much as 'working'. Running it in Firefox at the time was bad performance (sluggish), haven't tested since.

[desilentio]

I think both video and audio were skippy to the point of uselessness. I've also used Jitsi with moderate success with a couple of interlocutors, where video disappeared now and then.

I'm not a company, I'm at a university, and the u. has decided to use Zoom, perhaps because it doesn't care about security, or because it thinks being concerned about Zoom is being paranoid.

[jlarocco]

> from a dedicated unprivileged user, so it can't do any harm beyond recording my conversations

Unless I'm misunderstanding what you mean by that, I don't really see the point in it, TBH.

Have there been cases of Zoom infecting machines with malware or transmitting viruses? The whole concern, as far as I know, is terrible security on their end, allowing people into calls without permission, not having E2E encryption, etc, and running as an unprivileged user won't help with that at all.

[desilentio]

You don't see the point of being suspicious of secret-source? and especially of an entity that is known to be dishonest? unless it is known to have been dishonest in the precise manner in question?

[e12e]

There's been a few zero day client remote code execution vulnerabilities, along with some problems withe installer AFAIK.

[bborud]

Yes, retention by strong network effect is scary. But I'm being Captain Obvious here :-)

[newh90]

you could try: https://xroom.app or https://go.xroom.app

[pkulak]

I have an entire Windows VM set up just for Zoom meetings.

[newh90]

that's kind of sad if you really think about it.

[InafuSabi]

A working alternative is google _meet_

[newh90]

right - since google is well know for its privacy and telling the truth.