Hacker News new | past | comments | ask | show | jobs | submit login

Zoom is entirely banned at the two companies that are my day job, and probably 90% of partners. If you do any work adjacent to anything that's ITAR controlled you should also not be surprised to see the same policy from partner companies. This has been in place for quite some time since the initial security problem that was so egregiously bad apple had to resort to using the malware removal tool to remove zoom's binaries from Macos clients.

Entirely aside from their many past security holes which have been handled poorly , they have straight up lied about end to end crypto and what exact crypto it's using. That's before we get into the ownership of the company, its management and the location of most of the developers.




I use the zoom web client, never the desktop app. I prefer everything to be via the browser since it provides good sandboxing. Up until we have good sandboxing mechanisms via OS's - it will be the browser for me.


I think we're a bit naive in the west and most often assume good faith from certain other business cultures. We're not used to companies that engage in calculated perfidy that have their sorry prepared long before you've discovered the problem. To put another way, "It's better to ask for forgiveness than to ask for permission", or to beat around the bush even more: I disagree with Hanlon's razor.


> I think we're a bit naive in the west

How does the West have anything to do with this? Moreover, the West is the birthplace of the "move fast and break things" ideology.


So people contributing to western business culture don't act exactly like Mark Zuckerberg? There's a lot of this stuff in "the west" too.


Reckless and negligence aren't the same as deliberate deceit. Though agreed there is plenty of deceit around the world.


As if other vendors are certainly more secure. Those bans seem more based on media exposure than known technical facts and evaluations.


I wouldn't be surprised if Google Meet is much more secure than Zoom.


this was the case here too, but just yesterday got on a usaf hosted zoom that said 'gov' and hosted in CONUS so they seem to have some offering at least DoD is ok with now, appears to only be fedramp

https://www.zoomgov.com/


Note that the DoD Authorization only covers Zoom for public, not even FOUO, data.

For sensitive data, only Cisco and Microsoft are allowed.


yes of course, good point to emphasize it's probably never going to even reach CUI approval lol


County courts in my area use Zoom as well.


I don't like it but Zoom is soooo much better than Webex when I'm doing remote desktop support (those are the only options we're allowed). With webex the lag is awful amd makes it difficult to type, especially in a terminal, and the interface takes up so much space around the screen being shared for useless crap.


Do these issues hold true for the FedRAMP'd "Zoom For Government"?


No, but that's not available to anybody but the govt.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: