"But because of a subtlety of Unix systems (of which macOS is one), when an existing file is moved from another location to the root directory, it retains the same read-write permissions it previously had."
And ownership. (The sentence before that suggests "root directory" here means "directory owned by root".) The permissions on the directory apply only to the file's directory entry, not the file itself.
This isn't a "subtlety", it's how it works, and no-one who doesn't understand this should be writing macOS installers.
The correct approach is to open the file for read and copy its bytes into your private area. Only then check the cryptographic signature. Just renaming into your private directory isn't enough, even if that directory has no read or execute access to other users, because the attacker could have opened the file for write access before you did the rename.
Yup, this is a very common misconception. In Unix, directories are not folders. Directories are literally a directory, like a phone book. It lists files and their location on disk. A directory doesn't contain any other files. Moving a file from one directory to another only modifies the directories, not the file itself.
So what? Windows likes the word folders but it works the same way. And you could easily have file access permissions depend on the directory if you wanted to.
Using the "folder" mental model leads to exactly the bugs in TFA. "Oh, the root folder can only be accessed by root, so if I put a file _inside_ that folder it will be protected". Thats not how it works.
> And you could easily have file access permissions depend on the directory if you wanted to.
No, because you can have multiple links in multiple directories all pointing to the same file.
> Using the "folder" mental model leads to exactly the bugs in TFA. "Oh, the root folder can only be accessed by root, so if I put a file _inside_ that folder it will be protected". Thats not how it works.
I don't really see the logic that way. Even if it was "inside", this permission failure would still happen. And directories, if used properly, can protect a 777 file from being changed. The error in the mental model is in how permissions work, not how files are organized.
> No, because you can have multiple links in multiple directories all pointing to the same file.
Well I put the word "access" there to try to be clearer. If you as system designer wanted to, you could have the path you take to a file affect permissions, even with the 'directory' model and multiple hard links. Heck, you could have permissions be on links instead of on files. YOLO.
> ... directories, if used properly, can protect a 777 file from being changed. The error in the mental model is in how permissions work, not how files are organized.
There is a second possible misconception that I did touch on in my last paragraph, but didn't spell out. On Unix, the permissions check is done when you open the file, not when you perform the read or write. This means that a user who cannot currently open the file (because directory permissions mean they have no way to get to the inode) can nonetheless alter it now if they opened it when they could. So you could rename the file from the attacker's directory into your installer's private directory, verify its cryptographic signature, but then the attacker injects their malware into the file before you start copying, and you install the malware.
Because the two common types of locks on Unix (BSD and POSIX record) are advisory, you can't just lock that file against writers before you check the signature. This is in contrast to Windows, where you can't even rename or delete the file if someone else has it open.
How do I do that? fstat(2) is no help on macOS, and even if it were would return false positives from things like backup and content indexers ("Time Machine" and "Spotlight" on macOS).
Say every hard link to the file is a descendant of a directory that blocks traversal. No subdirectories of those are already open, and the file is not already open. That keeps it safe, right? If there's any loopholes in that, they could be closed.
Ehr, no. Again, there are no files in the conventional sense in UNIX file systems. There are collections of disk blocks pointed to by an i-node and one or more directory entries pointing to an i-node. It is possible to have an i-node with 0 directory entries linking to it as well as multiple unrelated (i.e. not hard links but truly disjoint directory entries) directory entries referencing the same i-node; both are treated as file system errors by fsck and will be fixed up at the next fsck run. Yet, both scenarios can be easily reproduced (without corrupting the file system!) in a file system debugger and live on for a while.
> […] a descendant of a directory that blocks traversal. No subdirectories of those […]
Directory entries in a UNIX file system do not ascend nor descend, they are linked into one or more directories whether they form a hierarchy or not.
A directory might be «protected» by, say, 700 permissions obscuring a particular directory entry, but if a hard link to the same i-node exists in a another unrelated directory outside the current hierarchy that has more permissive access, say 755, access to data blocks referenced to by an i-node has already leaked out.
The other reply already covered the definition of hard links. It's a directory entry that points to an inode.
And file system corruption is definitely a loophole.
> Directory entries in a UNIX file system do not ascend nor descend, they are linked into one or more directories whether they form a hierarchy or not.
All the filesystems I'm sufficiently aware of insist on directories being a tree. Every entry except the special .. descends in that tree. And each hard link is in a specific directory.
> if a hard link to the same i-node exists in a another unrelated directory outside the current hierarchy that has more permissive access
> And file system corruption is definitely a loophole.
Zero directory entries pointing to an i-node is not a file system corruption as it neither corrupts the file system nor breaks the file system semantics; it is possible to have a garbage collector running in the background to mop up orphaned i-nodes with the file system remaining fully operational at the same time.
Distinct i-nodes pointing to the same block allocation, on the other hand, are a security loop hole and create consistency problems. Whether they cause the file system corruption or not is a matter of an academic debate, though.
> All the filesystems I'm sufficiently aware of insist on directories being a tree. Every entry except the special .. descends in that tree. And each hard link is in a specific directory.
It is possible to design and write a file system implementation that will retain the UNIX file systems semantics of i-nodes and directory entries whilst remaining completely flat (i.e. no directory hierarchies, just «.»). Such a file sysem would be impractical for most use cases today but is easily possible, and such file systems had been a commonplace before the UNIX file system arrival.
Earlier on, you had mentioned: «If there's any loopholes in that, they could be closed». The example below (which is perfectly legit and does not contain semantic loopholes), which of directories does «file.txt» belong in or descends from/ascends into: 1) «a/b/c», 2) «d/e/f/g», 3) «.», 4) all of them? Which of the three directories is more specific and why, and what about future hard links?
$ mkdir -p a/b/c
$ mkdir -p d/e/f/g
$ echo 'I am a file' >file.txt
$ chown 0:0 file.txt
$ chmod 666 file.txt
$ ln file.txt a/b/c
$ ln file.txt d/e/f/g
$ sudo chown 0:0 a
$ sudo chmod 700 a
$ ls -l a
ls: cannot open directory 'a': Permission denied
$ ls -l d/e/f/g/file.txt
-rw-rw-rw- 3 root wheel 12 Aug 14 23:59 d/e/f/g/file.txt
$ ls -l ./file.txt
-rw-rw-rw- 3 root wheel 12 Aug 14 23:59 ./file.txt
$ echo 'Anyone can access me' >./file.txt
$ cat ./file.txt
Anyone can access me
> It is possible to design and write a file system implementation that will retain the UNIX file systems semantics of i-nodes and directory entries whilst remaining completely flat (i.e. no directory hierarchies, just «.»). Such a file sysem would be impractical for most use cases today but is easily possible, and such file systems had been a commonplace before the UNIX file system arrival.
Yeah, it would also be possible to design a system that doesn't enforce permissions.
The challenge here is whether you can make a reasonable design that's secure. Not whether any design would be secure; that's self-obviously false. Anyone doing the designing can choose not to use a special bespoke filesystem.
But I don't see how your described filesystem would cause problems. The directory entries are still descendants of the directories they are in. Apply the rest of the logic and those files are secure. It's easier, really, when you don't have to worry about subdirectories. If subdirectories don't exist, they can't be open.
> Earlier on, you had mentioned: «If there's any loopholes in that, they could be closed». The example below (which is perfectly legit and does not contain semantic loopholes), which of directories does «file.txt» belong in or descends from/ascends into: 1) «a/b/c», 2) «d/e/f/g», 3) «.», 4) all of them? Which of the three directories is more specific and why, and what about future hard links?
The file is not in a specific directory. Links to the file are in `pwd`, a/b/c, and d/e/f/g. "Being in" is the same as "descending from".
If you secure `pwd` (and nothing is already open), then all three hard links will be secured.
Or if you remove the hard link in `pwd`, and secure g (and nothing is already open), then the file will be secured.
"./a" descends from ".", one hard link to the file descends from ".", "./a/b" descends from "./a", "./a/b/c" descends from "./a/b", one hard link to the file descends from "./a/b/c". Plus the same for d/e/f/g, plus every transitive descent like "./a/b" descending from "." I hope that's what you mean by "more specific"?
If future hard links are made, then they follow the same rules. If any hard link is not secured, then the file is not secured. And a user without access to the file cannot make a new hard link to the file.
> Yeah, it would also be possible to design a system that doesn't enforce permissions.
It is even easier than that: one only has to simply detach the disk and reattach it to another UNIX box to gain access to any file as the file system itself is defenceless and offers no protection from the physical access to its on-disk layout. File system encryption is the only solution that makes physical impractical or at least convoluted.
And, since UNIX file systems delegate permissons checks to the kernel via the VFS, it is also possible for a person with nefarious intentions to modify the file system code to make it always return 777 for any i-node being accessed through it, find a local zero day exploit, load the rogue file system kernel module and remount file system(s) to bypass the permission enforcement in the kernel.
The reverse is also true: if the kernel and the file system support access control lists, standard UNIX file permissions become largely meaningless, and it becomes possible to grant or revoke access to/from a file owned by root with 600 permissions to an arbitrary user/group only. Using the same example from above:
$ cat ./file.txt
Anyone can access me
$ sudo /bin/chmod +a "group:staff deny write" ./file.txt
$ /bin/ls -le ./file.txt
-rw-rw-rw-+ 3 root wheel 21 14 Aug 23:59 ./file.txt
0: group:staff deny write
$ echo 'No-one from the staff group can access me any longer' >./file.txt
zsh: permission denied: ./file.txt
$ id
uid=NNNNNN(morally.bold.mollusk) gid=MMMMMM(staff) groups=MMMMMM(staff),[… redacted …]
$ ls -la ./file.txt
-rw-rw-rw-+ 3 root wheel 21 Aug 15 17:28 ./file.txt
> The challenge here is whether you can make a reasonable design that's secure.
Indeed, rarely can security be bolted on with any measurable success, and a system can be secure only if it is secure by design. But security is also a game of the constant juggling of trade-offs that may or may not be acceptable in a particular use case. Highly secure designs are [nearly always] hostile to users and are a tremendous nuisance in the daily use. The UNIX answer to security is delegation of responsibilities: «I, UNIX, will do a reasonable job on keeping the system secure, but the onus is on you, user, to excercise the due diligence, and – oh, by the way – here is a shotgun to shoot yourself in the foot (and injure bystanders as a bonus) if you, the user, are negligent about keeping your data secure».
> "./a" descends from ".", one hard link to the file descends from ".", "./a/b" descends from "./a", "./a/b/c" descends from "./a/b", one hard link to the file descends from "./a/b/c". Plus the same for d/e/f/g, plus every transitive descent like "./a/b" descending from "." I hope that's what you mean by "more specific"?
The point I was trying to make was that specificness is a purely logical concept. In the aforementioned example, there are 3x directory entries at 3x arbitrary locations and any of them can be used to access the data referenced to via an i-node. Once a file is opened using either of those three directory entries, it is not possible to trace the open file descriptor back to a specific directory entry. Therefore, none of the three directory entries is more specific than the others – they are all equal.
> The point I was trying to make was that specificness is a purely logical concept. In the aforementioned example, there are 3x directory entries at 3x arbitrary locations and any of them can be used to access the data referenced to via an i-node. Once a file is opened using either of those three directory entries, it is not possible to trace the open file descriptor back to a specific directory entry. Therefore, none of the three directory entries is more specific than the others – they are all equal.
I see.
Then I would agree that every path is equally specific.
But I never wanted to trace a file descriptor back to a specific directory entry. The question that matters is whether all the directory entries for a file are in secure locations. That treats them all equally.
Also, part of the scenario I laid out is that the file is not open to begin with. (If you were to try to check if the file is open, that's outside the scenario, but also shouldn't care what directory entry was used.)
Let's put all subtleties about Unix directories to the side. Zoom wanted to change the permissions of a file so that only root could access it. The obviously correct way to do that is to simply change the permissions of the file.
Even if their solution of putting the file in a root dir worked the way they expected, it would be a circuitous and hacky solution.
> sounds like a lot of reliance on people knowing and wanting to do the right thing?
At a certain point, people need to have basic knowledge. There's a lock on your front door. It does not lock when you turn your lights off. The lock maker is not responsible if you expected it to.
> The obviously correct way to do that is to simply change the permissions of the file.
Obvious, but incorrect. As pointed out elsewhere, the permission check is done when a process opens a file, not when it performs read/write operations. So, an attacker could get a legitimate file, open in for writes, trigger the zoom update on it, zoom would then change the permissions to prevent writes, and then the attacker could modify the file using its already-open file handle.
I'm not sure about all languages but this actually caught me by surprise. When you do a 'mv' command (tested on macos) it does not retain file permissions by default. You actually need to pass a special flag in order to do so.
Objective C does retain perms by default using some common move techniques.
Whatever library or tool you use will just call the `rename` syscall. As you would expect, rename simply renames a file. It deletes the old directory entry and creates a new one.
If you're using a library or tool to do this for you, you should know what it's doing.
It is not until the last comment of the accepted answer that you get to the difference in permissions.
(along with the answers that are not accepted as best)
Or the parent could be trying to mv a file from one filesystem to another. In that case, mv will have to revert to a copy-then-delete operation, and the user may not have the permissions necessary to set up the new file with all the same metadata as the original.
For years, I have refused to install zoom, webex etc clients for exactly this reason. Their installer wants admin user access for no apparent reason. They could have given a simple drag and drop installation app. Instead they want to run an installer with root user permissions to do whatever. Also, I hate apps that installs a helper background program, and doesn't let me disable it via preferences. I refuse to use those too.
Besides, for what zoom does, why do they need an app? Browser has all the capabilities they need.
Just a little snippet from the Teams installer page: "Windows Firewall configuration will be altered even when the prompt is dismissed by selecting “Cancel”. Two inbound rules for teams.exe will be created with Allow action for both TCP and UDP protocols."
Does zoom have such a thing as an unsolicited incoming meeting/join request? You don't have to answer, idk and don't care, just guessing at possible theoretical legit uses just to be complete.
I just know there's all kinds of use cases I have no use for, or actively hate, that most other people seem to love, not even just businesses inflicting things on employees but normal people using voluntarily.
Where on that page does it say anything about drawing on the screen or remote control? To me, those are the two major features Zoom provides that differentiate it from e.g. Google Meet or Jitsi.
Agree totally, only problem is, imo, the browser experience, even for well built web apps, is 'usually' subpar or more problematic or poor performing than a desktop app.
Google Meet is a great example of an app that uses AV and works well, running in a browser. Even with a large number of participants - and no client required.
On the other hand, Zoom web client is an afterthought, to put it nicely.
Than a well-written desktop app, maybe. Electron apps set the bar lower - for example, Microsoft sat on shipping ARM builds for Teams until this month so for a couple of years a browser was faster and used far less RAM.
Note that if SIP is enabled (the default), "root access" does not mean full compromise. On macOS, root is far from being as privileged as it was in the old days of UNIX yore. (Even on Linux it does not have to be, but my impression is that on most distributions it probably still is.)
Just because you're root does not mean you get any entitlement you want, or arbitrary access to the whole filesystem, arbitrary memory access (a la /dev/(k)mem), or can replace the kernel just like that.
(That's also probably why you don't hear of iPhones being "rooted", but rather "jailbroken". Just being root on an iPhone wouldn't do that much.)
Make no mistake, this is still a privilege escalation attack and needs to be fixed.
I read your first 8 words and was momentarily confused because I thought you were referring to https://en.wikipedia.org/wiki/Session_Initiation_Protocol , and can indeed join Zoom meetings with a standard SIP client, but it's an optional paid feature --- nonetheless likely to be available in a corporate environment. Look for the IP address to dial in meeting invites to see if you have that option.
I keep my subkeys on my YubiKey and my master key on a printed QR code in a safe. Submitted some binary data decoding patches to ZBar just to make this easier.
Either you're forced to type in your password 100 times a day (so the rootkit has to wait until you type it in) or you use ssh-agent and your decrypted key is in memory for all to see.
Judging by the downvotes, my suggestion isn't great, though it does seem a tiny bit better.
I was under the impression that 1password uses secure enclave on the Mac and that it only decrypts the key as it's needed. I guess depending on the implementation the decrypted key could be in memory for a moment - or maybe longer.
The GP said they just need access to your .ssh directory (not root access, no mention of a root kit). A pass phrase on the key is a valid mitigation for that level of access.
You don’t need to type it, you can store it in a password manager and copy/paste, which is pretty fast. I do it all the time, it’s not a big deal.
Ok fair, but IMO there are few threat models where that would make a difference. In practice the attacker can just edit your bashrc and alias ssh-agent to log the password. Same for the password manager. Btw user mode rootkits are a thing and they typically don't need root despite the name.
If attacker code can run under your user, you're kinda screwed.
You still need some way to be able to manage the system and have unrestricted access to admin stuff. Moving the problem to some other place doesn't really solve it
Well if that other place is having to have the device in physical possession, and having to enter the admin password in person, before you can e.g. replace the kernel or critical system libraries...
“The appeal of injection a library into Zoom, revolves around its (user-granted) access to the mic and camera. Once our malicious library is loaded into Zoom’s process/address space, the library will automatically inherit any/all of Zooms access rights/permissions!
This means that if the user as given Zoom access to the mic and camera (a more than likely scenario), our injected library can equally access those devices.”
Why the hell does Zoom require root access to begin with? I used to work on a competitor and while it would have made some things easier we never found anything we wanted to do that was impossible without root permissions.
The Zoom app itself doesn't need admin access. My primary non-admin account on my work Mac has it installed in ~/Applications, and I don't notice any missing functionality.
The only annoyance is having to manually extract it out of the downloaded archive when I want to update it. But IIRC, this takes two commands, not including the commands to swap the new app bundle with the old.
The downloaded archive is compressed with xar, and I believe that one should be extracted into an empty directory because otherwise it will spray files everywhere. Then the app bundle is in a gzipped cpio file...I think it's at Contents/Payload.
This says a lot about their engineering culture. There’s no way I’d just casually take on the liability of having root privileges in the software I’m shipping to customers if it can be avoided. Them not caring is a huge red flag imho.
The worst part is abusers of macOS install/update options are going to be used by Apple to further lock down app and update distribution outside of the app store. There are already changes coming in Ventura regarding "self-modifying code" which affects custom updaters. These types of security changes are eventually necessary, the problem is that Apple takes every opportunity they can to break apps outside of the app store pipeline, even though the security mechanism itself doesn't depend on any app store.
Zoom is already distributed for iOS in the App Store. Why not give users the option of installing the macOS app thru the App Store as well? I trust Apple more than Zoom and would prefer installing the latter's app from the App Store knowing it will comply better with best practices.
> There are already changes coming in Ventura regarding "self-modifying code" which affects custom updaters.
Per-app self-updaters are such a disgrace, it really makes me wish I could cheer this on. It's a shame that their elimination, for Mac users, might mean that the app store becomes the only or primary mechanism for automatic app updates on macOS.
The change doesn't affect self-updaters, only a app trying to update a different app from a different developer (which can still be done, but with some additional checks I don't remember).
The discussion is mostly about features of teleconference software which is completely off topic. The point of the article is security. I am not sure if Zoom INTENTIONALLY left the bug for future exploits. I have suspicion and no proof. But in any case, not fixing a bug after 8 months is simply unacceptable.
> I am not sure if Zoom INTENTIONALLY left the bug for future exploits.
What would they stand to gain from this? They already have root on the machine, so they could just send an "update" to that code to do whatever they need.
Is there any practical impact to this? Zoom is broken, shouldn't need root at all, and there's no excuse for this kind of sloppiness, but...does it matter? Is there any Mac out there where this is a problem? Is there a single Mac out there with multiple users and Zoom installed? I'm being slightly hyperbolic, but this is a giant nothingburger.
I am of the camp that very little software should be installed globally. Instead I make use of a precocious and large ~/bin and other things in my less privileged user directories
I've gone as far as to keep an ~/opt that has bin/, man/, lib/, src/, etc. underneath it, and when I can use --prefix on the configure script.
Udocker and singularity (the containerization toolset) also help a ton too. Docker's root requirements make it unsuitable for lots and lots of situations where it would otherwise be useful.
Certifications only overlap a little bit with actual security. Most of SOC2 for example is just bureaucracy and a cash grab by enterprise SSO providers.
I can't think of one for zoome ubless they allow filter plugins for the camera or something. One thing it is useful for is probably loading unsigned VSTs for DAWs.
It's good to remind people, but Zoom does everything it can from my perspective to ensure no one is aware of this.
By default if you click a Zoom meeting link to join, it takes you to the Zoom page and starts a download of the installer (.pkg for Mac). The "Join from Browser" option is hidden and if I remember right, you have to click "Join" again, and then it will show a small HTML link about Join from Browser.
The Browser experience is subpar and buggy. A lot of features lag in the UI, it's very slow to connect to audio, and there are a few options I recall that reload the entire page without warning, meaning you leave the meeting and have to reconnect, often to find a double of yourself.
I also noticed issues with USB Audio devices where after awhile, a static-ey robot noise would appear from you. No other voice apps I used experienced this, only Zoom and only with USB devices and from the browser version. Maybe it's something with Firefox + USB audio, but never was interested to investigate more.
Zoom is really not good software and it's an exercise in frustration when we have to use it at work, and the pricing model seems a bit ridiculous, even for basic users.
There are loads of dark patterns, agreed. This drove me to go hunting in Firefox for a “don’t automatically download shit” option, but to no avail. I guess they hijack your click from the previous page. Just all round awful.
On the other hand, I’ve not had any audio or video problems once in the call, so ymmv.
You could change the option of where to save downloads. Instead of automatically putting them in the downloads folder, if you change it to ask every time, then you will get the file browser prompt before the download starts.
> Zoom is really not good software and it's an exercise in frustration when we have to use it at work
Having used pretty much all video conferencing software, it's by far the best in terms of features, UX, call quality, feature distribution across platforms (do you know that some like BlueJeans don't allow you to have a separate audio input/output device if the device chosen for one supports both? (I have headphones and a separate mic, i can't have the headphones for output only). With Zoom as long as everyone is on the app and not the browser version, all features work. Teams on Linux or mac is always lagging months behind.
Zoom got lucky that they managed to build a brand name just around the time Covid hit and everybody discovered that they needed to do video calls suddenly. I don't think it's particularly well designed or has any particularly novel features. I've been doing online meetings for a very long time and Zoom is just yet another thing here. Very middle of the road in terms of design, UX, or what it does.
In any case, I seem to need to talk to various companies using a disturbingly wide range of applications on a regular basis. Google Meets, Zoom, MS Teams, Cisco WebEx, Skype are all things I've used professionally in the recently. I've also used Slack, Discord, as well as Whatsapp, Facebook Messenger.
The thing is, they all kind of work and roughly with similar audio/video quality and all with the same kind of performance, usability, and other issues. Some of these are more suitable for 1 on 1 meetings and some of these things seem to be geared towards corporate setups.
I have a slight preference for using Google Meets; mainly because I can just launch that straight into the browser (Firefox) without any fuss and it just seems to work and is actually designed to work that way. There is no app even. You just click the thing in the calendar and it opens. Best of all, it plays nice with Firefox containers. So I can join corporate meetings with one account and private meetings with another. The most annoying thing is when you have 1 minute to join a meeting and you discover you need to first install some enterprise crap ware to join and then deal with permissions for it needing access to the screen, audio, etc. I just got a new laptop so, I got to do this a few times already in the last week.
Zoom was eating the lunch of other online meeting software even before COVID. It was the only meeting software where you had a chance of getting started without spending the first part of the meeting doing impromptu tech support for people who could not see, hear, having to download some kind of browser plugin, or dealing with echos, etc.
When the pandemic hit and everyone started working remotely, Zoom was already primed to be the winner.
Not my experience. As I said, I've been doing this for well over 15 years with various tools. Zoom has a level of friction that matches other tools. You need to run an installer,fiddle with headsets, make sure your network doesn't suck, etc.
Zoom hit enormous growth in 2020. Before that, they were just yet another obscure video call tool thingy. I've used several of the long forgotten ones that existed before covid. Investors seemed to like investing in me-too applications. Zoom was one of them and was able to spend enough on marketing right when it was optimal to do so. They hit a perfect bubble of investment cash and a sudden, unexpected need for video call tools.
People imagine all sorts of technical advantages that it simply never had. It's just a web app around some generic off the shelf video communication technology that they definitely did not invent. That's why there were so many of these tools already long before Zoom existed. I know of several such companies that came and went in the Berlin area and talked to their teams. All you needed was some generic full stack coding skills and a couple of weeks to prototype together the off the shelf stuff. Some of the UIs I saw were actually pretty cool. Unlike Zoom, which I always thought was pretty generic and bland as a UX.
Even today, Webex, the closest thing to a standard that existed before Zoom became mainstream, sucks. The UX is shit, it's slow, has bugs like forgetting to turn off audio input after the call is over or having to turn on the camera to unmute, etc. It was a Java based app before, and it only worked on Windows (and at some later point in a limited capacity for mac).
Zoom has less friction, the installer just works on all platforms, and there are less noticeable bugs.
This is what I did but it doesn't work all the way, break rooms don't work, broadcasts (Zoom theater) doesn't work, it's shitty. Like even in a VM it's shitty. Zoom no like VMs, Zoom yes like you installing it as root.
No it can't tell--I'm sure they'd like to, the attitude is omniscience, infinite data for infinite perving looking for patterns. Like most patterns just aren't virtuous, like oh I can fuck them out of a few extra bucks if I bug them at 5 in the morning after a bad experience at small claims court. That's business intelligence. That's a pattern. Or another pattern, we get more signups after sending users "informative" messages terms of service have changed--it's actually a form of marketing, anything to nag and bug people with some minuscule link to the business and money that it craves for its tumescent growth aspirations. Otherwise it would be technological, like come up with actual useful knowledge that would actually be useful. Economists say in the long run all wealth and all progress comes down to technology. Technology is the only thing that matters.
But yeah it can tell it's in a VM because that's when it decides to crap its pants. By this point it's impossible to tell if bugs are intentional when they benefit the startup, there's a whole game in bugs, like no don't fix it it causes the user to lose his shit and give up and pay for this upgrade in the hopes that it all gets better.
There was one bug, yeah a bank bug I saw in Chile. So what this bug did is it fucked up printing the receipts after the user had paid and the bank machine said the transaction was approved. Employees would then insist the user hadn't paid because a receipt hadn't gone through. So the customer had to pay again--and the second time it always worked--double billing. Fucking stealing. Theft. MacDonald's at the SCL airport brazenly stole from me in exactly that way. And did that bug get fixed promptly? Ha...na let it be a little longer, it's not a high priority. It's...not urgent. Fix it next quarter, it's too difficult.
You can't assume good faith in software as it's delivered.
A lot of macOS applications have a privileged helpers (these apps run as root and communicate with the main app) when you wouldn't think they would (teams for example).
Most use them to update the application seamlessly without a pop up asking for permission from the users afaik.
But yes it does mean you get hilarious stuff you wouldn't expect like privilege escalation to root in teams, zoom, etc.
Why does Zoom need a f'ing installer? There's nothing it does that couldn't be in a sandboxed App Store app, and they certainly have the resources to easily publish one. If they need a bit more a regular drag and drop app would suffice.
Nothing good has ever come from apps that required admin privileges to install for no obvious reason. They either abuse the rights, or end up with massive security holes that are completely neglected for months or longer.
It's frustrating because the App absolutely doesn't need it. I use the native .app, but I've never run their installer. Instead you can just unpack it using command line tools (I even wrote a script to do this [1]) and… it runs just fine! No privileges, no special installation. As best I can tell, the installer is there to install a bunch of ancillary nonsense.
I did one other thing when I discovered their app auto installing a launchd auto-update service:
rm -rf ~/.zoomus
sudo touch ~/.zoomus
This makes a file with root permissions where they hide their auto-update script directory. This causes their code to (silently) err out and viola, no more launchd junk.
A lot of software has moved from using dmgs to mpkgs, and apart from some terribly written apps that need some hackery in PostInstall scripts, most of them don’t really care about it.
The UX for packages also sucks. With DMGs you just mount and then drag to the Applications folder… even the most basic macOS users have done this.
It still has way, way more privileges than a webapp. And arguably, if you have all your valuable information in a single user account, it has the crown jewels already, no admin needed.
Indeed, it's crazy that some OSes even make this the default way of installing applications (i.e., become admin -> then install)
E.g. Unix was built around the idea that other users should not be trusted but applications can be trusted; it is becoming painfully clear that this idea is wrong.
The one thing that has come of this is that products that do this have 0.5% less friction (they can auto-update quicker), achieved this faster and with less engineering effort (no need for a clever workaround, just use the biggest hammer), and have 0.5% less customer support burden (since everyone is on the latest version all the time). As a result, this can help a product dominate their competition the way Zoom has. I say this as a security conscious person who wishes this type of app would just go away, but has worked in the industry long enough to understand the economic realities.
Honestly, this is the number 1 confounding factor for me in terms of the “app stores should be more open” argument. Sure, Apple is stifling innovation in phone applications by disallowing this type of thing, but also the Zoom app is much better behaved on iPhone because it has to be. Personally I am happy trading off some convenience for security, but I am unsure if there is a “correct” answer here. My personal hope is that VMs will become useful enough that it will become viable to have a crude per-shitty-application sandbox for folks that are security conscious. I already have done this with tools like docker from time to time, which admittedly isn’t a great experience.
Even remote control, or, in general, input interception/injection. That's done via accessibility APIs I believe, and these do need to be enabled once per app in the system preferences, and this does require root password or touch id, but a well-behaved app would not bypass that. A well-behaved app would guide you through granting it this permission in a supported way.
The only thing I can think of that Zoom needs root for is its (very helpful!) offer to restart Mac's audio subsystem when it crashes (which it does fairly regularly in my experience).
That said, it could just ask for your password at the time.
I thought the audio subsystem in Mac OS was the best of the bunch (Windows, Mac, and Linux). At least that's what I was told by my old audio geek friends that swore by Mac OS. Why would a video chat app need to be regularly restarting a crashed subsystem? Also, even if the subsystem crashed why wouldn't launchd or the kernel take care of restarting it?
Idk about latency but UX wise it has some weird limitations - you can't mark an external audio jack connected device as input or output only, with the weird result that when i connect my external microphone it considers it an output too, and automatically switches to it as output too, which of course doesn't work. Windows and Linux ask me what did i just connect and adapt accordingly.
It might be better in terms of latency (I have no idea) but it's way buggier than Windows'. Crashes all the time for me. Plus it has some stupid missing features like volume control isn't implemented for HDMI audio (it is on Windows) and you can't capture the audio output - at least without fairly extreme hacks. It's a lot easier on Windows.
I haven't used sound on Linux for a long time but when I did it was in a completely different league to Mac and Windows - in a bad way.
> I haven't used sound on Linux for a long time but when I did it was in a completely different league to Mac and Windows - in a bad way.
I am not a sound engineer. I don't do music composition. I am simply a user who wants things to work.
Sound hasn't been an issue for me in Linux (as a user) for a long time. There was a period when the audio system was replaced with Pulse, which was terrible as they published Beta software to end users, but that quickly fixed itself and we are talking 20 years ago. Linux audio has been by far the best for usability for me.
I also understand that the latency issue has been dramatically improved over the decades with the current situation with Pipewire being excellent. If it has been a long time since you have used Linux sound, then just be aware that it is not the same as it was.
My Mac refusing to adjust the volume via HDMI I assumed was a feature to push towards buying an Apple display.
It is the best, it's low latency and very stable contrary to Windows shitty high latency direct sound API which is a complete mess. So much that Steinberg had to develop some respectable universal audio drivers for windows called ASIO, Microsoft never cared about the issue.
To auto-update without requiring authentication every time. Useful for multi-user or enterprise setups where the current user may not have sudo access. Chrome and Firefox do the same thing.
After the first thing with the zoom installer and their shenanigans on MacOS a while back I refused to install the app on my devices (except for mobile where I have no choice to use the app if I have to use zoom for something) and always use it via the browsers.
I just had to (reluctantly) install Zoom on my freshly formatted MBP for some classes I'm in. The web client wasn't that reliable for me. Unless I'm totally missing something here, it let me install as non-root. The installer asked me if I wanted to install for all users or just for me. I chose just for me and it never asked for an admin password and installed to the Applications folder under my user and not the main Applications folder. There doesn't seem to be any daemons or background processes running when the application isn't open.
edit: meant this in response to some comments below about Zoom requiring admin access to install on macOS
That’s why I said “essentially” the whole point of the attack is that the installer gets “root privileges” when the user enters their password to install. It’s kind of moot if they’re actually root when it’s got super user privileges.
Stuff like this makes me downright angry. Because people not into IT think Zoom is now equivalent to online meetings and many events are held with Zoom too. Job interviews, etc. Most people don't have any idea that their software is so bad and they are a scummy company best avoided. I'm trying to let the people around me know, but mostly they don't care.
Half the options that should be on a meeting-basis are buried deep into the user settings, only accessible from the web interface, and they have confusing names and meanings. I've used lots of softwares, Zoom might be one of the worst when it comes to UX.
Teams, Google Meet, etc all seem to fall apart on large calls with participants who have questionable hardware and/or wifi. Zoom works with those same people.
This is based on my experience early in the pandemic, so it's possible the landscape has changed since then. We tried a bunch of different options at my company, because we explicitly didn't want to use Zoom, but Zoom worked like nothing else did.
"Upon arriving in the US, Yuan joined WebEx, a web conferencing startup, where he was one of the first 20 hires. The company was acquired by Cisco Systems in 2007, at which time he became vice president of engineering. In 2011, Yuan pitched a new smartphone-friendly video conferencing system to Cisco management. When the idea was rejected, Yuan left Cisco to establish his own company, Zoom Video Communications."
Agreed, Zoom does shitty things. But everything else is worse.
Zoom's UX is horrendous. My biggest complaint is it logging me out all the damn time because I switch between laptop and desktop fairly regularly. But its windowing UI also drives me nuts. Their timing and marketing was clearly excellent, but it's a shame that Teams is what's eating their portion of the pie rather than Meet.
So, your top three choices are Google (weird ties to the US state dept), Microsoft (lobbied for cloud act, acquired linkedin and github so they could join the data with mandatory windows and office telemetry) and an independent company with weird ties to the Chinese govt.
Do you really have a strong opinion about which one is the least bad choice?
> So, your top three choices are Google (weird ties to the US state dept), Microsoft (lobbied for cloud act, acquired linkedin and github so they could join the data with mandatory windows and office telemetry) and an independent company with weird ties to the Chinese govt.
> Do you really have a strong opinion about which one is the least bad choice?
I suspect that, if you're in the US or China already (which, just to say it explicitly, I recognize does not apply to everyone on HN), then you perceive a meaningful difference in whether any improper use of data will expose that data to the US, or to the Chinese, government. Even if your personal threat assessment finds no difference in those risks, then you probably at least have a strong opinion whether it's better to have your data improperly exposed to a government of whatever country, or to a private corporation.
What's wrong with the State Dept? They work on peace and diplomacy. They are probably one of the best branches of government as their job is to build international trust and cooperation and avoid wars. https://en.wikipedia.org/wiki/United_States_Department_of_St...
Same here. Particularly the windowing. On a dual-screen setup, Zoom controls go off to other places and do not stay where they were left. I've had multiple experiences of not being able to find the Zoom buttons while I'm on a call.
Second, it drops you out of meetings sometimes while you are screen sharing, and gives you no way to know. It's sporadic on my machine whether the green highlight/frame shows up on screen sharing to indicate that the content is still being shared.
Teams is full of weird bugs and strange UI, but it is the only conferencing app I've used that seamlessly transitions between devices during a meeting.
I feel most features in teams are worse than others or have major issues. These are issues I currently have with Teams:
Search results that don't allow you to go to the specific part of long conversations.
Wiki that doesn't even qualify as wiki.
Integrated calendar that automatically tries to make you join meetings you have not yet responded to (with no way to configure not to happen).
Inconsistent ability to quote reply to peoples messages.
Hap-hazard method of starting meeting recordings (anyone can do it and with the latest update they become the owner instead of the meeting organiser).
External guests can't access meeting recordings.
Inserts non visible spaces into code you paste in and does not strip it properly when copying and pasting out.
Emoji selection popup fails to load if you join a meeting with busy chat as loading new messages takes priority.
Inconsistent loading of tabs when you join a meeting, so some people cant do Q/A or look at files (but can be loaded in a separate window even whilst the meeting is running.
Bigger issues like high CPU usage (massively compared to Zoom) with lots of attendees and far more limited visible attendee screens (compared to Zoom).
At the moment obvious defects seem to be added faster than they are removed.
Teams is just so bad. If a company you're interviewing for has chosen to use Teams, what people do you think they choose to promote? What strategies to pursue? Clearly their decision making process is broken, and the consequences probably don't stop at using shitty software.
I'm exaggerating a bit, but for me Teams is a real turn-off.
Are there any other options that actually work well? At least Teams is "free", as in people already using Office365 don't have to pay anything.
We use Teams at work, and I think it's an absolute pile of crap. But whenever I have to attend meetings using other systems, the experience is pretty much never great either.
Zoom has a weird windowing system, stealing focus all the time, and shows notifications as actual windows (as opposed to using the notification system).
Google meet sometimes squeezes my webcam image for some reason. It also transforms my PC in a jet airplane.
Chime sometimes works, sometimes doesn't. Usually, it won't detect my microphone. If I refresh the page enough times, it will end up working.
Webex mostly works, but it's sooo laggy. It also needs me to have the window focused if I connect too early to a meeting and am the first one there. If it's unfocused, it will not connect to the audio, so I'm left waiting around wondering why people are always late. And it insists on showing a bunch of useless crap around the main image. I know who's in the meeting, so if they're sharing their screen, I want to see that instead of their names taking up half the screen.
At least on Mac you can tell Zoom to use Mac notifications now, and to use "dual monitor mode" even if you don't have two monitors, which seems to help.
Of all the various meeting tools, Zoom is the best, but that's damning with faint praise.
As someone who is interviewing at the moment. I won't completely dismiss the company for using Teams (and expecting the interviewee to 'cope' with the crap experience) but it immediately puts that company in the "hmm, I'll do this interview for the practice and maybe they'll surprise me" camp ...
Teams is worse than zoom certainly, but it's better than Cisco WebEx.
Slack used to be good - especially for just a background chat, but then they hid the "start a call" option away and pushed "huddles", which are far worse.
There's a solid rule of thumb that most software that is good becomes worse. Product managers have to push new features in to justify their job, if the software was 75% good before, there's a 3:1 chance that the change will make it objectively worse, and even higher chance that it will break your workflow and cause you to take cognitive load away from important things to learn how to deal with it in a new way.
Unfortunately I've noticed that "product owners" have become significantly less engaged with steering the product direction. I guess people either don't find it interesting, or they keep getting threatened by higher up and don't feel like they have enough power or own the product.
> Integrated calendar that automatically tries to make you join meetings you have not yet responded to (with no way to configure not to happen).
Oh man, that calendar is such a shitshow, and it's also not only on Teams, but also on Outlook.
It's able to detect some other conferencing software and add a "join" button, for example Webex.
But, for some reason, it systematically fails to recognize Teams links sent from a company we work with a lot. If I click the "join meeting" link inside the invitation, Teams will open and join said meeting, but it never shows the "join" button on the event in the calendar view.
Oh the quoting is absolutely appalling, but on my Mac it is the only one out of the work chats that actually supports pasting an animated gif into the chat.
> Search results that don't allow you to go to the specific part of long conversations.
This is so frustrating. How could anyone work on this feature and not realise how useless it is to see the message in question but not any of the surrounding discussion for context.
It’s horrible. Especially if you’re doing screen sharing / scribbling on screens all day. “The zoom dance” is my term for people constantly pushing those stupid little floating windows about.
We switched to zoom though because the performance was just better than anything (we tried a boat load of tools - but most of them were just shiny saas offerings on top of Chrome). Now I’m on an M1 it doesn’t matter as much, but zoom was the only thing that didn’t totally kill our machines before that.
The zoom dance is real. I very frequently find myself pushing things around in vain because I am only dedicating a portion of my brain to the task and I can never quite believe that it’s impossible to lay things out in a way that is actually usable. So there’s like a 5% mental cpu task that’s just constantly pushing things around due to this vague feeling that obviously I will find the better arrangement. It must be there, right?
Zoom UI is horrendous. But it’s also not quite as bad as teams, and everyone has learned to cope with it. So it’s the best of an absolute shitpile. Teams will remain a complete joke to me as long as I am forced to play the “try to map initials to names” game in order to figure out who is talking. I don’t know my coworkers by their initials, Microsoft. I don’t know why you can’t just show me actual names.
Meeting UI people: here is a list of questions that I find myself constantly asking myself: who is talking? Who just finished talking? Who is in this meeting? Who just joined? Who just left? If you waste an entire screen on nearly information-free user tiles and make me open a separate window to answer these types of questions (or they are impossible to answer), I hate you.
> Teams will remain a complete joke to me as long as I am forced to play the “try to map initials to names” game in order to figure out who is talking. I don’t know my coworkers by their initials, Microsoft. I don’t know why you can’t just show me actual names.
I’d say the expectation is that everyone sets their actual photo as their profile picture, that would probably solve your problem.
Most of my teams meeting take place on client organizations, where I'm a guest of the directory, or just invited to the call. I never see profile pictures, and I cant find a place to edit mine.
I'm almost willing to pay good money to someone who can explain how MS' user management works wrt belonging to multiple accounts/orgs/acive directories.
I’m not asking it to help me know them. I’m asking it to use an identifier I recognize. On earth, we use names.
And regarding profile pictures, I’d say 10% of the people I interact with on zoom have them, and 0% of the people I interact with on teams. These platforms should get over themselves and realize people aren’t spending time customizing their profiles, because it’s just not important. You’re just a tool, zoom/teams. Try not to go wild with your fantasy of becoming a “virtual town square” that is integral to all aspects of life or whatever you are telling yourself internally. First goal is making meetings less of a pain in the ass.
I’m one of those who hates Zoom’s UX. They use dark patterns to try to trick you into installing rather than using the web client. And their web UI is… not great.
I’ve had better experiences as an attendee on other software. (I think one was Gotomeeting). Works flawlessly in the browser. No dark patterns like the way Zoom tries to trick you into downloading their malware.
And the interface was superior, in my opinion. No idea how good / bad the presenter UX is, though.
Wait. Is it possible to use the Web client? I asked external people who had set up a zoom meeting to reschedule on Google meet, because I couldn't for the life of me figure out how to use their web ui.
Yes. The join via web button should join after you click the regular "join" link once. If you don't have zoom installed it will just pop up not working then you can join via web.
It's been a little while since then, but I remember downloading at least three executables, getting annoyed, And setting up a google meet event instead.
It is possible, but it misses features. For example, the thing that I ran into recently is that web zoom cannot switch between multiple camera's of another person on the call -- e.g. if they have some fancy conference room setup.
Yup. The thing I absolutely love about Zoom is how easy it is to switch between mics and output device. Every other conferencing tool needs you to go to Settings > Voice and then change it. With Zoom, just click the arrow next to the mute button, select device and voila!
I can't stand this feature, because it overrides my OS-level choice. If I select my headset as the microphone to use, then I expect it to be used. But Zoom might use a different microphone, so I need to change it there as well.
In addition, even if I select "System default microphone", that doesn't always work correctly. As far as I can tell, that option doesn't mean to attach to the default source. Instead, it means to attach to the same source that is currently bound to the default source. If I change the default source later, Zoom doesn't get moved along with it.
Some recent update of zoom and or pipewire made this absolutely broken. I need to manually go and change my Bluetooth headset source from A2DP to HSP before opening zoom or it crashes and I can't select any microphone.
It's insanely annoying. Zoom has caused more crashes ob my machine than any other piece of software.
My wife had a mixer attached to her Mac where she plugged in her phone for music and her wireless mic when she was teaching online dance classes during the height of Covid. She absolutely needed to be able to switch to the mixer which registers as a sound input device separate from system settings when she was doing anything else.
True. I keep it at "System default microphone" but its not 100% reliable. BUT, that is also the case with every other conferencing tool as well (Meet, Teams etc). At least in Zoom its easier to quickly override it when things go south.
Same issues here. I don’t care that my dock has a mic port that Zoom and Teams think they should automatically use. Use the damn system setting for my hardwired headset mic.
Really don’t know why this setting isn’t always up front and center just like the mute button. With just the default audio interface i have a few options and a lot of us have more than just the default interface.
While we are at it why can’t I control what audio interfaces are available to a specific program on a program by program basis? No, I will never want to use Steam Streaming Audio or my Oculus quest mic on a webex/zoom. Ever.
Do you mean Google Meet, or Google Meet (Original), which are two seperate apps?
Or were you you referring to Duo, which is also called Google Meet now. Or Hangouts, the other Google video chat app which also exists for some reason? Or Google Hangouts Meet, which also existed? Or Google Allo?
It's better than Google Meet because Zoom won't shut itself down in 6 months, replace Zoom with a different app with a different name, change the name, change the name again, then shut that down and repeat the cycle 6 months later.
This is the one redeeming quality of Meet, and it's worth a lot. I can click on a link that was sent to me and all the essential videoconferencing stuff will just work in my browser. Also in Firefox, regardless of what sibling says (I use it regularly on Linux and macOS).
This is a technical feat that somehiw still escapes most of the other videoconferencing platforms (except maybe Zoom, but then they try to hide it as much as possible).
What do you have against Meet? It's a better solution than Zoom. It doesn't have built in whiteboarding, granted, but for that you can use an online whiteboarding tool.
My impression is that zoom has more features. Breakout rooms, predefined set of meeting hosts etc. But having to install the app on the computer is a pain. "I'm going to join this Zoom meeting starting now." "Nope, you have to update the app first." Is not fun.
Predefined hosts is a place that is lacking. In general Meet started as a "everyone is mostly trusted" tool which is way better for office meetings so their host controls are behind (but slowly being added). Zoom is by default "only the host is trusted" which is very annoying in my day-to-day use. (For example you can't have a weekly meeting because the "organizer" is on vacation and can't start it. You can't screenshare because the host needs to approve, you can't join before the host... Most of these can be changed by default in your settings but I'd course most people in my company haven't done this so we run into problems at least weekly and need to scramble to send around a new link and hope that we manage to get everyone into the same call.
But that being said I think Zoom is still the better option for "untrusted" setups like seminars, presentations or other complex or large events. Meet is far better UX for meetings.
> Most people don’t actually care about or even notice that confusion.
You are very, very wrong:
1) Old people get very confused even when the interface changes.
2) The changes are irritating even if you know Google products
3) Change for the sake of change (someone at Google wants to get promoted) is just a waste of time, especially as the products are half baked. Maybe you are very young and your time is worthless, but most people want products that just work, with a non confusing interface. Change for the sake of change is something that busy-bodies do to prove that they are useful
4) Google has killed its own products multiple times, so at some point the stuff just stops working. Why bother using a product that will not work?
Seriously, it has been few years that everyone knows that Google does its business wrong: those on top should be removed, since it is a lot of money lost. In both of marketshare lost and lots of programmers reinventing the wheel multiple times to offer a half baked product.
Every few days I see people who cannot use Microsoft TEAMS (which has a poor interface) and I can easily see that if they used Google products, those constant unnecessary changes would make their lives miserable and make them less productive. Maybe reason why Google products are a joke in corporate environment.
I dont really use Zoom, used it mostly to see how it works - and from technology perspective it can be full of holes, but from UI perspective it is much better than the competition. Also probably wont be shut down in 3 months like Google Meet Duo Allo v5.
I find the Zoom interface UX to be terrible, but keep coming back because it’s way better in ways that matter once you’re used to that.
I’ve found that the screenshare quality in Zoom is rather strikingly better than in Meet, to the point that sharing a large screen with an editor full of text is frequently unreadable on Meet but perfectly crisp in Zoom.
Also, Zoom does some sort of background noise cancellation that is really impressive. I don’t know if other apps don’t do it, or do it worse, but it’s noticeable on calls (I use both Zoom and Meet daily). I was curious so I tested it from a coworking space recently: recording my headset mic in the open room I could hear voices, an espresso machine and some distant music pretty clearly. Joining a Zoom and doing the same and my background audio was genuinely silent.
Also the Zoom client has much better touch-ups and lighting controls. When I use Zoom now, I don’t need to use my studio lights but when I do Google Meet or any other web-based one, half my face is in the shadow and there’s no software way to fix it.
For one, Meet has consistently the worst picture and audio quality at least in my experience. I daily have about 4 or 5 zoom meetings and 1 or 2 meet meetings per week so it's not a small sample. On a day where I'm pumping out zoom meetings in perfect quality, Meet will be degrading the video to the point where I can scarcely recognize people and having audio sync problems. In the last couple of years I seldom have had "meet" meetings where at least one participant doesn't lose sync, lose audio or just get kicked randomly, where these occurrances are (anecdotally, in my experience) much less frequent for zoom. It gets particularly bad when you get above a certain number of participants.
I don't recall meet being this bad a few years ago (I used to be at a company that used it for all internal meetings) so I don't know whether some infrastructure changes have occurred to make it so.
I can actually read the code when someone shares screen and scrolls. With google meet (whichever version), when sharing small dense font, things get mighty blurry when scrolling is happening. At least for me.
In every case I get worse audio and video through Meet than Zoom, and more stuttering. And similar issues with audio and camera, especially if people have more than one.
Zoom doesn’t require an account. All you need is the meeting number and password to join a call.
And one of the recent Google meet offerings (not sure exactly which one but it was about a year ago) required an account before I could connect to the call. Perhaps it’s different now.
Meet is annoying because I have to remember to sign out or open them in a private window if I don't want to leak details associated with the current gmail account logged in.
There is no panacea here that I’m aware of. We’ve been getting pretty good mileage out of a mix of Telegram, Discord, and Google Meet, all of which I prefer to Zoom, but none are crushing this and none are optimized for big video calls like Zoom is.
Not surprisingly given it’s gamer heritage, Discord is slick and fast for many-party voice and the present/screen-share is better than I expected, but video chat needs work and there are other nags.
I have somewhat high hopes for Telegram because it usually does things well or not at all, but I also wouldn’t want to try getting 20 people in a videoconference.
I never liked in-person meetings with tons of people in the room, and one presenter, many listener video/screen broadcast is very achievable today without Zoom. Maybe it’s a hard UX problem because it’s a fundamentally flawed collaboration model, who knows.
I only use Zoom with chrome (because I don't allow their apps anywhere near me) and they are just barely usable there.
They made that very hard by pushing their desktop app. They also broke audio on Linux very often. Another long running bug is that after you've muted yourself in the meeting for long enough they start to think you did not give them microphone access and refuse to let you unmute yourself.
Quite honestly I would be love to hear an argument as to why anyone would use zoom over jitsi. I'm not trying to be controversial, and I readily admits I've only used zoom maybe twice, but I saw nothing that was better than jitsi.
I also had performance issues on zoom, but I'm willing to ignore that since most other people don't seem to mention those issue so that's probably on me.
Previous job was using self-hosted Jitsi. And it was often a trainwreck, with random disconnections, terrible video quality (and we didn’t use it very often), some people ~always displaying "connection lost" even though we could hear each other fine, some people always having connection issues and being disconnected after a few seconds. Zoom and Teams are much more stable.
Main downsides I knw of are a slightly worse codec, and in webrtc mode bandwidth needs to scale with participants so for large meetings you need to pay for hosting somehow.
Neither are reasons not to use it as a default first option.
Also matrix has voice and video now and there's big blue button.
My aunt that do remote conference a lot told me jitsi is slow and ureliable? She's not very tech savy so maybe she had a bad experience at the time when lockdown happen and the servers might have been overloaded.
Yes, we're transition firm zoom to teams, and as we're engineers, I'll sorely miss the screen annotation feature which works so well. Teams just added active anntoation and it totally sucks, the presenter can't interact with the screen while annotation is on. Sweet jesus why do that?
The main "advantage" that I can see to prefer Zoom is that Zoom ("Zhumu") is considered by the authorities in China as safe, so it's not blocked there (which is convenient if you speak to people in China).
WhereBy is no-login, no-plugin conferencing tool. Albeit expensive now (They’ve been jacking up the prices regularly and show no sign of stopping), but it is entirely possible to make extremely simple webconf UX.
Ironic that you say this. I have a MacBook pro and the zoom application just wouldn't start successfully one day, reinstalling doesn't help. But the web version and other video apps work fine.
It's a standard sequence for years now. Docker, rails, ring.. most popular things. Make it work anyhow, optimizing for best user experience, do all the bad things along. It gains popularity, some reasonable people join in making insides better. Then because of popularity it gets some scrutiny and some security holes are getting fixed. Of course, only those which could negatively impact its image.
Sometimes you end up with something quite decent, sometimes there's no one with enough power in the company who can rebuild it properly and it's just trying to make a stone out of sh.t.
If you are trying to do it properly from the start you are in a lost position. You need way more time, more money and better people to end up with something that looks the same for an average user (in most cases, for a few products it may pay off). You iterate more slowly, and you can be copied before you acquired enough user base.
I hate it. Marketing wins over merit everywhere currently.
Many people choose worse reward rather now than better reward later. It's rational in many contexts. The problem is that we are unable to jump out of these local minima.
Just as in coding, when you have a problem and you're stuck, you look for a solution. But it's very hard to learn that there's some better solution to a problem that you've already solved.
I never used Zoom. Why does Zoom need to be “installed”? Isn’t it a web application?
There are many video chat sites, all free for small groups and without the need to trust some random company that wants to execute code on your machine.
Zoom actually has in-browser WebRTC support, but they make such a concerted effort to hide this option. I can only assume they have some kind of incentive for wanting people to install a client on their machine. Tracking, analytics, metadata, who knows?
If when you join a call (without zoom installed) you click the download button, then let the zoom installer start downloading, then press the “I had problems installing” (or some phrasing to that effect) button, finally the join through the browser button appears.
Yes, you have to download the zoom installer executable every time you want to join a call.
It is a web app, there's no reason whatsoever to install the native version aside from the fact that the website uses dark patterns to obscure the existence of the web version.
Honestly, no idea. People keep suggesting Google, so it must work for some people. But every time I try it, different computers, different locations, no matter what, it’s so laggy it’s unusable.
Sorry but it's likely something is messed up with your computer or your internet connection. It works for billions of people, something is off. Google meets is not some inherently not-working piece of software.
Zoom may be kind of scummy, but the tradeoffs they made created a program easy enough for grandparents and CEOs alike to use, and that counts for something. The first time I used Zoom with some family members during the pandemic, they were audibly impressed with how easy it was, and these were people who use FaceTime regularly. The bar is reset now.
This kind of mirrors my experience, all the other apps are wonky or provide a worse experience. For example with Slack, if we (UK) video call with colleagues from the US, it's usually laggy, pixelated and delayed, so we have to use Zoom.
Why not? So that tech companies can collect more data? Because I don't see any reason why browser solutions aren't viable in the age of overpowered smartphones and 5g networks.
What does this law actually look like? What's the legislation? "You're not allowed to link to a native app from a website"? Are you saying iOS universal links - twitter.com links opening in the twitter app - should be illegal?
I don't understand how you can legislate against this without also banning a bunch of legitimate use cases.
We did it with browsers, didn't we? And we rightfully complain when MS is defaulting back to Edge after an update. Sure, LinkedIn, ask me once if I want ro use the app. Accept that I stick to the browser / website and don't make the website experience arbitarily worse on mobile just to nudge me into using your app. Same principle, and honestly a lilegit use case for cookies so that LinkedIn can remember my decision.
I gave you a reason why I think this pattern should be illegal under, e.g., the EU privacy laws. So what's your reason for believing it should be legal to force people to use an app tgat collects all kinda of tracking data about users over an equally fine browser solution?
For the longest time the web client was super glitchy (stuttering) on MacOS. Haven't used Zoom for maybe 2 years now though so things might've changed.
I live somewhere where bilingualism is really strong and we need to offer simultaneous/live audio interpretation in both languages for some important meetings, and for now Zoom is mostly the best option on the market for that, nothing comes really close.
We use Google Meet for everything but those meetings, because Google is still lacking on that aspect. At least they added breakout rooms and polls, but there's still work to do, like preconfiguring polls before the actual meeting takes place, etc.
I remember the first time I used Zoom years ago. I was interviewing with a company and they asked me to join a Zoom call. When I went to the website to install it, it seemed like a poorly branded product and I had this concern I was installing malware. When I opened it for the first time the UI felt mediocre and I was sure at the time that I had compromised my computer.
FYI, it also works on modern Chrome and Firefox (but not Safari last I checked). More CPU intensive and a few missing features compared to the native client - but does work, and even works well.
Skype was absolutely awful for many years. I'm trying to remember all the things that were bad, but I remember that they reinvented the app twice, so that everyone could only talk to people on the version of the app they were on.
They left Linux users in limbo, while Zoom worked for everyone.
They couldn't handle more than a couple of people in a call.
They also had Lync which was rebranded as Skype, so you also had other bad software masquerading as Skype which wouldn't have helped their image.
You couldn't share a meeting URL and have the call in a browser for the longest time.
They only started to try again after Zoom picked up being the default word for video calls.
By Skype getting gradually worse with every release. It is mindboggling how it is WORSE than the Skype I used 15 years ago in every way I can think of.
Until fairly recently, if you opened the PulseAudio volume control app while in a Teams call, the volume slider for the call would be labelled as Skype. That's a name that the sound-producing software hands to PulseAudio, and is reasonable evidence that Microsoft basically ripped the back-end out of Skype and shoved it into Teams and forgot to change what it thought its name was.
At some point a few years back, before Zoom was really big, Skype changed their entire UI and UX into Snapchat or Instagram... it went from an app for communicating to an app for looking at people's updates... or something? I have no idea what its objective became. I doubt Skype knew either.
Gotta thank Zoom for supplying a new excuse to not install Zoom on my Mac. I’ve been using it from iOS every time I had to and then deleting it afterwards.
If anyone asks me when I’m on my phone, I tell them I don’t trust Zoom.
I think that on MacOS there must be two layers of root. One for owners, and a lower one for Apple. What is the correct terminology for these two layers? When people say "I have rooted the device" they typically mean the lower layer, whereas when somebody becomes root by typing "sudo su", they refer to the higher layer. Which is confusing.
Zoom tries its best to make people install it. You have to click quite many times before it allows browser session.
The information is also quite hidden.
Not really. You have to click "join" and then additional hyperlink appears which you have to click once again. Yes, not super-obvious, but you don't need to click many times. I agree that this feature is not well presented, but hopefully word of mouth would help here.
As a consultant, I have to use whatever video conferencing software that the customer uses. I refuse to install any of them on my work Mac and I use the web versions.
The only video conferencing software I have installed is Chime [1].
[1] yeah I know. How do you say where you work without saying where you work.
Zoom has some of the most archaic security practices I have seen in 2022. It really practices security like it's 10-15 years behind a modern company. Almost all top-down initiatives to improve security have meant useless red tape practices such as hiding information from its own internal developers.
>Almost all top-down initiatives to improve security have meant useless red tape practices such as hiding information from its own internal developers.
That doesn't sound like outdated security practices, it sounds like unconscionable bullshit.
FWIW: This wasn't an issue on Windows Zoom. The Apollo-era Unix permissions systems that MacOS uses was the issue. More modern OS, like Windows 10 and 11, don't have this vulnerability.
This kind of stuff is why macOS 'needs' System Integrity Protection. Unlike on Linux or the free Unices, users of macOS are expected to frequently and repeatedly give a large assortment of proprietary crap root access in the form of installer scripts in their .pkg files.
The management of proprietary software is a frickin' minefield. The idea that publishers should be trusted to manage their own installations like this is madness.
Linux definitely lags behind macOS and mobile operating systems with the maturity and integration of sandboxing options for GUI apps. Hopefully Flatpak (or XDG Portals with just a policy system or something) can fill that gap for most apps in the future.
And Linux users can typically expose themselves to the same shit as Mac users with Zoom here: when they grab proprietary DEBs for Discord or Google Chrome or whatever, those can run scripts that mess with the whole filesystem or call out to the internet at install time. It's only by convention that those behaviors are forbidden in the normal repos on most distros.
I don't love that the only repository-like option that's part of the normal system is the App Store, or that it doesn't come with an official CLI. I can see how some small proprietary software authors trying to make a living might resent being funneled toward a platform where Apple takes their cut, and I empathize. But for end users, I still think centralizing app updates into one system and taking the implementation details out of the hands of app developers/publishers is the only thing that makes sense, even if that always means going with the App Store.
Sure, you can use something like bubblewrap, but it doesn’t make applications easy to sandbox. E.g. how do you sandbox an application and still make it possible to use Open/Save dialogs.
You need to use something like portals like Flatlak does. But the Flatpak sandboxing model is clearly inspired by macOS and hated by a significant portion of the Linux community.
It's way past time we accepted that all current operating systems are single user environments. Any access to the system means full access to the system.
This is precisely the realisation that is the basis of Qubes OS. The entire system is basically an admission that you cannot hope to preserve security on a system where you have users running stuff.
Just allow them to do anything, but isolate the environments such that it doesn't matter if one is compromised, because there is nothing to compromise other than the application itself.
Strongly recommended if you're willing to live without GPU support.
Researchers try to find complicated and unrealistic scenarios to exploit vulnerabilities, but do not notice an elephant in the room. Auto-update is an equivalent of a backdoor. It allows the company to upload and run any code at any user's computer unnoticed. I won't be surprised if soon governments will demand that every application having more than N users must support auto-update.
That's an unfair argument to make though. I think in practical terms an auto update on a browser like chrome prevents an enormous amount of security breeches from truly malicious, criminal actors using public CVEs for their average users. And as much as i dislike google and their privacy invasions, chrome is likely one of the most secure browsers out there and a lot of people rightfully rely on chrome's security for very important things like their online banking.
I'd rather have my mom use auto-updating chrome than having to remind and reteach her how to update chrome manually once a week.
With all the past peculiar security issues in macOS, that happen to pop up somewhere else in the months after it's "fixed", I think Apple are just as sketchy and unreliable as Zoom.
I have to admit: I hate the zoom experience. I use Chrome to avoid installing the app on my Mac. They use some dark patterns to force the app on you, but you can use zoom in the browser. However, you can’t use any backgrounds unlike google meet, which again is a way to force you into their app. These patterns alone show what kind of company you're dealing with.
But you installed Chrome even though it does the exact same thing (runs an auto update Daemon with admin privileges, at least in Windows). Meet works well in Chrome because Google just adds whatever their apps need to html5. Other companies don't have that option. Seems kinda unfair to insist that everyone uses Google's app runtime otherwise they're guilty of "dark patterns".
Yes. You're right. I don't feel good about it either. Zoom didn't work well in safari last time I tried. And avoiding zoom is really difficult these days.
I use Zoom in FF on macOS daily, and have not had any of the above issues. I fire up the Zoom meeting in a browser tab, and then flip back and forth between tabs and windows with no negative results to the Zoom tab's functioning.
Every time I have to relaunch FF after updates, the Zoom webpage forces me to download their installer (which I delete without using), and working their way through the dark pattern UI BS to get to the 'launch in browser' link to appear.
There are very few extensions that I trust, and to depend on an extension to do something as trivial as this is not worth the risk to me. This particular dark pattern isn't the darkest in the scheme of things.
The source code is literally 20 lines, very easy to audit. You can put the static download in your Mozilla folder to avoid auto-updates. It is a nice quality of life thing for me. But yeah definitely not necessary as you can always edit the URL yourself, as the extension author helpfully notes.
But that's 20 lines of code that I don't have to worry about just to get to a zoom link faster.
Let's face it, I'm about to join a Zoom call. How much faster do you really think I'm trying to get to it? This is actually one of those dark patterns I don't mind.
I read people's negative performance of FF comments, and I've just personally never experienced anything that makes me question if something is wrong. Then again, I don't use Chrome to do side-by-side comaprisons. I click a link, a page loads, I choose to read or not, and go on. That's pretty much all I expect my browser to do.
If I switch to other tab while using the Zoom web version in one tab, all the video of everyone in the call disappear when go back to the Zoom tab, it's really annoying and a dump way to nudge people to switch to the app.
i could never bring myself to trust the app, so i made a browser extension to make using the web version less painful (skips the dark pattern page where the "join from browser" link is often hidden).
its open source so if ya dont trust this installer either, grab it from GitHub, its only a few lines of code :) hopefully others find it useful:
"When Zoom issued an update, the updater function would install the new package after checking that it had been cryptographically signed by Zoom. But a bug in how the checking method was implemented meant that giving the updater any file with the same name as Zoom’s signing certificate would be enough to pass the test — so an attacker could substitute any kind of malware program and have it be run by the updater with elevated privilege."
Given Zoom’s history of “mistakenly” doing things, I don’t think your concern is completely unfounded.
The FBI have previously issued warnings[1] about Zoom “accidentally” routing calls through China and for “accidentally” allowing CCP officials to monitor and end calls made outside of China they don’t like[2].
This is just the latest “accident” we’ve found out about. You’d be a fool to think there won’t be more.
There's companies that are just bad at some parts of the business. Myspace was like that, really slow programmers, reportedly. Like implementing things the executives knew they could do and weren't that hard, took them ages.
In his essays, Paul Graham talks about this. If you are a company with no software brains at the top, the only way of getting ahold of competent programmers is luck. And business founders generally ruin their own luck.
As a developer, this silly cryptography check would be very useful during development phases to avoid signing after each compilation. IMHO, they "just" failed to replace the development code by the production code during delivery. A simple mistake ;-)
I don't see how that would be the case here. Please note that the check is performed by the autoupdate software that ships with Zoom, not by the Zoom app itself.
There is no way this is anything other than intentional. I can't imagine writing something like this in any of my code. It's "checking if the filename is correct" vs "reading from the file and verifying the contents".
You might think so, but these kinds of logical errors are in everything. Someone didn’t sit down and write “file name == certificate”, but unexpected behavior during tainted data processing resulted in that.
Even the best programmers constantly make these mistakes in large code bases.
Look at hackerone. They absolutely do. Many top-tier companies take 4-10 months to patch things that could be explicitly used for significant compromise. A company you’ve worked for has probably done it.
I don't use Zoom for a lot, but when I do it's only through my browser. They just have such a sketchy history at this point and it works fine through the browser for my limited needs.
I run it in a linux vm isolated from my mac system. It has access to the camera, network, and audio, but only when it is running. No host file system access. I just can't trust that company.
I only run it on iOS/iPadOS or on my work computer where if they don’t care enough about security to run Zoom, I am not going to be more royalist than the king.
I've become a big Google meet shill. It works great, it's easy to get people onto it, quality is quite good. I've heard it can fall apart with really big groups of people, but never had any problems up to about 10, and beyond that I don't really care.
The result is a privilege escalation attack, which assumes an attacker has already gained initial access to the target system
Contrary opinion: I'd rather have a world in which everyone is always root on their machine and trusts all their software --- regardless of how mistaken that trust can be --- than the current trend of using "privilege separation" to take away freedom and control, create walled gardens, and silo applications from interoperating with each other. I have had little care for privilege escalation "attacks" ever since I realised that in practice they are so common, and also quite harmless (or sometimes even freedom-enabling), that it's often a way to feed the security-paranoia news machine and further drive users into the increasingly restrictive regimes of non-general-purpose computing.
That said, I didn't install Zoom, but rather use a standard SIP client to join. As others have mentioned, using a browser is also possible when SIP is not an option.
And ownership. (The sentence before that suggests "root directory" here means "directory owned by root".) The permissions on the directory apply only to the file's directory entry, not the file itself.
This isn't a "subtlety", it's how it works, and no-one who doesn't understand this should be writing macOS installers.
The correct approach is to open the file for read and copy its bytes into your private area. Only then check the cryptographic signature. Just renaming into your private directory isn't enough, even if that directory has no read or execute access to other users, because the attacker could have opened the file for write access before you did the rename.