Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: Can I trust Zoom, the video chat app?
3 points by GolDDranks on March 28, 2020 | hide | past | favorite | 4 comments
I wouldn't normally ask this kind of a question at HackerNews about any random app, but I've noticed that an application called Zoom has gained a tremendous amount of adoption recently; no doubt about the recent coronavirus pandemic playing a role.

I tried to install this app on my Mac today, out of necessity. I noticed two suspicious things:

a) The app is distributed as a .pkg installer, which is normally used only for stuff that requires special permissions or doesn't make sense as a runnable application, such as a user space filesystem or a kernel extension.

b) The installer warns me about the installer "inspecting whether the package can be installed on the system or not" and clicking OK, the installer doesn't run the normal steps any normal macOS installer would, it just quits. However, it does end up copying Zoom.app under /Applications.

This seems very suspicious for just a chat application. Such an application shouldn't need any of this to be distributed or installed.

1) Is there anything fishy going on with Zoom?

2) How can I be sure that even if there isn't anything fishy with the current version, the next version doesn't do anything more fishy? (= even if someone I trust says that it's OK, how should I continue trusting them?)

3) Why does it install like it does?

4) Should I boycott it? (My default stance at the moment is: yes, if I could.)

5) P.S. and TL;DR: How can I be sure that I'm not installing a piece of malware? I'm not asking about my privacy of communications while using the app, but just about the installer or the app doing malicious things in general.



Nope. If you can not review/audit the code and compile it yourself you basically can not trust it.


There are some simple ways to use Zoom in the browser and to avoid installing the client

This thread from Tuesday includes details of browser extensions and other strategies https://news.ycombinator.com/item?id=22659216


No. Zoom can't be trusted. When I have to use it I assume that they are spying on me.


Thanks for the reply! ...but that's not what I was actually asking. It seems obvious that I can't trust an app, that does anything opaque, to keep my secrets. I'm not using it to keep my secrets.

What I am asking, is: is there any funny business going on with the app installation on macOS? Can I be sure not to expose my system to risk, by just _installing_ this application?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: