TransWikia.com

Install and run Zoom Client inside a sandbox

Ask Ubuntu Asked by Pablo Bianchi on December 20, 2020

With COVID-19 pandemic there was a boom of video conferencing. Although there are good free and open source alternatives like Jitsi (with e2ee coming soon), Zoom became popular. Is not a secret that have some privacy issues (EFF, ProtonMail Blog, The Guardian, The Verge).

For the ones forced to install it, it would be nice to have a friendly way to install it and run it without giving up privacy so easily. Maybe using it inside a sandbox like firejail (there is a zoom profile), selecting file system access.

If installed using snap package: It’s worth noting that even removing "Play and record sound" from Permissions on Ubuntu software it’s still can play and record sound. IMO a serious security bug on snapd/snappy/snap-store. Maybe this wouldn’t happen on Wayland?

Also, audio-record connection (AKA interface) shouldn’t auto-connect, but people behind snap store override this rule on purpose.

screenshot

One Answer

Zoom is available as a Snap: snap install zoom-client

Snaps are confined to their own filesystem using squashfs loop mounts and AppArmor rules. However, Zoom needs routine access to quite a lot of your hardware (USB ports, audio, screen, camera, network) in order to be useful. Also, the application needs to be detectable by others on the system (so e-mail invitation links work). So complete sandboxing seems a challenge.

Some problems with Zoom (like the ability to bruteforce an access code) are outside the OS' control.

Answered by user535733 on December 20, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP