12 comments

[ 6.1 ms ] story [ 67.6 ms ] thread
Any non free software tool (or open source), USA on Chinese, would be a risk, no?
An interesting thing to also note is that their public signing key has a typo on it ("Zoom Video Communcations", missing an 'i' in 'Communications'). It might be a benign mistake, but as an occasional tin-foil hat wearer, this raises some flags.

I reported it a couple of months ago, but the initial support rep. didn't seem to know much about cryptography. I forgot to reply then, but seeing this article pushed me to remind them to look into it with an explanation and request for escalation.

This means nothing for TLS,but a bit suspicious for code signing
(comment deleted)
Putting R&D in China is basically asking the question, "can I make more money before an employee expatriates my product?"

Interesting thing about zoom though is that the technical side of it doesn't seem particularly complex so I guess their value is their enterprise customers and aversion to change.

Also if someone at zoom can answer this for me: why do you require a desktop app to function? Can you please kill it if you're only going to legitimately support windows? Just use a webpage.

A desktop app is able to access much more of your local system than a web page, so... :-)
I’ve never had an issue with their MacOS app, what do you mean by “only.. legitimately support windows”?
What exactly is the point of this article? It ended and I don't understand what this guy is trying to communicate
(comment deleted)
So what? What point is the author trying to make? Do we need a followup expose revealing what language the code was written in?