An interesting thing to also note is that their public signing key has a typo on it ("Zoom Video Communcations", missing an 'i' in 'Communications'). It might be a benign mistake, but as an occasional tin-foil hat wearer, this raises some flags.
I reported it a couple of months ago, but the initial support rep. didn't seem to know much about cryptography. I forgot to reply then, but seeing this article pushed me to remind them to look into it with an explanation and request for escalation.
Putting R&D in China is basically asking the question, "can I make more money before an employee expatriates my product?"
Interesting thing about zoom though is that the technical side of it doesn't seem particularly complex so I guess their value is their enterprise customers and aversion to change.
Also if someone at zoom can answer this for me: why do you require a desktop app to function? Can you please kill it if you're only going to legitimately support windows? Just use a webpage.
12 comments
[ 6.1 ms ] story [ 67.6 ms ] threadI reported it a couple of months ago, but the initial support rep. didn't seem to know much about cryptography. I forgot to reply then, but seeing this article pushed me to remind them to look into it with an explanation and request for escalation.
https://techcrunch.com/2019/07/10/apple-silent-update-zoom-a...
Interesting thing about zoom though is that the technical side of it doesn't seem particularly complex so I guess their value is their enterprise customers and aversion to change.
Also if someone at zoom can answer this for me: why do you require a desktop app to function? Can you please kill it if you're only going to legitimately support windows? Just use a webpage.