1 |
On Wed, Mar 25, 2020 at 9:06 AM Jorge Almeida <jjalmeida@×××××.com> wrote: |
2 |
> |
3 |
> On Wed, Mar 25, 2020 at 12:56 PM Alec Ten Harmsel |
4 |
> <alec@××××××××××××××.com> wrote: |
5 |
> > |
6 |
> > On Wed, Mar 25, 2020, at 08:54, Jorge Almeida wrote: |
7 |
> > > On Wed, Mar 25, 2020 at 12:42 PM Michael <confabulate@××××××××.com> wrote: |
8 |
> > > > Have you looked at using WebRTC with Zoom, rather than installing their code |
9 |
> > > > on your PC? |
10 |
> |
11 |
> > WebRTC is a web standard. You should be able to use Zoom in-browser, without downloading the application. |
12 |
> > |
13 |
> OK. But it seems to offer limited functionality: |
14 |
> https://support.zoom.us/hc/en-us/articles/115005666383-Show-a-Join-from-your-browser-Link |
15 |
> |
16 |
> (And will it be safer that the application?) |
17 |
> |
18 |
|
19 |
Web tabs are fairly highly sandboxed in most browsers. Suffice it to |
20 |
say something running in a web tab isn't going to be spying on your |
21 |
process list/etc. |
22 |
|
23 |
An application can basically do absolutely anything you can do from a |
24 |
shell unless you've done something to contain it. Running it in a |
25 |
container would obviously be one way of containing it. Running it |
26 |
under another UID would be another, though users can generally see all |
27 |
the processes in the system and read any file that is world-readable. |
28 |
|
29 |
I'm not sure how the flatpak version of zoom that was mentioned |
30 |
earlier is packaged. I believe flatpak is container-based, but I |
31 |
haven't used it and I can't speak to how well-contained it actually |
32 |
is, either in general or in its implementation of this particular |
33 |
application. In theory they could make it very secure, but that |
34 |
doesn't mean that they did. |
35 |
|
36 |
Oh, and keep in mind that X11 itself isn't the most secure piece of |
37 |
software in existence. In particular any window on your desktop can |
38 |
spy on the keyboard input into any other window on your desktop, |
39 |
unless you're employing protective measures that nobody actually |
40 |
employs outside of maybe pinentry (I haven't checked that one and I |
41 |
forget if it is completely modal - as in you can't type in any other |
42 |
x11 window while it is displayed). |
43 |
|
44 |
-- |
45 |
Rich |