Closed Jakethethird closed 3 years ago
Fuseteam
commented
3 years ago the zoom-client snapoffers the same security advantages as every strict confined snap particularly you can control what zoom has access to using snap connections. snaps are run inside of lxd containers iirc
Jakethethird
commented
3 years ago I was trying to understand this - this snap doc seems to explain how it works (although I am not really well versed in this). I guess how the snap is configured by the developer determines the level of security and the user can then change permissions from the default. My understanding is that a) when run as a snap the zoom binary does not have root access to the system and b) access to the home folder can be easily denied by the user. To me, this seems to be a major advantage of the zoom-client snap over the .deb downloaded from the zoom website. The interest in zoom with increased privacy is clear from the daily Reddit threads asking how to run zoom "securely" on Linux. Hence my suggestion that the security advantages of running zoom-client could be added to the readme file. Currently the emphasis is on ease of installation and updating.
ogra1
commented
3 years ago here you go :)
Fuseteam
commented
3 years ago Ah cool
In the readme.md file, you describe this as a "repack". Apart from the advantage of continual updates, is zoom running in a very sandboxed mode? In other words, are there additional security advantages to zoom-client over installing the .deb?
My question arises from having previously run the .deb with firejail where it is possible to isolate the program to some degree. Does zoom-client provide these same advantages? If so, the readme file might be expanded slightly to explain this advantage.
Furthermore, access to the user home folder can be denied via the snap permissions. As the snap is set up, will this break the functioning, or just prevent sharing of a user's files (e.g. screenshare)?
Thanks.
(great project!)