Install and run Zoom Client inside a sandbox

Question

With COVID-19 pandemic there was a boom of video conferencing. Although there are good free and open source alternatives like Jitsi (with e2ee coming soon), Zoom became popular. Is not a secret that have some privacy issues (EFF, ProtonMail Blog, The Guardian, The Verge).
For the ones forced to install it, it would be nice to have a friendly way to install it and run it without giving up privacy so easily. Maybe using it inside a sandbox like firejail (there is a zoom profile), selecting file system access.
If installed using snap package: It's worth noting that even removing "Play and record sound" from Permissions on Ubuntu software it's still can play and record sound. IMO a serious security bug on snapd/snappy/snap-store. Maybe this wouldn't happen on Wayland?
Also, audio-record connection (AKA interface) shouldn't auto-connect, but people behind snap store override this rule on purpose.

user535733 · Answer

Zoom is available as a Snap: snap install zoom-client

Snaps are confined to their own filesystem using squashfs loop mounts and AppArmor rules. However, Zoom needs routine access to quite a lot of your hardware (USB ports, audio, screen, camera, network) in order to be useful. Also, the application needs to be detectable by others on the system (so e-mail invitation links work). So complete sandboxing seems a challenge.

Some problems with Zoom (like the ability to bruteforce an access code) are outside the OS' control.

Install and run Zoom Client inside a sandbox

One Answer

Add your own answers!

Ask a Question