:: Re: [DNG] Zoom?
Top Page
Delete this message
Reply to this message
Author: Martin Steigerwald
Date:  
To: dng
Subject: Re: [DNG] Zoom?
Hi.

Haines Brown - 04.08.20, 01:58:26 CEST:
> I've been relying on zoom on a laptop runnding debian. But there's a
> problem with it and I want to install zoom on beowulf 3.
>
> But there's no zoom in the beowulf repository. Do I have to download
> debian's zoom .deb?


I used flatpak to install Zoom.

Still on Debian for this one laptop, but on Debian with runit as PID 1,
and with elogind, so I bet this will work on Devuan as well.

Advantage 1: you can use flatpak permission to restrict what the
application can do cause it runs in a kind of container. There is a
github issue on flatpak, as the default permissions are that is can
access all of $HOME¹. But that is completely unnecessary as pointed out
in the bug report. I used Flatseal, another app I installed with Flatpak
to restrict its permission to "Other files" to:

xdg-documents/Zoom

(that is where is puts whiteboards and so on)

You need to switch off access to home directory in Flatseal for this to
have any effect.

I also told it to make

.zoom
.config

persistent. This is so I do not have to configure it again every time.

However, as I found it stores some ID in an SQLite3 database that may be
used for tracking, I delete that database from time to time.

If you contain Zoom in that way, those configuration files are in

~/.var/app/us.zoom.Zoom

Nothing is stored directly in your home directory anymore, all is in
that directory above.

That code that apparently is used for tracking is in zoomus.db:

% ~/.var/app/us.zoom.Zoom/.zoom/data> sqlite3 zoomus.db

sqlite> .dump
INSERT INTO zoom_kv VALUES('tracking.code.join.meeting','{nnnn-nnnn-
nnnn-nnnn-nnnnnnnnnnnn}','ZoomChat');

I am not sure whether that is used for any purposes that does against
the user though, but nonetheless occasionally I delete the file or just
drop the tracking code in sqlite with something like this

sqlite> DELETE FROM zoom_kv WHERE 'tracking.code.join.meeting' NOT NULL;

I contacted Zoom privacy support, but they did not reveal anything on
the purpose of that tracking code. So far Zoom privacy support has been
not helpful, they claimed I do not have an account with them. Which is
right, however, as I still use it (with others who have accounts), I am
still eligible for GDPR requests like asking whether they do any
tracking or so.

I am pondering to just remove the persistency as I do not use Zoom all
that often and can set it up again quickly each time.

Advantage 2: Easy updates. As far as I am aware Zoom does not provide
any Debian repository, so you'd have to check for updates for yourself.
With flatpak you can just use "flatpak update".

Advantage 3: Installing Flatpak packages works with user rights. They
elevate privileges in the background during installation if you choose
to install the Flatpak systemwide (which seems to be the default).
However it may be that they do not let any maintainer scripts run with
root rights. I am not completely sure of that.

Disadvantage would be that some of the dependencies of Zoom are either
installed with a runtime Flatpak or directly with the Flatpak, like in
the case of Zoom, Qt, instead of Devuan/Debian packages. For security
you need to rely on the maintainers of the Flatpak. And there people
with critique about Flatpak security². I usually receive a Zoom update a
month at least though.

This could also be an advantage in case you like to avoid pulling in
additional dependencies in your main system.

The other option indeed it to use the Debian package you referred to. I
used that as well until I found about the Flatpak stuff.

And of course you could say that this, again, is stuff from Red Hat. I
don't mind as I do not judge the software solely from where it comes
from. While Zoom has far too many permissions by default in Flatpak, if
you install it as deb it can do everything it can do with user
privileges unless there would be some AppArmor profile or so which I
doubt would be in the official Debian package from Zoom. So every
restriction you place upon it by using Flatseal for example is something
you do not even have when installing it as a deb.

Another disadvantage is that you need to have some initial configuration
for the user for the additional comfort to be able to use the 'flatpak'
command directly. I forgot what it was and I do not find it right now,
but it is explained the first time you run the commend.

[1] https://github.com/flathub/us.zoom.Zoom/issues/18

[2] https://flatkill.org/

Best,
--
Martin