Re: Zoom- best practice?

To: debian-user@lists.debian.org
Subject: Re: Zoom- best practice?
From: Alex Mestiashvili <amestia@rsh2.donotuse.de>
Date: Sat, 6 Jun 2020 13:06:02 +0200
Message-id: <[🔎] e02d456d-246f-edf3-9d35-69bf50d9cd94@rsh2.donotuse.de>
In-reply-to: <[🔎] cone.1591395208.532026.9631.1000@pte5>
References: <[🔎] bc32e57d-e66c-f507-ba18-90025b8e50e9@sdi-baja.com> <[🔎] cone.1591395208.532026.9631.1000@pte5>

On 6/6/20 12:13 AM, Linux-Fan wrote:
> Peter Ehlert writes:
> 
>> Family is using Zoom, International.
>> They will use Zoom, and I need to participate.
>>
>> I use Debian Mate Stable, and Firefox ESR
>>
>> I am concerned about security, duh!
>> Looking for ideas.
>>
>> my current thoughts, in order of preference:
>>
>> 1. Use a separate Debian alongside my daily driver, and use Only for the Zoom
>> meetings
>>
>> 2. Sandbox? (but how can I do that?)
>>
>> 3. Use a different browser
> 
> [...]
> 
> Hello,
> 
> best practice is certainly using different software (Big Blue Button has been
> mentioned, Jitsi works OK for small groups, say ~10 persons, too), but there are
> cases where I am not asked to decide the software. At least, Zoom works on Linux
> whereas e.g. Skype for Business doesn't despite claiming to have a „Web App“?
> 
> I am also using Zoom (not by preference, see above) and thought about ways to
> isolate it for which I basically came up with a similar list to yours. Here is
> what I did so far:
> 
> * Zoom inside a VM works well here. I use Virt-Manager + KVM and
>   audio works flawlessly without the need for much additional configuration.
>   I only added this line to .config/pulse/daemon.conf:
> 
>     flat-volumes = no
> 
>   This makes sure that opening the VM does not reset volume back to 100%
>   which is dangerously loud on my sound card, see
>   <https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674936> :)
> 
> * As a fallback solution, I setup a sandbox for chromium using firejail
>   (package firejail) with a custom profile (attached for those interested).
> 
>   If you do not like the VM approach, you might consider a sandbox around
>   the zoom client. Of course, it is possible to use the sandbox inside the
>   VM, too. I doubt the added security of combining VM+sandbox is worth the
>   added complexity, though.
> 
> Using an entirely different system is certainly an option security-wise (if
> network isolation is considered properly), but might have some additional
> practical limitations.
> 
> HTH
> Linux-Fan


Thanks for sharing firejail profile, however doesn't it work in the browser?
It is really hidden though, but if you decline 2 times software installation in
the Chrome you get a link to join zoom via browser. That's what I had to use a
couple of times.

The best practice is to avoid installing zoom debian package at all. Btw BBB is
also far away from a secure platform imho.

Reply to:

Follow-Ups:
- Re: Zoom- best practice?
  - From: <tomas@tuxteam.de>

References:
- Zoom- best practice?
  - From: Peter Ehlert <peter@sdi-baja.com>
- Re: Zoom- best practice?
  - From: Linux-Fan <Ma_Sys.ma@web.de>

Prev by Date: Re: Problem Installing Debian
Next by Date: Re: Kio
Previous by thread: Re: Zoom- best practice?
Next by thread: Re: Zoom- best practice?
Index(es):
- Date
- Thread