How to delete Zoom from your Mac (and why you really should)
It was inevitable this would happen.
A security researcher has identified an extremely serious vulnerablity in the Zoom videoconferencing system that lets any website open up a video-enabled call on a Mac with the Zoom app installed — even if you’ve previously deleted the software.
Time to put sticky tape on your camera
We’ve all known the future we’re building. It’s the one we wake up screaming about.
It’s a dystopia of despots in which the weak, old, young and different are thrown against the wall to feed that ancient endless tyrant hunger for hate.
And Zoom doesn’t seem to be part of the solution here…
You see, this vulnerability makes it possible to hack into the camera on your Mac. Yes, you’ll see the Zoom app – but since you didn’t request it you’re not likely to feel especially happy at that.
This Zoom vulnerability is bananas. I tried one of the proof of concept links and got connected to three other randos also freaking out about it in real time. https://t.co/w7JKHk8nZy pic.twitter.com/arOE6DbQaf
— Matt Haughey (@mathowie) July 9, 2019
How does this work?
“The Zoom app apparently installs a web server on Macs that accepts requests regular browsers wouldn’t,” says The Verge.
It’s worse than that, of course: If you uninstall Zoom, that web server persists and can reinstall it without your intervention.
It’s kind of like Google permissions for App behaviour on Android – the system just ignores what you want it to do if it feels like it.
Dystopia, right? Despotic, yeah?
“Don’t be evil?”
(Zoom has a response to the problem. It’s scant on apology. It says it did this for ‘user experience’. Uh-huh. It also neglects to tell anyone how to uninstall the application. I mark that response as F for Fail.)
So, how do you protect yourself against Zoom?
If you are ever asked to use Zoom, don’t.
If you use Zoom regularly and intend continuing to do so, you should install the latest update and in Video application preferences, enable the archaically phrased “Turn off my video when joining a meeting’ checkbox (below).
However, if you have ever used Zoom and deleted it, or just want to delete it properly, you’ll need to follow these insanely complex instructions as detailed on Medium.
(Anyone might think this was never meant to be known, given the complexity of fixing it).
If you have ever installed Zoom on your Mac, there is a web server installed on your local machine running on port 19421.
You can confirm this is present by opening Terminal and running lsof -i :19421.
“To shut down the web server, run lsof -i :19421 to get the PID of the process, then do kill -9 [process number]. Then you can delete the ~/.zoomus directory to remove the web server application files.”
Zoom should have its Apple developer license revoked in order that its application can only be installed on Macs by users willing to override Gatekeeper protection.
That way at least there would be some kind of consent.
As it is, this is simply not good enough at all. Zoom has effectively created a vulnerable backdoor that can be exploited by anyone who knows it exists — that’s bad for anyone with kids, anyone with a business, anyone who values privacy and anyone who keeps a Mac in the bedroom.
There will be some who argue that we shouldn’t over-react.
There are always some who argue this. They are wrong. A failure to act is to effectively enable this kind of poor security practise. The only way to teach tech firms what we as consumers demand is to punish them when they fail.
And use DuckDuckGo for all your search engine needs…