Zoom screen sharing security setting

[Fluke]

Since I've had the new MacBook I've been unable to share my screen during zoom calls, I don't use zoom all that much so didn't get round to checking whatever box needs to be checked in security settings to enable it. I've just done a little test run, started a meeting, clicked on share screen and was prompted to go to my settings which I did. By switching the setting to 'on' I am agreeing to the following which I didn't feel very comfortable with.

Allow the applications listed below to record the content of your screen and audio, even while using other applications

There's only the one app listed - Zoom. There's no option to restrict it to 'only while using the app', or anything else.

If you switch it on you're asked for your Touch ID, I suppose I could just switch it on for the duration of the call then try to remember to switch it off again.

Anyone else have worries about this?

[Infrasonic]

You might be able to script something as a desktop/Kbd shortcut to turn it on and off as required, have a look at the Mac forums and see if anyone has already written something for Zoom.

[mc2fool]

I don't have and am not familiar with the Mac, but I'm not sure I see the issue.

It seems from your description that the Mac allows you to control which apps can access the screen (and not just their window in it).

Well if you want to share your screen in Zoom then it clearly needs to be in the list of apps allowed to do so -- and equally clearly Zoom has to be running for it to do so, so you will be "using" it.

But the whole point of sharing your screen is not to share your Zoom window but precisely to share other applications. Most commonly PowerPoint or some other similar slide presentation program. Or a browser showing some YouTube video. Or Acrobat showing a PDF you want to discuss. Or .... etc.

If your concern is about recording, well, once an app can read the screen it can, if it chooses, record it. Whether it does or not is up to it but having given access to read it you can't prevent it recording it. And that's true of shared screens at the "audience" end too. It always amuses me that Zoom presentations often have recording disabled, but that only stops it being recorded by the viewers within Zoom. Once the pixels are on my screen I can record them locally anyway.

BTW, I don't know about Mac Zoom but when you select Share Screen on Windows Zoom it lets you choose to either share the whole screen (except, cleverly, the Zoom window, unless you've enabled that) or a specific window. So you can share just your PowerPoint presentation while not letting on that you're also watching some porn site at the same time...

[Fluke]

I don't have and am not familiar with the Mac, but I'm not sure I see the issue.

It seems from your description that the Mac allows you to control which apps can access the screen (and not just their window in it).

Yep, I believe this is the case, Zoom is the only app listed for me though.

Well if you want to share your screen in Zoom then it clearly needs to be in the list of apps allowed to do so -- and equally clearly Zoom has to be running for it to do so, so you will be "using" it.

Well that is the bit I wasn't quite clear about, but since you put it like that, I think you're right. It was the wording "even while using other apps" that threw me a bit.

But the whole point of sharing your screen is not to share your Zoom window but precisely to share other applications. Most commonly PowerPoint or some other similar slide presentation program. Or a browser showing some YouTube video. Or Acrobat showing a PDF you want to discuss. Or .... etc.

Yup. Agreed.

If your concern is about recording, well, once an app can read the screen it can, if it chooses, record it. Whether it does or not is up to it but having given access to read it you can't prevent it recording it. And that's true of shared screens at the "audience" end too. It always amuses me that Zoom presentations often have recording disabled, but that only stops it being recorded by the viewers within Zoom. Once the pixels are on my screen I can record them locally anyway.

Nope. That wasn't my concern.

BTW, I don't know about Mac Zoom but when you select Share Screen on Windows Zoom it lets you choose to either share the whole screen (except, cleverly, the Zoom window, unless you've enabled that) or a specific window. So you can share just your PowerPoint presentation while not letting on that you're also watching some porn site at the same time...

What could possibly go wrong But yes you can choose particular things open on your screen to share just as with Windows machines.

Thanks for putting my mind at rest.

[formoverfunction]

I believe Zoom has a very iffy history on Mac's. In the early days it created a permanent background media server that was exploitable. It just kept running even after you'd quit the program itself.

I've got in to the habit of running Zoom sessions in a VM. And only in a VM (virtual machine).

Since then Mac's have got much more secure and require users to actively grant permission to access the file system. As you note.

I still avoid Zoom when ever possible.

There is one available in the App store, VM, that works very well. There is charge for it, but there's also a free version if you install it from the providers website.

UTM runs Linux very well indeed and I've used it for Alpine, Ubuntu and Fedora. I try to install as few as possible programs, even from the app store. If there something I really need that Apple doesn't provide I fire up a VM.

Even then I don't install Zoom, but run it from a sandboxed browser.

On a general note, I think a Raspberry Pi makes a very good companion machine for all those tasks that you might have to complete and helps in avoiding installing lots of software directly on your main devices. A VM and Raspeberry Pi make for a decent addition layer of security.

https://www.digitaltrends.com/computing ... e-for-mac/

The exploit was discovered by Patrick Wardle https://objective-see.org/about.html

Patrick is a well know Mac security specialist https://twitter.com/patrickwardle

Mine offer a privacy focused proxy server, VPN, meta search engine and very stripped down operating system to provide as flat attack service as possible. I even run chaff on occasion.

https://adnauseam.io/ and https://www.trackmenot.io/ make for very noisy networks. Offering a level of obfuscation.

Personally, I loathe Zoom and Eventbrite.

[formoverfunction]

That digitaltrends article is horrifying. Zoom sat on, and ignored, Wardle's findings not believing the ex-Nas technician and doubting his research.

Holes that could allow superuser control and hijacking of both the camera and microphone.

[Infrasonic]

...Holes that could allow superuser control and hijacking of both the camera and microphone.

Many laptops (and a few smartphones) now come with hardware switches for cameras and microphones - the above is a good reason to get one and have them switched off until needed. For desktops have a dumb monitor and a third party camera / mic unplugged until you need.