ICANN has announced that it will be switching from Adobe Connect to Zoom by ICANN65. See the ICANN's blog post Transitioning ICANN's Remote Participation Platform to Zoom. This wiki page will collect information about Zoom to better assist the At-Large Community use Zoom effectively.

How to install the Zoom client

Be sure to visit https://zoom.us/download to download and install the latest version of the Zoom client for Windows, Mac and Linux.

Ensuring that Zoom doesn't automatically open Zoom meeting links

On July 8 2019, a security researcher Jonathan Leitschuh disclosed a security vulnerability in the Zoom for Mac client in a blog post at https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

The vulnerability in the Mac Zoom Client allowed any malicious website to enable your camera without your permission. This was done by the Zoom Mac client installing a localhost webserver to bypass the Safari browser asking to open the Mac Zoom client when a link to a Zoom meeting was clicked. Furthermore the local webserver was still installed even if you uninstalled the Zoom Mac client that could reinstall the Zoom Mac client without any user interaction besides visiting a webpage.

In a blog post Zoom posted in response to the security disclosure (https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/) was updated several times, in response to the outcry. The July 9 patch to the Zoom app on Mac devices is live at zoom.us/download which now removes the local web server entirely, once the Zoom client has been updated and there will be a further update to the Zoom client over the weekend regarding user's preference for video on by default.

Futhermore, Apple has pushed a MacOS update to remove the undocumented webserver installed by Zoom  https://arstechnica.com/information-technology/2019/07/silent-mac-update-nukes-dangerous-webserver-installed-by-zoom/

The security researcher Jonathan Leitschuh who publicly disclosed the Zoom security vulnerability has noted that depending on your browser setting on whether to always open Zoom links with the associated app is on, a malicious webpage (that could be hidden in a iframe) can automatically launch Zoom with your camera enabled without asking. This is true for Windows as well as for Mac for Firefox and Chrome browsers.

As he noted in his tweet at https://twitter.com/JLLeitschuh/status/1149123386855104516, Here is a Proof of Concept Link to see whether Zoom will autolaunch with your camera and mic enabled : https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_iframe.html

If your browser settings are set to always these type of Zoom links with the associated app, you will be automatically launched into a Zoom conference with your camera enabled.

How to prevent Zoom from auto-opening Zoom links on a webpage

In Mozilla Firefox,

1) Click the menu button Fx57Menu and choose Options.

2) In the General panel, go to the Applications section.

3) Search for the Content Type zoommtg and select it.

4) Click on the Action column in the zoommtg row to change the action to "always ask"

In Google Chrome,

This is harder for Google Chrome which saves such settings in a preferences file which isn't accessible from the browser.  From https://support.google.com/chrome/answer/114662  :

"Chrome allows external applications and web services to open certain links. For example, certain links can open a site like Gmail or a program like iTunes. If you set a default action for a type of link but want to delete it, clear your browsing data (https://support.google.com/chrome/answer/2392709) and select "Cookies and other site data."

Here's the more "hacky" way (courtesy https://gist.github.com/karanlyons/1fde1c63bd7bb809b04323be3f519f7e ):

1) Navigate to chrome://version/ and find the path listed under "Profile Path".

2) Quit Chrome, open that directory, and then open the "Preferences" file. This will appear be a long line of text in a text editor.

3) Look for the string "zoommtg":false or "zoomrc":false. If it either exist, remove them. If there is a comma immediately after either string, remove it as well.

4) Save the file.

Test to ensure your browser no longer auto opens Zoom weblinks in Zoom

Visit Jonathan Leitschuh's Proof of Concept page at https://jlleitschuh.org/zoom_vulnerability_poc/zoompwn_iframe.html

This is what you will see in Mozilla Firefox :

Mozilla Firefox prompting whether to open Zoom client

and this is what you will see in Google Chrome :

Google chrome browser asking whether to open Zoom link in Zoom client

Do NOT select "Always Open these type of links in the associated app" in Google Chrome or "Remember my choice for zoommtg links" in Mozilla Firefox.

Lastly, if you have a computer or mobile device with a camera (what device doesn't?), consider getting a webcam cover which will physically cover the camera lens on your phone camera,  laptop camera or webcam camera when not in use.

Related articles

Questions to ICANN regarding Zoom

Zoom Features Chart (3rd April 2019)