The latest outcry on Zoom’s privacy weakness is another illustration of the challenge with architecting software properly. This is not the first one though, Zoom should know. Last year there was a well publicised security vulnerability in Zoom client, which they promptly patched to some degree. At the time as I looked at what was going on, clearly someone hadn’t thought about the implications of allowing a client app to install additional software without warning the user never mind asking the authorisation.
This time the issue stems from using third-party component in building your software without vetting what the component actually does. Zoom is certainly not the only one, just a case in point worth mentioning. Incidentally, as I attempt to read Zoom’s own response to this particular issue, I get greeted with their GDPR prompt that defaults to putting the maximum amount of ad cookies in my browse (hilarious):