How to use Zoom safely on Linux

Usage of video conferencing apps such as Zoom has boomed due to the coronavirus crisis, and many worry that it might be doing more than just letting you have calls.

Zoom does not have end-to-end encryption, so there is no way to prevent them from keeping and using your call data, handing it to NSA and whatnot. However, you can at least make it harder to snoop around your computer by sandboxing the app. You can prevent it from accessing more files or processes than it needs.

Firejail, developed by the GitHub user netblue30 allows you to restrict the running environment of any program, and even lets you fine tune it:

Firejail is a SUID sandbox program that reduces the risk of security breaches by restricting the running environment of untrusted applications using Linux namespaces, seccomp-bpf and Linux capabilities. It allows a process and all its descendants to have their own private view of the globally shared kernel resources, such as the network stack, process table, mount table.

Programs can choose to keep their configuration in a different places, and access different resources on your computer. Sandboxing a program effectively thus requires fine tuning, depending on what the program needs to access. For that reason, Firejail’s creator and its community added configurations for many commonly used programs, so that they run with the most efficient sandboxing out-of-the-box. Here is the configuration for Zoom.

You just have to install Firejail — the instructions are in the README. After that, you can run Zoom in a sandboxed mode by typing in your terminal:

firejail zoom

It loads the profile for Zoom and runs it automatically. You can feel safer, now that it’s only your call records, and not all the files on your computer Zoom can have access to.

Note: Use Firejail at your own expense. I have discovered it only recently, and don’t know more than the fact that it probably does what it advertises itself to do.