用 Flatpak 跑 Zoom,限制 Zoom 的存取

昨天在 Hacker News Daily 上看到的討論,有人發現 ZoomLinux 版掃了所有 process 的資訊:「Ask HN: Why does Zoom Desktop examine all processes and arguments?」。

twic 給了個建議,用 Flatpak 在 sandbox 裡面跑 Zoom:

I run Zoom from flatpak, which runs it in a container, and sandboxes it to some extent [1]

This probably explains why, when i try to screenshare a single application window, not every application shows up! I can share my browser, file manager, and various other things, but not windows for games started by Steam.

[1] I followed these instructions https://www.mayrhofer.eu.org/post/zoom-flatpak-sandboxing/

測了一下沒什麼問題,應用程式安裝完後可以直接用 flatpak run us.zoom.Zoom 跑,但如果想要直接在 launch menu 叫出來的話 (在 Xfce 叫 whiskermenu),需要重開機 (看起來至少要 relogin)。

應該就會先暫時這樣,稍微擋一些 Zoom 可以看到的資訊。而且 Zoom 本身的安裝一直都沒有更新機制,透過 flatpak 包起來反而可以跑 flatpak update 更新,目前感覺應該是 Z >> B...