In 2020 a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft led to a company-wide prohibition on using anything other than Teams "for security reasons" where i worked.
This was, I am almost certain, inspired by Microsoft corporate sales getting their hooks into management.
This was largely because of news stories like "end to end encryption doesnt really work as advertised" and "if you leave a room password unprotected bad people will enter". The level of press coverage was off the scale compared to what Teams got for far worse issues.
> a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft
Zoom had and continues to have a significant developer presence in China. Those individuals are subject to CCP coercion. There was also a time when they routed American calls through the mainland [1]. That has been fixed. But it remains excessive to cast all past criticism of Zoom as Microsoft's work.
Don't forget about the time a Zoom software engineer conspired with China's intelligence service to identify and harass dissidents residing in the US. The engineer is currently wanted by the FBI: https://www.justice.gov/opa/pr/china-based-executive-us-tele...
For all my harsh criticism of both Microsoft and Google I wish them well: I want them to tidy up and become trustworthy.
Because the alternative where China becomes world leading is actually worse.
For all their warts Americans and American companies have done much good and gotten way more criticism for their faults compared to others.
That doesn't however mean that they should get off the hook easily, only that we should work to put them in an position were we can actually trust each other.
I remember when they stories came out they were released in a suspiciously coordinated way. Once one died off another was released to build up momentum again and keep the idea humming in the public consciousness.
I figured that it was done by a big party that had a trusted relationship with tech journalists because they bigged up vulnerabilities that were relatively minor to journalists who didnt seem to be aware of it.
It's possible it wasnt Microsoft but the pattern of stories indicated Zoom was a public relations target of someone who freaked out after seeing how fast they were growing and MS certainly took full advantage.
The pattern of stories indicated that it was a thing that got attention, so people went digging for whatever they could find and push. You don't need a conspiracy for something to get way more attention than others.
I am not trying to say Microsoft did anything unlawful. However, I am suspicious that these events in 2020 were coordinated.
I remember we knew about Zoom vulnerabilities in 2018 as well but I rarely used video conferencing and definitely not for "daily stand ups" however, I wouldn't discount Microsoft tried its best to "educate" reporters.
No conspiracy required, just change "party" to "parties" and "someone" to plural "people".
Zoom went from interesting tool to de facto worldwide standard in about two months. I'm pretty sure that in the offices of Microsoft, webex, goto meeting etc there was a collective WTF from leadership and people were instructed to find weaknesses. It doesn't follow that there was collusion or an evil conspiracy.
I was thinking of posting the "end-to-end encryption that wasn't" but it was already mentioned in the article.
Security flaws in a product are part of the life cycle, unavoidable and might be accepted as long as proper and timely response is taken. That's due diligence. But lying about security? That's not even negligence.
A link preview vulnerability in Teams vs a backdoor for China. I choose the vulnerability!
At work we were briefed in detail by spy from CSIS to avoid Zoom. I trust the Canadian spy before a trust I company with CCP ties.
The only thing I can add from that briefing is avoid Zoom, Huawei and product from Facebook, use Telegram if you can and Teams or Google current messaging solution if you can't.
I guess I misremebered it migth have been signal or matrix ... I am sure about the informal recommendation of things to avoid but I'm not so sure anymore about the informally recommanded list of things to use ...
What’s remarkable, to me, is how publicized these issues in Zoom became vs other software. Google also seems to have pointed their vulnerability researchers at it. I remember thinking at the time they were getting a lot more scrutiny than most software in that realm, which has the same types of issues. Maybe it just entered the public Zeitgeist and it’s all a coincidence, but as a long time infosec consultant that does vulnerability research I found it curious at least.
My take on it at the time was that while technically more knowledgable people were all happily having video calls in-browser for free, less tech savvy people were, by the millions, excitedly installing a pretty ropey app with root privileges and a whole bunch of vulnerabilities. It felt like a very necessary step when the normies thought they were entering the matrix.
> In 2020 a rash of anti-zoom propaganda that I'm almost certain was driven by Microsoft led to a company-wide prohibition on using anything other than Teams "for security reasons" where i worked.
It was not propaganda. There was no privacy protection. I work for a K-12 and there was literally no way to configure Zoom such that it wasn't a massive FERPA violation waiting to happen. There was originally no way to gatekeep entrants to a virtual Zoom classroom. It even earned it's own term: Zoombombing [0]. It was completely unsuitable for use. It's like it was designed for the Internet of the 1990s.
The only way we figure that so many districts were using it was:
1. It was free when basically nothing else was.
2. There was no time to evaluate alternatives when the pandemic started.
3. They were hoping nobody was looking too closely.
4. They didn't properly evaluate Zoom or they just didn't tell anyone how Zoom didn't ensure privacy.
It was the only accessible solution that supports a large number of participants and features easy enough installation. Teams was far more limited than Zoom and might still be.
Yeah, people at start of pandemic needed something easy and quick. Many of those people were relatively new to VC as an everyday part of the toolset. Zoom was focused on engaging people over VC quickly and easily, whereas Teams was/is like a Swiss army knife buried in a deep toolbox that you can only access through a subscription plan to the toolbox, so I imagine for non-tech teachers and whatnot, Zoom's approachability alone was a god-send.
Also Teams/SfB, despite years and years of their users complaining about the limit to concurrent video feeds, never progressed past about four until Zoom came on the scene. They didn't just exceed Teams by a few, but like an order of magnitude.
I use Teams every day but thank God for Zoom driving improvement. Just underscores the value of market competition.
The security issues like end-to-end encryption not actually being end-to-end encryption (unless you consider the man in the middle to be two ends, forwarding messages between the other two ends) were not propaganda - they really existed. It isn't even propaganda to say Zoom published very questionable statements (or if I allow myself to be slightly less charitable: the occasional outright lie) about those issues, because it is demonstrably true that this happened.
> that I'm almost certain was driven by Microsoft
You might need to present some evidence for that rather bold claim.
> [comparison with past MS security issues]
Teams is far from perfect, I am not a fan of it at all, and that security issue was real too IIRC, but you are using some very selective reasoning bringing it up at the same time as downplaying the serious flaws present in Zoom in the same period.
Zoom’s statements were in fact found by a jury to be false and misleading. If you used Zoom prior to last summer you are entitled to a (small) cash settlement https://www.zoommeetingsclassaction.com/
As far as I know there has been no similar court case outside the US, so the “you are entitled to” part doesn't count elsewhere. But yes, that is still a good indicator of how egregious the attempted misinforming was.
The comment came from a banned account whose comments are dead by default and need to be vouched. Discussing that is as off-topic as discussing voting, and not surprisingly it’s just noise now.
HN is generally also critical of Alphabet, Meta and Amazon. And rightly so. We should be pointing out ethical issues, urging companies to improve. Especially the large and powerful ones. It's just Apple that somehow seems to gets a pass on some occasions.
Accusing MS of a coordinated PR smear campaign against Zoom, with zero evidence other then "it feels like it", is a far cry away from pointing out ethical issues.
It’s like 1 comment with a whole bunch refuting it.
Which is probably why it’s so high up, because the HN algorithm probably can’t distinguish between replies agreeing with or disagreeing with a parent comment.
Possible scenario, yes. Plausible? Maybe. But there was no evidence presented, so I can see why somebody would ask for some. Why that comment asking for some got flagged is beyond me.
Another plausible explanation, at least in my humble opinion, but one without evidence either: Everybody and their kids (for school) were using some kind of video conferencing software for the first time in this kind of professional/educational setting and Zoom led the pack, which led to more interest by white hat researchers (and probably blackhats) as well as journalists. This newfound scrutiny lead to some first stories, and then people kept digging, because "Man exposes himself in virtual class room"[0] or "Does China spy on your business" or "New security problem uncovered. Is your kid safe in the virtual class room?" kind of stories generate a lot of impressions, and zoom had a lot of problems to uncover. Maybe it took some time to uncover the various problems, leading to a continuous stream of stories, maybe some outlets delayed publishing some stories, so they could milk a story at a time before coming out with the next one. Maybe Microsoft tried to capitalize on it, but that doesn't mean they were driving the news.
Honestly I fail to understand why Zoom seems to have so many fans. I find the UI confusing, on my Linux machine having a call with video will lead to the CPU cooler going into overdrive, I often have to leave and re-enter calls because audio output isn't working, etc. etc.
I think people like(d) Zoom because its core features were pretty simple to use. Yes, they do really weird stuff like having app settings that you can change in the app but account settings that you have to log in to your web account to change, but most of those features are more marginal.
Google Meet, and this may have changed recently, lacked basic features like being able to quickly identify what window you are sharing. I've also seen far more call issues with Google and Teams than I have Zoom.
As for Teams, I don't have a ton of quarrels with the video meeting system itself but it's desire to jam 20 other critical workflow pieces into the software made it a huge mess, at least from my experience with it on Mac:
1) The calendar sort of works, but not really, and most features you'd expect to accomplish with a calendar actually need to be done in Outlook and not teams.
2) The chat UI is really cumbersome compared to Slack and it quickly becomes difficult to find anything if you interact with a lot of people
3) The document file system is a total cluster. Let's say someone chats me a file to look at. I click the link and the file opens in my Teams window. I review it partially and have a question for the person who sent it. I go back to chat, send a message, and then try and go back to my document. Guess what? It's gone and I have to load it again. What fun! You just have to get into the habit of forcing the files to open in their native app or load them in a browser. I'm sure there is a way to prevent this from happening but what I've found with Microsoft applications (at least on Mac) is that basic functionality like this is completely unintuitive compared to any other productivity software I've seen.
Zoom has a free version and the UI isn't that bad - and it scales to quite large groups. It's not nearly as confusing as Webex. And the video and audio quality are better than Teams. And no one knows what Google is offering this week (I think it's Meet, but maybe Hangouts or Duo or are they all the same now?)
Audio quality on Zoom is downright worse with a hallow, distant sound -- Zoom is/was using the same codec as Skype (Silk) which Teams replaced earlier this year (Satin) which is much more robust and capable.
I don't know about the algorithms, and I don't care about broadcast quality. When I am on zoom I understand people. When I am on Teams I have to close my eyes and concentrate to figure out what the robot is trying to say.
Of all the bad solutions, Zoom is the best one. It is the only one with a native (= not a glorified web browser) client, which you can definitely feel. Both Slack's and Teams' calls bring my top-end (Intel) MBP to its knees, while Zoom is the smoothest (though absolutely not without faults).
I thought it was the best I've used. It was very intuitive and I could easily test my mic and sound. It handled my 5mb hotspot connection without stuttering. Contrast that to Teams: Desktop or web version? One allows anonymous use, the other doesn't. You have to Google to find out how to test mic and sound, which brings up the desktop version. I was using the web version and ran out of time for searching. The video would freeze every 30 seconds or so.
Um, just think of what you're suggesting. At MS some department (marketing, sales, product managers, devs?) somehow coordinated a bunch of press leaks (not sure how these were even determined to be 'leaks'), made sure that media outlets collectively believed that they were problematic, and then used those leaks to influence sales?
It's a stretch to attribute to malice what can be attributable to other environmental factors. Could it be that Zoom was/is the dominant player in the video conferencing space in 2020/2021, so media outlets were keen to cover stories around Zoom? WebEx and Google Hangouts vulnerabilities have also not received as much coverage as Zoom.
> At MS some department (marketing, sales, product managers, devs?) somehow coordinated a bunch of press leaks (not sure how these were even determined to be 'leaks'), made sure that media outlets collectively believed that they were problematic, and then used those leaks to influence sales?
You’re literally describing a thing that exists which is called public relations. I’ll admit it is unlikely for the call to be coming from inside the house, but this would be the exact kind of thing done by an agency contracted by Microsoft — for among other reasons, plausible deniability should anything become public. “Microsoft would never badmouth Zoom.”
> media outlets were keen to cover stories around Zoom
Hmmm, I wonder if there’s a field of professionals who make media outlets more keen to cover stories around a certain topic?
So we’re suggesting a 3rd-party PR firm likely coordinated public criticism about Zoom, an app that was undergoing hyper growth and entered the public consciousness in 2020 due to WFH and COVID. We don’t think media outlets would likely have wanted to voraciously cover Zoom stories because Zoom became one of the most widely used apps out of nowhere?
The logic appears to be: I saw a lot of news stories about X, therefore X was caused by Y, without recognizing that Z is just as likely a cause for X.
I was more making the point that you seemed unaware of the concept of public relations and instead thought that Microsoft developers would take the initiative to sow the seeds of Zoom discontent themselves.
At least in Germany the most common reason not to use Zoom has been privacy and data protection, not so much security. Haven't heard the security reason yet.
As an anecdote I know of a certain top-100 company that ditched their in-house competitor to Teams because MS made them a sweeter O365 deal. For a time management forced them to use Teams even though they were still developing AND licensing the in-house competitor to other companies.
MS is really aggressive with Teams marketing (specially for large bureaucratic enterprise) and I could totally see them doing what you mention.
The problem is that Slack (paid for) is hard to argue for vs. Teams when Teams is basically free if you already use o365. Management just see that chat app X is costing us XXk/year when Teams is "free". Easy savings.
Yeah I’ve always maintained that MS is an enterprise software company that cosplays a consumer software company from time to time. They don’t make a ton of money outside their enterprise software division; the rest of the company more or less breaks even.
What I know is that almost every company I have to deal with use Office 365, so they use Teams, and almost every school in my area use Google Suite (BigG got quite good at being the new Microsoft), so they use Google Meet.
Almost no one use Zoom anymore simply becase it's not integrated with anything.
Zoom integrates with a number of things pretty well (e.g. "Add Zoom to Meeting" button in Outlook create appointment interface) but it's not bundled with systems organizations already have, like O365 and Google Workspace (or whatever they're calling it these days).
I'm sure Google Meet is used in most of K-12, I don't know about higher ed. The university I work for licensed Zoom pre-pandemic because it was superior to other videoconferencing systems like WebEx and GoToMeeting.
The city council uses Zoom and my impression online is a lot of other local government functions that are now at least partially online do too.
Don't Teams and Google Meet both require everyone to have an account just to join a meeting? Being able to join a Zoom meeting just by clicking a link, no account needed, is very good for user experience.
Yeah, bundled is a more correct word, that's what I meant.
AFAIK, Teams doesn't need an account, but I have used it only in a business context, so I'm not sure.
It’s because Zoom was a joke from a security perspective, and the Chinese angle was a bad look, too. I use Zoom only via the browser. It doesn’t solve the potential spy problem, but it does solve the “not installing malware on my machine” problem.
The idea that it was MS Teams’s sales team behind the anti Zoom “propaganda” (lets accept that it was propaganda for now) doesn’t make much sense because it was never obvious that MS would be the beneficiary of people moving away from Zoom.
Teams was half baked at best, and lacked a vast majority of the features that made Zoom useful. For example, it was only well into the pandemic that Teams gained the ability to have virtual backgrounds. You couldn’t have meetings with more than 10 or so people until very recently. Pretty much none of the features that made Zoom popular were even possible on Teams.
The real beneficiary should have been Google Hangouts, but Google moved too slowly (actually, it would probably be more accurate to say that Google didn’t move at all…or if they did they moved backwards).
Zoom put a backdoor (like, a full web server) in their Mac version and didn't even remove it when outed until Apple pushed an update that killed it for them. Which was a big unprecedented step.
Mistakes happen. Total lack of action when it happens shows at the very least a total disinterest. They definitely did lack a focus on security and privacy at that time.
I agree Microsoft is pretty aggressive and teams is a pig of an app in my opinion (slow and bloated) but zoom really dug their own grave too IMO.
For what it's worth I find Jitsi delightful and super performant. I use teams a lot with work and Jitsi with our makerspace and it's just so much better at the video conferencing role.
To be fair, Zoom had some issues even before it came to the spotlight. At one point when you installed the desktop client it also installed a hidden webserver for some reason. [0]
It wasn't propaganda, Zoom was about as insecure as they come. Teams is a pile of junk as well. The only one that seems to work reasonably well is Google 'Meet', and that's super frustrating because this was a solved problem in ... 1995.
I work with several large organisations, all using Teams.
In every instance, the previous solution (Slack/Zoom/Discord) was replaced by Teams following higher management making the switch for reasons like "it's included in Office 365" or a new hire influencing the migration to Microsoft solutions.
In every instance, the application was/is not well received by the employees - it's slow, buggy, crazy complicated and generally doesn't feel "right".
Microsoft is good at channeling security topics for their PR, but at the end of the day they make software, just like everybody else (and this software is subject to bugs, just like everybody else).
It's really disappointing that the vulnerabilities have not yet been addressed...
Anecdotally (as a counterpoint), we also went with teams, and it’s been… fine. There are bugs, but they’re mostly in the category of “irritating” rather than “massively disruptive”. It’s nice that teams is integrated with the rest of Microsoft’s 365 and outlook stuff, and service uptime has been good enough. From my POV, the differences vs Slack have been pretty minor (although I recognize that my experience isn’t universal).
That said, yeah, leaving vulns and/or the irritating bugs open for as long as they have is silly.
TBH I'd rather the bugs be disruptive than being irritating. If they are disruptive people will just use other tools or MS will treat it more seriously. Now they are just irritating so they ignore or push them further.
I had a chat with an outside org, and now it is forever in my Teams history, and I cannot get rid of it.
which has the potential to be pretty embarrassing (if the chat was not work-related) or a violation (if the chat was under i.e. an NDA and the relationship ended thus "you have to delete all notes etc").
I'm sure the creative can think of additional ways this could be awkward.
For Teams it's already too hard to scroll up in a chat. It keeps jumping around and often automatically scrolls down to the bottom again. With this in mind I don't expect search to do anything.
The pros of Teams search is it is pretty good at finding things, like random chat message from someone who has left the company years ago.
The cons of Teams search is it is almost useless when you can only view the single message in the result list, e.g. a single chat message without any surrounding messages for context, and also no possible way to jump to the conversation for that message.
For me it always finds everything but the thing I was looking for. I might type someone's name and it comes up with a bunch of other messages from other people that don't even mention the name I looked for.
Unless you have a very specific detail keyword I find it useless. And indeed not being able to jump to the timeline makes it even size.
One in this temperament: try accidently pasting a very large amount of data in the chatbox in Teams. Then spend the next 40 minutes re-starting Teams to try to remove the data from said box while your laptop tries to fly away and Teams keeps many processors and gigs of memory lit trying to parse your data.
Microsoft should (but won't) reconsider the idea that one chatbox to rule many underlying types of software is a good idea.
Even a very large amount of data pasted should not blow up a text box in 2021. I mean, on Windows you can paste an object referring to a data blob pretty sure, macOS surely has something similar and on X/Wayland you could sniff and size of data pasted in advance and do something useful. If it's plain text like JSON even 5G of plain text should not bring a text box to its knees when the memory is available, it's not being rendered at the same time ... still getting irritated by Firefox taking forever to render a 10M email source code in plain text when it could do something smart and render/view only the viewport that's showing. Somewhere GUI engineers stopped being smart.
> Even a very large amount of data pasted should not blow up a text box in 2021. I mean, on Windows you can paste an object referring to a data blob pretty sure, macOS surely has something similar and on X/Wayland you could sniff and size of data pasted in advance and do something useful.
You can do so for sure. But can you do all these platform specific optimisations in Electron?
And even if you could, the reason companies go for electron is that they don't want to bother with platform specific stuff so they're really likely not to bother.
A agree a mere few megabytes of text should not bother any computer made this decade by the way and that teams is a pig of an app.
But the problem is not what's possible, it's them prioritising new features over performance and with that all the technology decisions they made.
> still getting irritated by Firefox taking forever to render a 10M email source code in plain text when it could do something smart and render/view only the viewport that's showing.
How do you know what's supposed to be in the viewport, especially if the font isn't monospaced? You have to 'render' the entire thing at least once - at least to the point of measuring the dimensions of text (not a cheap thing) and figuring out where you have to force linebreaks. And whenever the user resizes their window horizontally or does various other things, you have to do it again.
Your typical browser is already pretty good at this - not to the point some dedicated text viewers/editors are, but pretty good.
It's a monospaced font. Though even if it should have to render everything at least once, it should be in the blink of an eye --- at this point I'm almost convinced that getting a laptop with 10th gen i7 class CPU, 32G RAM and a RTX2060 graphics card to absolve myself of desktop performance issues was a mistake as it forces my to run Windows for flawless Optimus interop and does not get rid of desktop performance issues either. Maybe font rendering is not optimized enough or not accelerated at all, but a few million letters the most of them not even visible should be nothing on this machine drawing 100W and more but not performing much better at this specific task than my Haswell laptop from 2014.
That is the difference of specialised software in comparison to duct-taped solution like Teams. The first one has code to decide what is meaningful for the user in a given context, the second "just renders" the whole thing and show the user a thumbnail, probably without even knowing what kind of content it is dealing with.
MS Teams is the worst software I've ever used. This is not hyperbole. A room full of monkeys on a typewriter would never create something as bad as teams.
One day they just completely fucked the ability to paste code. It worked flawlessly before and then suddenly it removes indenting, bugs out and doesn't let you exit the preformatted code block. It's so bugged, it's like they didn't even test it. They couldn't have, one day it literally worked fine and the next it was unusable and could be replicated every single time.
And why there isn't the ability to just delete the rich text formatting and write markdown I do not know. They can't build a bug free rich text editor or one with intuitive controls. It's the same problem I have with Jira, the rich text editor just does not work like it should.
The latest Teams bug I've encountered is an inability to write a bulleted list with more than one bullet. Each newline splits the list into a new message. No combination of Shift/Ctrl/Alt + Enter worked.
This changed, as in broke, around a week ago. At least for me, on Win 11.
Edit: Just remembered another Teams bug from a few days ago: cut text from the middle of paragraph, paste it back in earlier in the same paragraph, ... and it appears in a smaller font.
For the list-bug, there is a workaround I think, if you go into the "Edit-mode" (or whatever it's called) where Enter won't immediately send the message, having multiple bullet points (by using Enter) still works.
But yeah, it's really silly how they manage to break things like this. One would think they have a test-suite specifically for their shitty editor to prevent things like this - apparently not the case. Welp.
It's not yet skype-levels of bad, where doing _anything_ beyond simple text was impossible, but it seems they're slowly getting their, update by update.
For me and my team CTRL+A randomly stops working for an hour. It happens every single day randomly for different members. Just mind-boggling BS every day with Teams.
My Android client randomly signs me out, sometimes multiple times per day.
Here's my "it's not stupid if it works" fix (that doesn't involve restarting Teams). Click on any message in a chat, click CTRL- (or CMD-) A, and congrats, select all works again. Please don't read this as a defense of Teams -- I'm just another frustrated user.
I like playing the "can I paste an image in today or not?" game - sometimes it works, sometimes it doesn't, sometimes I have to open the web version to do it, other times not ...
If somebody sends me an image, I can click on the thumbnail and open it full-size about once in five attempts. Usually it will just open up to a blank screen and fail to load the image.
The image thing is the most frustrating one. Most of the time someone sends me an image, I can see it in the chat, but as I click on it, the Teams UI bugs out and displays nothing.
Oh Teams started doing this too now?
This was that one thing that made me absolutely hate Skype (other than being utter garbage in general) and that at least worked so far in Teams...
Looks like all commercial chat-software is destined to become terrible garbage, one A/B-test at a time.
If I remember correctly, there is some difference between voice call chat rooms and the instant messaging chat rooms. I don't remember which messed up whitespace. Or if I copied between chats etc.
I fully agree. I literally never felt this much hate and contempt for software as I do when I'm forced to use Teams every day. It's an absolute shitshow of a chat. And when I thought it couldn't get worse, they f*ked up ctrl+a selecting all text on Windows... I work in MS ecosystem, some MS products are great, some are really bad, most are ok-ish, but Teams is on a whole another level of bad.
Then I presume you never had the misfortune of using Skype for Business?
We used this prior to Teams, and in comparison, Teams is great. I'm guessing a lot of Teams users come from Skype for Business, so they are really happy with the improvements.
Skype for Business was incredible next to Teams. Lightweight client (even though it was WPF), developer SDK that actually provided basic chat functionality, notifications that didn't automatically get lost in the scrum. I miss it a lot.
The server infrastructure was a bit of a shitshow, if you ever had to maintain an on-premise deployment, and it must have been a complete clusterfuck to run the Skype for Business Online SAAS service they were offering. So I can understand why they did away with it, but I'm still very irritated that this many years into Teams, it's such an unfinished mess...
SfB only did the non-persistent chat and A/V calls portion of Teams and is really more like a VoIP PBX. SfB calls still have better audio quality than Teams today - I'm guessing they've optimized bandwidth down to meet a "2/5 star rating" ("technically intelligible").
The audio/video part of Teams is almost flawless for me up to, say, 20 people. I was actually impressed with how well they handle multiple devices - joining a meeting from a phone and laptop at the same time, or moving from one to the other is done in the best possible way.
Everything else is horrible - note taking is useless, the chat is full of visual noise and slow, the calendar is mostly useless and takes too long to update, file sharing is infamously convoluted etc.
We currently use Slack for chat and Teams for audio/video calls and I quite like this setup. Slack is absolutely horrible for audio/video calls, so moving to it entirely is a no-go, hope the company will keep being ok to pay for both.
To me teams appears that only one person can be heard talking at a time (bit hard to describe, someone can interrupt but it seems like there's some kind of limitation as to who is being heard). On the other hand on Google meet I noticed that conversation sounds closer to a normal meeting.
"some times the left arrow to move the cursor doesn't work". Same bug in Windows. Select the button with the three dots "...", and hit escape when the menu pops up. Arrow key will start working again.
My biggest issues are that a) it starts up in the foreground (none of my other autostart apps do this) so it can happily intercept keypresses you're doing in other apps -- and b) it does not respect standard system titlebar / borders, which puts it as the only app in my KDE environment that works in a non-standard manner.
A/V issues, navigation, inability to find an existing conversation / conference (happening now on another computer) on a GNU/Linux machine, etc are almost secondary.
> My biggest issues are that a) it starts up in the foreground (none of my other autostart apps do this) so it can happily intercept keypresses you're doing in other apps
I needed to change my work password twice already because I accidentally sent it to somebody when Teams suddenly popped up and took focus away from my VPN client and I hit enter.
You can outright prohibit applications from starting on the foreground on KDE.
I wouldn't even try running Teams on Linux, as I'm sure it's an endless source of frustration (much more intense than on Windows or on the browser). But the one nice thing of Linux is that you can force apps to behave.
As a cross platform desktop app developer I hate desktop linux. So many reinventions of the wheel that you have to support. Graphics, sound, video capture, GUI is all a mess.
There is X and now wayland. If you are doing something beyond basic you can quickly fall into needing two different implementations for GUI things.
There is jack, pulse, alsa and now pipewire for sound. On the system you can have multiple sound devices some available fully working only through pipewire, others fully working only through pulse.
If you want your app to integrate into your desktop nicely (basic thing like using tray icons) you can have completely different behaviors on different distros because there is so much variability.
Pipewire is now taking over a lot of things regarding audio/video. With fedora already fully on it. Great but the documentation is in a miserable state. Very few examples. Some distros while have pipewire running, using it for audio will just not work.
Understandable. It would be nice if a lot of the Linux DE were consolidated, at least for a "target" for developers. I'm genuinely hoping SteamOS 3 helps with this. Of course, this consolidation will come with issues as well, as we've seen with the dominance of the Chromium engine for browsers...
I definitely agree with this sentiment in terms of general UX and performance.
I can't find a lot of messages and files that I'm looking for because it's so badly structured. And it has a very noticeable lag whenever I perform any function (clicking on "Activity" out of "Chat" for example).
The only good thing about it is video calling. Without testing this, I always feel it's much faster/smoother and has better screen sharing quality. Also the launch screen does a great job (in comparison to Zoom for example)
I must have used worse software, but not something that I can remember. The problem with Teams is that for all it’s flaws, I can pick an alternative. Clients expect Teams and are always surprised that we don’t really use it internally.
Video call on Teams is actually pretty good, but everything else just seems half-baked, thrown together without a plan. The GUI is non-intuitive, basic features are unstable, absent or hidden away. Work for a company that doesn’t use ActiveDirectory and Exchange… well now your in for at really bad time.
> Work for a company that doesn’t use ActiveDirectory and Exchange… well now your in for at really bad time.
Another way to think of it is that the deep integration to AD and Exchange is the major reason IT departments like Teams. The video and audio calling is fine, the chat works, although it seems to annoy Slack users. The meeting calendar syncs with Exchange. Planner boards give a simple Kanban setup. File storage with Sharepoint and Onedrive integration mean that the stored files work almost like they are on my computer.
It’s among the worst I’m currently using, at the very least. The most amusing part is that you never feel like you’re on solid ground: given the app’s complexity, there is always some exotic new problem to be discovered at the least convenient time.
I see you haven't used WebEx Spaces or Google Meet yet! Meet doesn't even have a desktop application! Of course you won't get reliable video unless you use Chrome.
Teams is not great, but for an enterprise-tier collaboration solution that can do chat, voice, telephony, and video, it's better than its alternatives. It's far better than its predecessor, Skype for Business (fka Lync).
YMMV, for my use cases it seems to work really well. I wonder if your instance has been heavily "customized" with group policy, or something.
Given the alternative for us would be slack+zoom+gsuite, which all have impressively daunting privacy concerns as well as pretty crappy usability themselves, I (and the people I am collaborating with regularly) am really happy with Teams.
These kinds of software are really good at having answers for “what-about”isms, so it doesn’t matter that the subjective experience is bad. For any objective “what-about” in terms of integration story or security story or whatever, they have a thousand different answers that can be applied, so the purchaser will always be convinced that all potential issues are addressed.
The endless branching feature list also results in broken spaghetti code that creates a horrible subjective and inconsistent experience.
Oh, I remember how Lync had different maximum message lengths for the first message in a conversation vs subsequent ones. I believe it was using SIP internally and sending your first chat message in a "begin call" workflow, but it was always unpredictable when a new "call" would start or not. Horrible kludgey solutions...
> We reported the issues to Microsoft in March 2021, who has only remediated one so far
I feel that I read something like this almost every single time Microsoft is mentioned in a vulnerability disclosure. What makes the company so bad at dealing with security reports? I don't expect it to be a lack of talents or resources, or is it?
Their SOC Team for consumer/prosumer oriented apps is terrible. I knew someone working there that left to join the Azure team within the company so go figure...
There may be an element of survivorship bias. You hear about the ones where someone whines that they didn't fix it. When they fix it quickly, all you hear are the grumbles about yet another software update.
Teams has a bunch of anti-features that I have to click off, including this one.
The micro update also tend to break something. For example a November patch broke list in chat, a futher one broke list in general. I have to enter the edit mode every time I want to enter a list.
I think the ability to use ''' to enter code snippets was also broken a while ago, and in another patch the indentation of such code block was gone as well.
I think they are trying to force us to use the editor mode.
I had to install Teams for my kids' pandemic schooling. Now, I'm not a stupid man, but Teams makes me feel like one. It's without a doubt the most baffling piece of software I've ever tried to use - teachers post things for the kids to do at home and it takes forever to actually find them as there's so many different places they can be. I presume the goal in creating this app was "we need to compete with Slack", but then various teams inside Microsoft must have gotten very territorial during the design phase and now we have this monstrosity, not fit for any purpose at all let alone competing with Slack.
I think you may have missed a stage. Microsoft had Skype and Skype for business already. It is Skype that became Teams and added the deeper integration.
Not to mention it's an Intel only binary, what's the point of using these dreadful electron cross-platform apps if they can't even be built as universal binaries.
I know right? Plus MS Teams is the among the most used apps in the enterprise world how come the only good version of it is only available in Windows 11 where most workplaces aren't even pushing it to their users.
The way Microsoft handles Teams annoys the crap out of me the MacOS and Linux versions are left to die basically.
It is (by far) the most horrific piece of software I'm forced to used, the UI/UX is confusing, it's a battery killer, eats all the ram (though - that's common with all electron garbage), it somehow manages to make Bluetooth headsets drop out, it significantly impacts network performance when sharing video, a lot of bugs in the calendaring system.... I could go on, but damn I just hate it.
Teams is the only application that consistently has trouble finding any audio devices because it decides to manage them itself, poorly, instead of relying on system defaults.
Audio works in every other application, but sometimes Teams just decides it can't find any audio interface. Or worse, it finds one but decides "It's not working" and refuses to use it.
Using Teams in the browser is then a possible solution.
I agree so much! It is baffling to me that so many companies/schools/individuals are actively using it. It is _so_ _bad_. Messages are lost, it reboots spontaneously, it crashes, one cannot turn off emoticons (I think (the UI doesn't help)), etc. It does not even take security seriously. What is good about that software?
And then when I talk about this with colleagues, they seem to be just fine with it...
Anyway, sorry about the rant. But it is just so nice to see that there are other people also dissatisfied with it, and that is not just me.
The reason people use it is because either they don’t have a say in it or they legitimately never used anything better (such as Slack or the lesser-known competitors like Mattermost).
If your benchmark is Skype for Business or email then I guess Teams is indeed an upgrade, and Microsoft is betting on that.
Literally every time I type in ``` I get different behavior, depending on what mood it’s in. And some days it stops getting updates, especially if you’ve got the mobile version running too. Step out for a moment and someone asks you a question? Well good luck getting it to show up in a device with a real keyboard.
> the MacOS and Linux versions are left to die basically.
I hate Teams as much as the next guy, but I'm not sure what you mean by this. On Linux, I have version 1.4.00.26453, vs 1.4.00.32771 on Windows 11 (installed fresh today).
Also, the Windows experience is just as atrocious as on Linux, so for once I don't get the feeling that Linux is a second-class citizen. If anything, all citizens are last-class.
The version numbers are lying. The Linux version is missing important features, like seeing more than 4 participants at the same time, or blurring the background. Also, for some reason it is often not possible to see the camera picture of participants when they start screen sharing (if they are using the Linux version, that is).
I don't know about the number of participants, luckily I've never been in a mammoth call. As for the background blur, it may be related to a missing feature in Electron. I seem to remember that another conferencing app (might have been zoom, not sure) didn't support this while running on Chrome/Linux, so I figure it's related.
To me, the main missing feature on Linux is the "native notifications" feature (as opposed to the bespoke window that pops up).
As a long time Linux user and one that has suffered through multiple versions of teams/slack/zoom/Google Meet I was pleasantly surprised with Google Meet (in chromium) for video calls. It worked flawlessly, adapted really well to a super wide monitor (actually used the space well), and had the background blurring/replacement features that get stripped from most linux clients, the only downside was that it didn't like screensharing in Firefox.
This is interesting. I've actually had a very jarring experience with Google meet. My webcam image, for some reason, would be squished, like it attempted to constrain it to 4:3 when it's 16:9. But the end image wasn't 4:3, there would be vertical bands on the sides. However, while waiting in the lobby for a meeting, the preview worked fine. This happened on both Firefox and Chrome (actual Chrome, not Chromium), and with multiple people.
The exact same setup worked perfectly in Teams, Zoom and OBS.
I don't think it's a limitation with electron on Linux. One time I joined a meeting with an external org, and probably due to some bug in teams I suddenly got more features like e.g. background blur. The next meeting a couple of hours later the features were gone again.
There's a lot of missing features like those mentioned above, is the reply option with a quote already working in Linux? Been using MacOS since the MBP14" came out and haven't booted by PopOS desktop since I'm not at home
I'm still reeling from the fact that the macOS teams app have a local privilege escalation to root vulnerability for a while. Why does ANY part of teams run as root?.
Yeah it was the update, but even thats a bad reason to be honest, the only thing that changes without the privilege helper is the user gets a prompt for an update.
It was updated on the 16th and the 22nd on my side. TBH I'd rather it NEVER got updated since the beginning (about a year ago). I don't need all those features.
Teams is sometimes comically bad... For instance, 4 people in a video chat, not an uncommon use case. The simples and most logical screen layout would be 1/4 of the screen each. No: one person gets 1/2 the screen, with a tall vertical slice. Two people get 1/4 of the screen, normal aspect ratio. And you get a tiny window in the top corner.
To add to this, why is there a giant bar still at the top when someone screen shares that you can't really get rid of. Even if you toggle it and set "focus", which you need to _every time_, there's still a (smaller) bar.
I feel so validated by this comment. Cannot understand how Teams lays out participant video windows. I keep looking for a magic “arrange by” context option that obviously does not exist.
I remember a few months ago I got a bug-report from a customer that "their site didn't show in link-previews in MS-Teams".
The URL includes a German "Umlaut": ü
After tracing the HTTP requests received from the link-preview generation on the server (logging the network packets) I found that the "Host" header wasn't the expected/configured xn--test--ova.de (IDNA to ASCII).
To "work around it" I needed to add an extra VHost in Nginx with the server_name "test-\xFC.de" (that just redirected to a non-Umlaut domain).
I didn't bother or even know where to report it (to MS). But apparently not using proper tooling for URL handling / HTTP requests makes one wonder about the quality of the product or even possible security implications.
No surprise at the MS non-response here. Anyone forced to use Teams every day can see that it's being maintained by a skeleton crew (at best) on the dev side. Every single day I miss basic features (like global message linkability) that I came to love in Slack, and suffer 101 little bugs and annoyances that never seem to improve much.
MS clearly thinks Teams is "good enough" - enough of the feature checkboxes ticked that they can focus mostly on aggressively marketing it, making it seem crazy to use a separate third-party chat platform instead of Teams if you're using Azure.. even if does happen to be a buggy bloated beast, with almost unusably wretched mobile apps.
If there's just one area I wish we hadn't switched to MS-brand dogfood after making the move to Azure, it's chat/calling. It's a deceptively tricky domain to get it right in, and one where you really want as little friction as possible for all users.
"We should have stuck with Slack." - every team that ever switched to MS Teams.
I think starting from maybe 5-6 years ago MS got into the mindset of "pushing early and let users be beta testers and do micro patches along the way". Power BI was CLEARLY only barely useable back in 2017 but gradually climbed out of the hole after 2019.
More and more I wish I could work in some company that doesn't use any MS tools. VSCode seems to be the exception here.
I think the first vulnerability could also lead to a DoS if they point the server to its own lookup route?
Also sad to see how Microsoft is treating security researchers, instead of thanking them with a small bug bounty. Especially for the one (or maybe two) DoS vulns
The IP adress leak is also very common in a lot of "flashy" opensource projects trying to "solve" communications. Because apparently everyone wants his computer to visit a url to parse some data, so that one can decide whether the link is safe to click or not...
A private discourse forum (actually any forum software, sometimes spam bots post gifs for usercounting!) does this to great effect with media too - it just allows embedding everything it seems.
And then there is a university rocket-chat instance - with a big general-channel: And link-previews (enabled by default) somehow don't cache the images serverside, but let every client get them, because that's probably what works easiest with k8s, because who has a harddisk.
Well, you can basically do user-tracking on people viewing a specific internal chatroom that way. Which is definitely different to more or less consciously getting abused in the public net every minute.
Also funny: if people bookmark your website in iOS safari and you don't have a favicon, safari will regularly visit your page :). Found out that my father had bookmarked my empty blog that way, because suddenly an IP from his workplace showed up in the log... Yes, in the face of the other abuse this is minor, but I think it illustrates the total disregard for privacy nicely.
I have a hard time understanding why MS is investing so much into VS Code yet so little progress is made on MS Teams (which in theory should be more important to them as it has broader usage?).
With VSCode, they had to prove themselves in order to bring people in. No one would have used it if it were as horrible as Teams.
With Teams, on the other hand, they've got nothing to "prove", they just need to show up. Enterprises eat it up automatically because they already use Office, so "it's free".
I also don't think they have any hope of attracting people from outside the MS ecosystem, so they don't even try. I'm actually quite surprised they've put out a Linux version which isn't any worse than the Windows one.
Exactly. Developers aren’t stupid and most have experience with legitimately good tools - you’re not going to win them over with a pile of shit like Teams.
The target market for Teams however is one that’s often non-technical and has never used anything better, so for them Teams is an upgrade.
I think it's just the team that makes Teams is cut from a very different cloth than that who makes VS Code.
Smells a bit like someone in MS saw VS Code's success and drew the conclusion that it must be because it was built with Electron, and if only all the other bits of MS who churn out crappy gunk would use Electron then they'd churn out flawless gold instead.
Well, they churned out Teams, make up your own mind I guess.
how do you know they are not 'investing'. It's my firm belief that even if Microsoft did try as hard as they could and they would assemble a whole teams to try and design/implement a worse product than "Teams"... that would be a spectacular failure.
Google Meet isn’t my favorite and browsers obviously aren’t immune to exploits, but things like this make me glad Meet is fully-featured and usable in the browser.
If this is turning into a Microsoft bashing thread I'll join in as well. I don't understand how text handling (highlighting, moving around etc.) works/feels different between Teams, Excel, Outlook, Word, the OS. They're all developed by the same company. Why do they integrate so messily?
Different teams (and skill levels probably). I'm actually thinking MS leaves unimportant work (like Teams because it's bundled) to newbies or new PMs. Good developers are expensive.
And if we're just complaining about Microsoft anyway, who on earth decide it was a good idea to step away from 'every keystroke will be handle eventually, in order'?.
Nowadays trying to search in the start menu or trying to log in under heavy load you just have to hope it recognizes all keystrokes.
Does anyone know why they have to do weekly micro patch? I mean who is the PM and does he/she really believe it's enough to do tests for weekly releases? The last patch on MacOS was released on the 16th and today I see anew patch.
It is unbelievable the difference in development velocity and quality of the final product if you compare Teams and VS code, both from Microsoft. Both apps are built on electron.
Teams is dog slow, VS code is probably the fastest electron app in existence.
Teams is full of bugs, and it seems they are unwilling to fix even security vulns (from TFA). VS code is free of bugs, even though I use it way more than Teams.
Teams is not fixing even security bugs, and VS code's update cycle is so frequent that it is annoying. I am surprised how long their version notes are.
This preview link vulnerability appears to be an easily implemented mistake. I wonder if having vertical development teams (client, api, etc) vs horizontal teams for a particular product makes this type of defect more likely. I could see how a client team would be likely to consume the preview link API without considering its internal implementation or that it could probe internal cloud infrastructure. The API mistake could have been easily made by any developer, particularly more green developers. Lack of a larger number of people involved with the entire horizontal stack could make this type of issue more likely to not be found.
My organization is considering restructuring teams from 1-3 horizontal teams (full stack) for a given product to 1-3 teams that focus only on one slice of the product. Seeing articles like this makes me contemplate if there’s more security risk with this approach.
Reading through these vulnerabilities, it feels like a handful of these are low priority or non-issues. This might be a controversial opinion, but it’s not clear to me why these issues ought to be prioritized and fixed expediently.
For example, it’s not clear to me why an IP address leak is considered problematic. And breaking chat or crashing on reload seems more akin to a bug a la iMessage link bugs like https://www.theverge.com/2018/1/18/16904774/ios-iphone-bug-c.... That type of issue should be fixed, but it’s not a vulnerability that’s meaningfully exploitable for either remote code execution, stealing client credentials, or stealing client data.
The IP leak one is really interesting to me. Considering the quip regarding the fact that centralized servers are performing the link preview operation because it's not using E2E encryption... But if it was, and the client machine was generating the preview, then wouldn't that force exposure of the client's IP to the remote server?
Yes, these are the tradeoffs between client side and server side link previews. (If the sending client does it, they could lie; if the receiving client does it it's a privacy leak and attack surface increase; if the server does it then it sees private data.)
I just noticed hat GitHub offers a security tab and CVE handling, showing which releases are affected and when it was patched (plus a security policy):
What is the solution? More security education for general SWEs? It seems like whatever team worked on this feature never considered any security perspectives.
I work as a sysadmin and everyday is an uphill battle to convince people to not do dumb shit like exposing endpoints to the public internet (without need).
I have no security education, but I care about stuff because I will be held responsible if we get pwned at some point.
IMO the biggest issue is that SWEs very rarely have long term skin in the game in the projects they are committing to.
Many have strong incentives to not care about security, day 2 ops, etc... When shit hits the fan bonuses were already paid and said professionals often moved on.
I think that tends to be lessened by having small projects with clear owners that don't jump around all the time. Companies with smaller turnover win big here.
> I work as a sysadmin and everyday is an uphill battle to convince people to not do dumb shit like exposing endpoints to the public internet (without need).
I find it helpful to have standard low cost (certainly no monetary cost, but also little in the way of bureaucratical cost) solutions which remove the need.
E.G.
"I need to access this device's webpage from everywhere"
"Fine, go via this proxy which has oidc integration with our corporate identity, Here's the URL, let me know if there's any problems"
Doesn't always work, but it certainly reduces the fights.
There is a reason that in construction, the architect and the structural engineer are separate roles. From what I've seen in software dev, it cannot be considered engineering until a similar division is normalized, mandated and legally required. It's easy to shove things into production, too easy.
Software engineering does have the profession of "software architects" in theory, the problem is that the only thing they get taught in academia is building useless object models for Java.
(Side rant, the fact that academic computer science is so far away from real life is yet another can of worms)
open source did not stop Heartbleed. How about force commercial software companies to have 1 in 10 devs. dedicated to security with even a single feature ticket getting fixed by one of them resulting in a fine of ~5% of the yearly revenue.
Somehow we still have medicine (they do a lot of testing before they release anything!) and doctors (they have insurance!).
It would increase the barrier to releasing software massively (possibly killing the startup scene altogether), but it doesn't mean software development would end.
If we applied the same rigorous testing and verification processes in medicine to software, software development as we know it would definitely end. It would probably take years to convert a straight-forward requirement into a working piece of software. Something like Teams or VS Code that get new features added all the time would not be possible anymore and would cost tons of money. And while security issues should not be taken lightly, I don't consider leaking my user agent to be as big of a problem as getting permanent damage from low-quality medical care.
>Something like Teams or VS Code that get new features added all the time would not be possible anymore and would cost tons of money. And while security issues should not be taken lightly, I don't consider leaking my user agent to be as big of a problem as getting permanent damage from low-quality medical care.
It won't take years. We will have to train developers and create better tools. Then you will libraries and apps sandboxed, like we would not allow an IDE full access to the internet, or to the entire hard drive without permissions.
Say you get the task to build an RSS reader, you will have to choose:
1 use a language+standard library that is safe and the vendor offers some warranty
2 use an unsafe language or some unsafe libraries but you will have to take the risks and do the work to review and evaluate
3 in case you prefer open source you find a language and ecosystem where there is some foundation that even if it can't offer some warranty it accepts donations and contributions that are directly targeted on security, so you would have packages that would have a checkmark that was reviewed by a team.
So I would use a safe language(a GC one) with a trusted standard library, so now I can do the network requests to grab the XML files , parse them with the secure XML library and render the content in the safe Web View provided.
This means that the guys that give or sell me the XML library and the Web View will take the risk, but they can charge for their work. We would probably get smart developers using some extremely safe languages like math safe not Rust(safer then C safe) and this guys can write a maybe slower but 100% web view (maybe with less shiny animations).
Capitalism would be forced to invest in this safer tools and in training the developers, Microsoft ,Apple, Google will have to secure their unsafe OS and libraries but for sure it would not take 1 guy years to build an RSS reader that would not take over your data and send it to some hacker somewhere.
> Somehow we still have medicine (they do a lot of testing before they release anything!) and doctors (they have insurance!).
The fact that doctors are relatively frequently sued in the US is one of the reasons why US has very expensive healthcare. If you are rich that's fine, but almost everybody else would prefer more available (cheaper) healthcare with doctors who don't need to spend money on liability insurance.
Parent suggested free software would be the exception to this rule. Personally, i don't understand why it's even legal to publish binary code without the corresponding source, but at least their point made sense: volunteer-run projects need to be exempted from such regulation, and there's exactly zero reason a volunteer-run project should not be free-software.
Education alone would not help if SWE in many (most?) large companies have no incentives to make software more secure. Even worse - caring about security can make their performance look bad. Companies try to improve security by inflating dedicated security teams which in many cases don't care about an actual product, its code (and infrastructure) but can annoy engineers by arbitrary rules/checklists/policies e. t. c. which IMHO rarely improve product security.
How to create this incentive is an open question but more laws and regulation doesn't look like a good answer to me.
> It seems like whatever team worked on this feature never considered any security perspectives.
The solution is simple: similar in thought to GDPR, make vendors of proprietary products above a certain size (e.g. market share, net worth, # of employees) liable for security issues even if they do not result in privacy breaches.
Vendors will then either have to release their software as open source or need to carry insurance for security issues, and the insurance companies will only provide insurance if company processes are following industry standards - e.g. code reviews, security audits during concept and development, appropriate staffing of developer teams or requiring certifications/training for developers.
I hope somebody at Microsoft read this. It goes far beyond security vulnerabilities. The Teams Linux client is barely usable. Chromebooks don't even have a client.
Could Microsoft expose an API and allow third party clients to be developed?
At least with the old Lync/Skype clients, you could flip them into UI-suppression mode and drive them with COM, to replace their UI with a custom application, if you wanted to make that investment.
Potentially you could cobble together enough Graph API calls to make a lackluster restricted-feature client, but it would be a mess.
We have an integration with Teams and it feels like a beta in my opinion. Random 500's from the API, hundreds of JS errors in the console are not uncommon. We've had fewer problems with Zoom.
awful product.They have improved the search functionality in the last few months by adding more filtering options so it isn't as bad as it used to be for finding stuff.
This was, I am almost certain, inspired by Microsoft corporate sales getting their hooks into management.
This was largely because of news stories like "end to end encryption doesnt really work as advertised" and "if you leave a room password unprotected bad people will enter". The level of press coverage was off the scale compared to what Teams got for far worse issues.
The vulnerabilities werent nothing but they werent even in the same ballpark as the MS teams vulnerabilities foisted on us for "security reasons" like this howler they tried to cover up https://www.techradar.com/news/microsoft-may-have-downplayed...