Comment by uptown
6 years ago
“On Mac, if you have ever installed Zoom, there is a web server on your local machine running on port 19421.”
...
“All a website would need to do is embed the above in their website and any Zoom user will be instantly connected with their video running. This is still true today!”
This server is still running on my machine despite having "removed" Zoom a few months ago (macOS).
Guess I was a bit naive in thinking just trashing the .app and immediate artifacts in Library would do the trick.
EDIT: I missed the .zoomus directory in my home folder that had the culprit. Funny enough Zoom's instructions on how to uninstall the app on macOS just points to documentation from Apple and wikiHow (???) with standard methods that don't fully remove Zoom.
I'm sure Zoom intentionally failed to tell you how to remove the web server. After all, if it's still running, then it's just that much easier to reinstall Zoom on your machine.
I’m surprised more enterprise IT orgs haven’t flagged this behavior, or simply made it impossible via local machine policies that would prevent running a web server.
.../.zoomus/ZoomOpener.app/Contents/MacOS/ZoomOpener
Does anyone know how this web server starts itself after restarting your machine? As far as I know, a `~/.zoomus` directory can't restart a web server after your machine restarts.
It doesn't start on boot, it starts on login. It appears as a Login Item named ZoomOpener in your local user account in the System Preferences -> Users & Groups.
Additionally, when you launch the main application, it will check to see whether ZoomOpener is running. If not it will boot it up. The main app will install and register ZoomOpener as a Login Item if necessary.
I think it's because it runs on a port higher than 1024, so it doesn't need root privileges to start a web server on that port.