
Zoom needs to clean up its privacy act - seapunk
https://blogs.harvard.edu/doc/2020/03/27/zoom/
======
conradev
As other people have stated in this thread everything in Zoom's privacy policy
seems to indicate they are sending data to advertisers only as necessary to
advertise their own products. They likely:

\- Use the Facebook iOS SDK to measure conversions from app install ads

\- Send a list of hashed email addresses to Facebook or other advertisers to
do ad re-targeting

\- Have Google Analytics on their websites to track where people are visiting
their website from, i.e. a click on a Google AdWords ad

While these are all not _ideal_ because _yes_, Google and Facebook use this
data for their own purposes as well, it's far from _nefarious_. In fact, it's
pretty standard fare. Could Zoom go above and beyond and reject these tools?
Yes, they could. Does anyone in practice? No.

If Zoom was selling metadata about their calls, leaking contents of their
calls, or themselves served ads – then yes, I'd be concerned. But all
indications point to them purchasing ads to further the growth of their
business.

I think it is perfectly reasonable to seek guarantees around the usage of the
above, more sensitive data (contents of video calls, metadata of video calls,
etc.) but on the flip side to imply from their privacy policy that they are
sending it to Facebook or that they are "in the advertising business" is
jumping the gun a little bit.

~~~
uoaei
> standard fare

Aka "common sense" aka "anything that will fit within the Overton window"

Not to be confused with "decent, moral behavior"

~~~
Spivak
I suppose, but why would you single out Zoom and expect them to act more
decent and morally than any other company? Is there any reason you would
expect this?

~~~
paulryanrogers
Calling out the biggest players is fine. They have the most resources to roll
their own or at least shop around, should they value their users privacy.

------
mrpippy
I just downloaded Zoom for Mac, saw that it was a .pkg file. Great, I can see
what files it installs before I install it.

I open the .pkg, click Continue so it can run its script, then a second later
Installer quits and the app launches. What?!

Turns out, Zoom installs the entire app in the 'preinstall' script of the
installer package! Inside there's a copy of '7z', and the app is extracted
with that. The preinstall script is littered with typos and poor grammar.

I'm not one of those people who thinks that Apple is going to force all Mac
software to come through the App Store, but when I see stuff this stupid...I
start to wonder.

~~~
Wowfunhappy
While I also dislike this type of thing, remember that Zoom's business is
built on getting people into calls as quickly as possible. Seconds matter.

So I can totally understand why they would want to use 7zip to shave kilobytes
off the download size.

~~~
swiley
7zip isn’t the complaint, it’s that the installer installs the app before the
user OKs it.

Honestly zoom is something that I would never let near a personal computer.
What really surprised me is that there’s a “zoomgov.” (a friend at a defense
contractor showed me) Either our government is enjoying the benefits of being
able to force companies to be audited because of defense budgets or things
have become way more relaxed than they should be. Judging by our “stockpiles”
and inability to get critical equipment I’m guessing the second one.

~~~
Wowfunhappy
> 7zip isn’t the complaint, it’s that the installer installs the app before
> the user OKs it.

...I was about to write a reply saying "well in that case I don't understand
what the GP is complaining about", but then I opened up the installer again.

I didn't fully take in what the parent was saying. Zoom is completely short-
circuiting the normal macOS package install flow. You click continue once to
acknowledge that "this package will run a program to determine if the software
can be installed", and then Zoom is suddenly installed and the installer
exits.

I can understand why they did it, but it's not good.

Although, Apple deserves some blame here. Firstly because their non-app-store
software install flow has been screwed up since the release of Lion, and
secondly because why can't you use Installer's "Show Files" option before the
preinstall step?

~~~
jscholes
I'm not a MacOS user, but I'm having a really hard time getting my head around
this:

1\. You download an installer.

2\. You activate that installer.

3\. Your system tells you that the installer can run some code.

4\. You agree to the installer running some code.

5\. The installer installs some software, via the code that you said the
installer could run.

Seems perfectly acceptable to me. If you literally cannot open up the archive
file to inspect its contents without running some code inside it, that's not
Zoom's problem. It's just a really stupid decision on the part of Apple.

~~~
Wowfunhappy
> Your system tells you that the installer can run some code.

The message reads "this package will run a program _to determine if the
software can be installed_". Old iWork updates used this to see you had a
previous version of iWork on your computer. nVidia's Web Drivers used it to
check if your Mac had an nVidia card. No other macOS pkg that I'm aware of
makes actual changes made to your system during this step. That's not what the
user agreed to.

Behind the consent message is a grayed-out "next" button that you never get to
click.

I suppose this system was ripe for abuse, but that doesn't excuse the people
who abuse it.

------
mikestew
I have a need for Zoom, virus or no, but the point of the article is why I
don't give them money. Give them money, while the company is apparently still
going to worry about milking advertising dollars out of me? That's just going
to be a strong "no". As the final paragraph of TFA says, either charge more or
give away less for free. But if you're selling me out to advertisers after
I've given you money, then you're one of "those" companies that I avoid if at
all possible. Because they're skeezy. You don't want to appear skeezy, do you,
Zoom?

So for now Skype and MS Teams works fine, or at least fine enough that I don't
bother with Zoom. Which brings me to a side question: what _is_ the value
proposition for Zoom? What does their product do so much better than the
others that I'd put up with this shit? Why am I hearing the hell out of it
lately? Outstanding PR department?

EDIT: thanks for your answers to “why use it, then?” Because “it just works”
seems to be the summary, which hoo boy, one cannot say about a lot of the
competition.

~~~
impendia
> What does their product do so much better than the others that I'd put up
> with this shit?

I'll share my perspective as an academic. Many of us have adopted Zoom,
practically overnight, for our teaching, for one-on-one meetings with
students, and even for conferences [1].

The answer is: _It just works_. It's easy. It does what we want it to, with a
minimum of fuss.

As someone who now has a whole bunch of unanticipated shit to deal with, this
is one less thing to worry about.

I definitely share your objection in principle. If this situation continues
long into the future (a terrifying thought), then perhaps I'll revisit my
choice of software. But in the short term, to be honest, I don't much care.

[1] [https://www.daniellitt.com/agonize/](https://www.daniellitt.com/agonize/)

~~~
CydeWeys
> The answer is: It just works.

I've actually found the opposite to be true. Google Meet is an example of a
product that just works. Zoom, by contrast, pushes you very heavily into
downloading and installing an application on every device you want to use it
with, and provides a secondary degraded experience in the browser if you find
the right link to use it (which you have to do EVERY SINGLE TIME; there
doesn't seem to be a way to permanently opt out of the "install this
application" nag flow).

~~~
mft_
For _many people_ , the criteria by which to judge VC software might be
quality of audio and video, ability to deal with low bandwidth, and the
ability to run a functional meeting with it. In fact, for _many people_ ,
while installing an application might be a one-time pain, if it offers better
service in some way, it's probably seen as a benefit, not a drawback.

We have Hangouts Meet free at work, available for every single meeting with a
single click. Zoom is also quietly available, but we're disincentivized to use
it, because the company has to pay extra. We have to jump through hoops to get
access. Yet since the COVID WFH revolution, Zoom is becoming more and more
widespread. Because, as a VC solution, it just works, and works noticeably
better than Hangouts Meet.

~~~
hkiely
I can vouch for this. Organizations are adopting left and right - both in the
healthcare and food industry. Why is zoom getting more traction than google
hangouts ever had?

------
geoffeg
> As quarantined millions gather virtually on conferencing platforms, the best
> of those, Zoom, is doing very well.

Why would Zoom care about their privacy issues if they're doing so well off?
Seems like that's a good amount of positive reinforcement that their current
approach is the right one to them. Maybe they'll lose a few thousand customers
because of it, but given what I'm sure was a huge increase in the past few
weeks, why would it be something they're concerned about?

~~~
bradly
The reason Zoom is doing so well is part of its vulnerability. There is very
little vendor lock-in with virtual conferencing platforms. If something
new/better comes out next month, there isn't much a company will give up by
switching vendors. There is little to no infrastructure to setup/maintain.
This is the same reason Slack's popularity has skyrocketed. Because of the
lack of history and transient nature of the content shared in them, these
areas are quick to gain popularity, but also quick to be replaced when a
better product emerges.

~~~
kardos
> This is the same reason Slack's popularity has skyrocketed. Because of the
> lack of history <snip>

Slack's business model [1] is storing all history and charging for access for
it. Nothing transient about that.

[1]
[https://en.wikipedia.org/wiki/Slack_(software)#Business_mode...](https://en.wikipedia.org/wiki/Slack_\(software\)#Business_model)

~~~
tinalumfoil
Is it common to want to keep all that history? My understanding was it's best
practice to delete chats after a certain period to limit the surface area of
any potential legal discovery.

~~~
selectodude
For a lot of industries, deleting internal communication is illegal. For any
publicly traded company in the US, all internal communication needs to be
archived for five years.

~~~
rsanek
Do you have a source for this? I couldn't find anything regarding the 5 year
time frame. I did find [0] which references a few different retention periods,
especially at 7 years.

[0] [https://www.intradyn.com/email-retention-
laws/](https://www.intradyn.com/email-retention-laws/)

~~~
bradly
It's part of SOX. It actually requires the data be unencrypted, immutable, and
available offline. Most corporations (large and small) do not follow this for
email, messaging, wikis and many other services.

------
luminati
Honest question [not trying to act controversial], especially with all the US-
China spat.

Zoom's engineering team is based in China - the product is primarily built out
of there. [1]

What guarantee is there that the CCP is not intercepting/backdooring all video
communications? Especially in current situations, where so much sensitive
information is being discussed via Zoom?

[1] [https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-
ahead...](https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-ahead-of-ipo-
engineers-in-china.html)

~~~
systemvoltage
I've said this time and again only to get downvotes since there is no proof or
substantiation about the CCP surveillance claims. But, it is an important to
keep in mind. There are things that I cannot say due to our employment
contract and NDA, but to say the least, we are looking into this matter.

Surveillance prospects, doesn't matter where they originate - US or China or
Country X - need to be discussed and examined. But apparently, saying anything
against China on HN is an automatic ban for creating a flame war. We've become
too soft. Obviously personal attacks and racism is not tolerable. But, I would
personally (some may disagree) say that we should also criticize bad parts of
culture too...that's for another day or a different forum.

Can we just get past the my country your country bullshit on HN and talk about
privacy implications especially from the world's largest surveillance network?
It is one thing to be spied upon for advertisement tracking, an entirely
another to be spied upon by a brutal authoritarian government. Fearlessly
criticizing CCP or the NSA, or Israeli intelligence agency or whatever...
should be one of the most important things to talk about on "Hacker" news
forum.

I am gonna fire off some anon emails to WSJ/NYTimes/WaPo/Guardian to create
some awareness and perhaps they can dig further into Chinese influence in
using Zoom. I am deeply concerned. The entire world has given up
video/audio/screen/application privacy in a snap... for the data might be
stored in Tianjin datacenter, needless to say whose keys are in the hands of
CCP - I guarantee that but cannot provide proof.

Edit: past comments that were downvoted (and flagged):
[https://news.ycombinator.com/item?id=22657794](https://news.ycombinator.com/item?id=22657794)

[https://news.ycombinator.com/item?id=22684767](https://news.ycombinator.com/item?id=22684767)

[https://news.ycombinator.com/item?id=22663295](https://news.ycombinator.com/item?id=22663295)

[https://news.ycombinator.com/item?id=22705960](https://news.ycombinator.com/item?id=22705960)

~~~
warent
I made a comment a few weeks ago criticizing the Chinese government[1]. No
flame war came of it, it wasn't flagged, downvoted to oblivion, or result in
an "automatic ban." I'm not sure what you're saying to cause those things to
happen, but it doesn't seem to be what you think it is.

[1]
[https://news.ycombinator.com/item?id=22490791](https://news.ycombinator.com/item?id=22490791)

~~~
systemvoltage
I am glad to hear. My perception is based on entire posts (not just comments)
that were flagged due to extreme polarization of views. I can't find the
thread but most comments that were anti-China were downvoted/flagged in that
thread. I just have a general feeling, but I am glad to see your concerned
voiced.

~~~
lostlogin
It’s possibly just perception, but a week or so ago there seemed to be a mass
of China versus US bickering and trolling, then the threads were all deleted.
It was really grim. Dang seemed to be moderating it then presumably had to
resort to killing the lot. Whoever they are, they do a great job.

~~~
systemvoltage
I think it is probably a perception thing or may be not. Here is my opinion.

Dang is doing his job and it is tough. He is keeping this place sound and
clean. Dang - nothing against you but I see some double standards for e.g.
criticizing CCP has far more weight than criticizing western governments. No
one gets offended for criticizing the UK Govt or the German Govt or the even
the Indian Govt - but when it comes to criticizing the Chinese Govt... we
can't do that, it is a flame war. If people get offended, so be it. If someone
from China or of Chinese ethnicity is reading this criticism and doesn't like
it...well, tough luck. The onus is on the person getting offended, not the
offender.

This double standard needs to end (or as I see it through my own lens).
Infact, we should be criticizing the CCP _even more so_ than democratic
governments.

~~~
dang
You guys need to let me know that you have questions like this, assuming you
want an answer. I don't have a mind reader (or even a software alert).

People get moderated here for posting flamebait about western countries and
governments all the time. I'd be careful about that feeling that there's a
double standard. It's a natural artifact of the well-known cognitive biases
that affect these perceptions. You (i.e. everybody) are far more likely to
notice, and to weight more strongly, the cases of moderation that you dislike
or disagree with. That gives you a generalized image of what goes on here. But
that image is just an inverse reflection of your own views. It's not based on
the data as a whole. People with opposite views have the opposite image. To
take the current topic, for example, they say that HN has an extremely anti-
China bias, any comments that try to defend China or Chinese people instantly
get downvoted, the mods are in on the racism, and so on. They have the
opposite image to yours, but they have it for the same reason you do: they
feel very strongly about the issue, and so when they run across instances in
the data stream that touch (i.e. hurt) those feelings, it makes a strong
impression. Those strong impressions accrue into an image of bias. But the
data stream has more than enough data points to make every such impression.
That's simply what you get at scale.

More explanation and links in this recent comment:
[https://news.ycombinator.com/item?id=22723626](https://news.ycombinator.com/item?id=22723626)

------
say_it_as_it_is
One major problem for Zoom is that it cannot merely focus on its core video
conferencing competency while achieving the growth objectives of a publicly
traded company. A high-quality video conferencing platform is hard to
replicate until it isn't. The amount of talent and energy being spent right
now on video conferencing, as a result of remote work, is going to amount to
commoditization of high-quality video conferencing. Zoom has maybe another 12
months of juice left. As a result, it's advancing into new categories and will
compete with customers very soon.

I'd be very cautious about sharing information with Zoom. You may be showing
it where to fish.

~~~
thedance
How hard can it possibly be to replicate? Zoom walked into a market packed
with established players and now they own the whole thing. That suggests the
barriers to entry aren't so great.

~~~
RandallBrown
Own the whole thing? While I used zoom at my last job, I don't at my current
one.

What does zoom do that something like Google Hangouts or Slack doesn't?

~~~
Tankenstein
In my experience it has better reliability and quality, to the point where I
haven't had to worry about it.

------
AndyPa32
The paid version has a feature where the organization admins can listen and
watch in conversations without anybody noticing or giving consent. I am quite
sure that doing so would be illegal where I live (Germany).

~~~
ShakataGaNai
Unless you gave "consent" in your employment contract, or agreement to the
companies employee handbook, AUP or similar documentation. This sort of
"agreement to monitoring" is common in a lot of corporations today.

Please don't use your company issued hardware/software/network for something
not-work related ... and something you wouldn't feel comfortable sharing with
most of your colleagues. There is already a plethora of monitoring going on
out there.

~~~
decebalus1
Not a lawyer, but being a Washington resident (see WA wiretapping laws)
interviewing over Zoom (thus not working for that company and no having signed
any forms/NDAs/waivers) I'm pretty sure someone snooping in or recording the
interview without my consent is illegal.

------
gnusty_gnurc
I’ve found Jitsi to be more than adequate with no need to download an app onto
my computer. Just share the link with my friends!

~~~
JumpCrisscross
> _I’ve found Jitsi to be more than adequate_

Just looked it up. Seems to be Chrome only. As a Safari and Firefox user, that
ends my decision-making tree with two clicks.

~~~
bennofs
They are working on it: [https://github.com/jitsi/jitsi-
meet/issues/4758](https://github.com/jitsi/jitsi-meet/issues/4758).
Unfortunately, I think WebRTC support is still not 100% uniform across
browsers (there seem to be a range of browser-specific behaviour and bugs),
making it hard to easily support all browsers. And Chrome appears to be the
browser which implements new WebRTC features the fastest, so I can understand
Jitsi Meet focusing their efforts on that platform.

You don't need chrome though, chromium should be enough.

------
GekkePrutser
Yeah I hate ZOOM sooo much.

First there was the issue with them turning on the camera by default. At least
you could turn that off. Then there was the spyware they installed on every
Mac without even asking for consent. And now this...

Since the spyware thing I refuse to install their crap on my machine, but one
of our suppliers still uses it and the web client is very choppy.. But they'll
just have to put up with it. I'm never installing it again.

~~~
geoffeg
I also find their UI to be frustrating, especially the chat part of it. I have
yet to find a way to make the chat more dense, every message seems to have an
excess of white space. Also, at least with the company that I use it with,
there's no obvious way to search message history.

~~~
bchociej
Agreed. I find the whole experience to be horrible. Especially having to
install some garbage executable rather than using my browser. It does nothing
for me that Google Meet doesn't do better.

------
ryeguy_24
I get that privacy is important but this company has become a household name
over night. My mom literally just installed Zoom because her friends were
talking about it (eyeroll). The company has obviously helped the global
economy work remotely and keep productivity moving over the past few months.
First, thank you to Zoom for making a great product and continue to work under
ridiculous load. Secondly, I agree that privacy is an issue but can we tone it
down a bit considering the global situation at stake.

What am I missing? I'm asking humbly. Because it seems like we are complaining
about the food at a homeless shelter?

~~~
exolymph
At what time would it be acceptable to critique Zoom's surveillance practices,
in your view? We're not allowed to complain when a useful tool also spies on
us?

~~~
ryeguy_24
Not criticizing the timing. Criticizing the tone. My rule in life is politely
ask first, if no response then by all means, bring the wrath. Does anyone know
if they've ignored the concern?

Everybody assumes every company is a villain these days. Maybe this was an
overlooking and they'll happily fix? Anybody ever think of that?

~~~
xenonite
> Does anyone know if they've ignored the concern?

Well yes, an example is their reaction on their Zero Day:

[https://medium.com/bugbountywriteup/zoom-zero-
day-4-million-...](https://medium.com/bugbountywriteup/zoom-zero-
day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-
ac75c83f4ef5)

> Ultimately, Zoom failed at quickly confirming that the reported
> vulnerability actually existed and they failed at having a fix to the issue
> delivered to customers in a timely manner. An organization of this profile
> and with such a large user base should have been more proactive in
> protecting their users from attack.

------
gbrown
One thing I've noticed about it which rubs me the wrong way is that, on Linux,
when I exit the application it keeps running in the background. There's no
reason that it advertises why this should be necessary, and I don't see any
option to disable it. I shouldn't have to manually kill the process to exit a
program.

~~~
ntnsndr
I agree this is annoying, but you can always Exit the program from the icon in
the menubar (works for me on both GNOME and xfce).

------
chias
I thought this was going to be about their hilarious CSP, which whitelists the
following domains:

    
    
        'unsafe-eval'
        'unsafe-inline'
        blob:
        https://*.50million.club
        https://*.adroll.com
        https://*.cloudfront.net
        https://*.google.com
        https://*.hotjar.com
        https://*.zoom.us
        https://*.zoomus.cn
        https://*.zopim.com
        https://ad.lkqd.net
        https://ajax.aspnetcdn.com
        https://apiurl.org
        https://appsforoffice.microsoft.com
        https://assets.zendesk.com
        https://bat.bing.com
        https://cdn.5bong.com
        https://cdn.jsdelivr.net
        https://cdncache-a.akamaihd.net
        https://code.jquery.com
        https://connect.facebook.net
        https://consent.trustarc.com
        https://extnetcool.com
        https://fp166.digitaloptout.com
        https://googleads.g.doubleclick.net
        https://intljs.rmtag.com
        https://pi.pardot.com
        https://px.ads.linkedin.com
        https://ruanshi2.8686c.com
        https://rum-static.pingdom.net
        https://s.dcbap.com
        https://s.yimg.com
        https://s.ytimg.com
        https://s3.amazonaws.com
        https://scout-cdn.salesloft.com
        https://sealserver.trustwave.com
        https://secure-cdn.mplxtms.com
        https://secure.myshopcouponmac.com
        https://snap.licdn.com
        https://sp.analytics.yahoo.com
        https://srvvtrk.com
        https://static.zdassets.com
        https://static2.sharepointonline.com
        https://tag.demandbase.com
        https://tpc.googlesyndication.com
        https://tracking.g2crowd.com
        https://translate.googleapis.com
        https://trk.techtarget.com
        https://unpkg.com
        https://www.comeet.co
        https://www.dropbox.com
        https://www.google-analytics.com
        https://www.googleadservices.com
        https://www.googletagmanager.com
        https://www.gstatic.com
        https://www.youtube.com
        https://d.adroll.mgr.consensu.org
        https://serve2.cheqzone.com
        https://static.ada.support
        'self'
    

via:
[https://twitter.com/jasvir/status/1242518507683639296](https://twitter.com/jasvir/status/1242518507683639296)

~~~
quickthrower2
Yes unpkg and s3, anyone can get content up on them.

------
blntechie
Zoom have had several controversies with its privacy now and still going
strong . Great staying power like Facebook.

The product must be really good. I have never used them more than in couple
occasions and found it like any other web conferencing tool in my opinion.

~~~
alfalfasprout
Truth is, it has the best video quality I've seen out of any of the video
conferencing tools out there by a mile. Only Facetime comes close and it's
limited to apple hardware and has more limited screen collaboration tools.

As a result, they're going to have staying power.

~~~
unlinked_dll
Maybe I'm biased but video quality doesn't really bother me nearly as much as
audio quality, and Zoom kinda sucks there. Part of it is the codec, but their
AEC is so godawful we have to force everyone on calls to use headphones.

Video quality is really only necessary when screen sharing, and zoom does OK
there.

~~~
codetrotter
> AEC

I haven't heard this abbreviation before but I assume it means Audio Echoing
Cancellation.

~~~
unlinked_dll
Usually Acoustic Echo Cancellation but yes. When it's good you don't notice it
(several commercial audio installation products do a great job at it) but when
it's bad it's _really_ bad. I'm not sure if Zoom even bothers.

------
pearjuice
Did you know they also make a public address book in your entire organization
of people on zoom? You can't easily opt out of this. I'm currently contracted
at a govt organization which other than mundane conference calls you have to
reserve a spot for by email (which nobody does because it's not 1998) doesn't
have any remote video/audio infrastructure so basically each team is doing
their own thing. Some use zoom, others discord and so forth. A lot of teams
started to use zoom and they sign up with their @xyz.gov e-mail. Literally
everyone is then public to everyone on @xyz.gov and whether they're currently
in a call.

Everyone is still on the free plan and reconnecting after 40 minutes (it's
basically standard procedure when the 10 minute countdown starts to rejoin). I
bet it won't take long before zoom sales get in touch and you think the person
going to approve the tailor-made $$$ contract cares about privacy? Or the 700
people already using it except for a small minority who don't have any
influence in this kind of decision making?

------
skrebbel
Is Zoom-dissing just in fashion these days? In the last few days I've seen
these on HN:

\- Having the Facebook SDK installed in their iOS app, which sends user data
to Facebook even if the user has no Facebook account

\- Having a setting, that's off by default, that lets other callers see
whether you have the Zoom app in focus

\- Having a general "accessibility over security" engineering attitude, which
led them to eg shipping their desktop apps with a builtin HTTP server (and
with it a much bigger security surface area), just to skip one extra step in
the join-meeting-via-a-zoom-link-flow. They removed it after a backlash, but
the engineering attitude probably didn't change.

Now, I agree that all of these are bad. It's OK for outrage to happen over
these things, every single one of them are shit and major companies like Zoom
need to get their act together.

But I also think that _many_ apps out there do stuff like this. The majority
of popular apps, I'd wager. Why is Zoom being singled out? First Vice, now a
Harvard blog, a _bunch_ of unsubstantiated tweet storms.. Is it just, en vogue
to diss Zoom somehow?

~~~
catalogia
> _Why is Zoom being singled out?_

There is no conspiracy here, calm down. Zoom is popular, therefore people talk
about it.

------
Tokkemon
Is Zoom the best though? Google Hangouts seems to be just as good.

~~~
buro9
Try it at 12 people.

Try it when you want to control who is speaking and when.

Try it when you want to co-ordinate hundreds of participants and still want to
track who has a question so you can hand the virtual mic / airtime to them.

Try it when you want breakout groups and to determine who is in which group,
and after a set time for the groups to return to the main space.

What is good enough for 2 people facing each other, and appears to work
perfectly well for a group of 5 or 6... doesn't quite scale to a company all-
hands, or giving a lecture or seminar.

Tools fit a scale, and Zoom is excessive for the small and simple use-case but
excels at the large and complex.

~~~
Spivak
Which is a long way of saying that Zoom is one the few companies that has been
around long enough to deal with all the edge cases. Throw a few devs in a room
for a bit and you'll get a perfectly usable video chat for 1-1 or a small
group, but you won't get Zoom.

~~~
Wowfunhappy
Wikipedia says Zoom was founded in 2011. Google Hangouts has been around for
about the same amount of time, and Skype predates them by quite a bit.

I don't quite understand why Hangouts and Skype aren't more robust than they
are. I'm sure this is indeed a hard problem, but the utility of getting it
right is obvious, and these are massive companies.

------
Medicalidiot
I am always very hesitant to say anything personal over any video chat medium
unless I know it's end to end encrypted. I know that they're not actively
watching my video meetings, but it's still causing a chilling effect in how I
conduct myself with their service.

~~~
angry_octet
Zoom works in China, ergo it is being recorded and analyzed. Automatic voice
transcription is a thing.

~~~
leesalminen
I just realized this yesterday when Zooming with someone in China w/o a VPN.

~~~
angry_octet
And here it is:

[https://citizenlab.ca/2020/04/move-fast-roll-your-own-
crypto...](https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-
quick-look-at-the-confidentiality-of-zoom-meetings/)

------
kitotik
Clearly they don’t “need” to do a thing. They were already gaining a ton of
market share before COVID19, and this has only cemented their position.

The people who are concerned about privacy aren’t really the ones writing them
big checks anyway.

------
CoffeeDregs
Title is sort of incorrect: "Zoom needs to clean up its privacy act" should be
"Zoom needs not to do stupid shit"...

I'm a fan of the product but this is ridiculous behavior (great Linux
support). I have a hard time imagining the product meeting in which "Yes.
That's a good idea. Let's do it." was said. I get that FB is big, that Zoom
wants the credibility, etc but that's a sign that management is not thinking
clearly about their product and should be a red flag to any investor (among
the many green flags from current demand)...

~~~
thoraway1010
You realize investors are laughing their way to the bank because of the ease
of use focus of zoom? The investors in the fully encrypted privacy based video
conferencing platforms (yes, they exist) are broke now.

------
wintermutestwin
Use case: Mediation

Zoom is the only easy to use videoconferencing tool I have found that can do
breakout rooms. Mediation is, by law, a confidential process.

From the ConsumerReports article: "Videos aren't off-limits, according to the
document, and neither are transcripts that can be generated automatically, the
documents you share on your screen, or the names of everyone on a call."

In recommending that my clients use Zoom, am I violating my ethical and legal
requirements? Is Zoom breaking the law?

------
afrcnc
I think people are missing the fact that ZOOM doesn't actually clean up its
act. It has lots to profit from selling user data.

------
quantified
Note also at least the unwanted/unnecessary facebook connection:
[https://www.vice.com/en_us/article/k7e599/zoom-ios-app-
sends...](https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-
to-facebook-even-if-you-dont-have-a-facebook-account)

------
james_niro
I am using zoom for school with 300 students and it works great. My professors
who are not tech savvy were able to use it without problem. Zoom makes
recording, screen sharing and chatting much easier than other softwares. Also,
I like how easy it is to call in.

Also, at my work we use zoom for everything. It is a powerful software that we
love.

------
astatine
We have been using Zoom four 4 years now. And it has simplified conferences
enormously. Sometimes a few of our customers insist on using their own
corporate mandated systems. Half of these times there is a struggle to get the
meeting going for one reason or the other. We offer to set up a zoom call and,
quite literally, the call is back on track within 2 minutes. Regardless of
which country the user is in, the device being used, or any other parameter
which somehow seems to trip up all the other systems regularly.

I have used Skype, webex, hangout meet, gotomeeting, various other entirely
web based ones and none come close to the reliability that Zoom provides. No
wonder it's getting adopted like crazy.

Kudos to them for handling this traffic with absolutely no visible hiccups.

------
jb3689
Zoom should really come out with a public statement (does one exist?). They've
been called out a number of times over the past week or few and I think it
would be wise for them to clear up any misconceptions (or hide in a turtle
shell if they are clearly screwed either way)

------
oblivionreb
It's a necessary evil for many of us students. Institutions just aren't
willing to deal with compatibility/pricing issues with such short notice. Zoom
found its niche as a bootstrap crisis averter, I guess

------
eagsalazar2
This post inspired me to actually try out Jitsi but was put off by their
request for access to my Youtube profile when the prompt was "connect your
google calendar". WTF?

Anyone know what that permission is even about?

------
tinyhouse
Do Zoom have their own infrastructure or do they run on aws/azure/gcloud?

I think it's amazing how zoom became so popular recently. It's even been
approved to be used for Passover Seder dinner by some Rabbis :)

It also very popular in academia and reminds me of Dropbox. When I was a
student everyone around me used Dropbox. They developed a great product which
competes with Google and other giants. But those were all unpaid users and
eventually Dropbox moved their focus to Enterprise. Zoom will soon be in a
similar situation.

~~~
Rafuino
I had the same question... It looks like they use AWS, though this paper I
found is dated May 2013...

[https://d24cgw3uvb9a9h.cloudfront.net/static/40580/doc/Zoom-...](https://d24cgw3uvb9a9h.cloudfront.net/static/40580/doc/Zoom-
Security-White-Paper.pdf)

------
coder1001
"the best of those, Zoom, is doing very well"

Is Zoom really the best? No other comparable platform out there?

Anyone know how difficult it would be to build something like it on top of aws
or a similar cloud?

~~~
jamra
Web RTC pretty much handles peer to peer video chat. I think you just need a
server to organize the call’s, provide chat, and login from

~~~
fsh
Peer 2 peer doesn't scale for video conferencing with many users. Jitsi only
does it for two participants. Everything larger has to go through the server.

~~~
ryeguy_24
Why doesn't it scale? Because for n participants, each would need n-1
connections?

~~~
fsh
Each client has to send n-1 streams and domestic connections usually have
quite weak uplink.

~~~
jessaustin
ISTM there could be some opportunities here? First, not everyone is talking at
once (else this is a riot rather than a conference), so many of the uplinks
could be "nothing new" packets for much of the time. Second, if any
participant(s) (even a dummy participant) has faster uplink, that/those
client(s) could forward to the rest of the group, in a fashion somewhat
analogous to torrent.

~~~
jamra
You could also do leader election and make that one leader be the sink. Then
broadcast to everyone else. However, I'm gonna keep my trap shut because I
don't want to get downvoted by this elite squad of video professionals.

------
wyoh
Can someone explain the advantages of Zoom over a FOSS solution lake Jitsi
Meet? [https://meet.jit.si/](https://meet.jit.si/)

~~~
nhf
Institutional buy-in and support. When your 40,000 student university's
administration declares "we are using Zoom for online classes and it's been
integrated into our class management system by IT", it just gets used.

And that university chooses to use Zoom over another solution for many reason
- after-sales support, SLAs for performance and availability, pre-written API
integrations for their CMS and student ID system, guarantees from their sales
team about regulatory compliance, and the like.

------
EastSmith
I've been using zoom for more than a three years now, and I want to know if
Zoom is providing transcripts of private 1 on 1 conversations to the room
owner.

Just to clarify - the zoom room is not mine. We are using it across a group of
like 10, for a group meetings - sometimes all of us, sometimes subgroups,
sometimes one on one.

I can not imagine a world where a company would do that, but given the recent
events, I am not ruling out this level of creepines.

Zoom?

------
chandru2
K-12 education uses zoom because it's HIPAA and FERPA compliant. My
understanding is that Skype and Hangouts aren't.

------
femmelibre
The case of #poorjennifer calls for major concerns. Every woman should feel
safe using Zoom for work, never worry about privacy violation, such as manager
videotaping her without her consent, then saving recordings in zoom cloud
without her knowledge. Zoom videotaping goes against Privacy Law in
California. Consent is diligently required.

------
avmich
> Zoom has an extremely valuable service, which it performs very well—better
> than anybody else, apparently.

Objection - best advertised (or should I say "best" advertised) doesn't equal
best. I'd be truly surprised if somebody actually presented convincing
arguments that Zoom service is better than anybody else.

------
ChicagoDave
I experienced the switch from Webex to Zoom in a corporate office environment
and being able to see your meeting on the iPad and clicking start is a huge
win. And if you’re in any room you can just connect because it knows where you
are.

Webex addresses are stupid by comparison.

I don’t like this Facebook crap but otherwise Zoom is pretty slick.

------
ChrisMarshallNY
Probably ninja'd, but it looks like Zoom cleared this up:

[https://www.vice.com/en_au/article/z3b745/zoom-removes-
code-...](https://www.vice.com/en_au/article/z3b745/zoom-removes-code-that-
sends-data-to-facebook)

------
sloshnmosh
I am very curious about Zoom’s desktop version as I have seen it used for
sensitive telemedicine sessions between doctors and court ordered patients. I
think Facebook’s response was disgraceful, putting the onus and blame on the
developer after FB developed a plug-in which is no different than malware.

------
guptaneil
If anybody else is wondering about alternatives, DHH sourced some ethical
options in this Twitter thread:
[https://twitter.com/dhh/status/1243248363979419649?s=21](https://twitter.com/dhh/status/1243248363979419649?s=21)

Of those, I tried whereby.com yesterday and was blown away. It just works with
zero downloads in any browser, including mobile, and is very high quality.
From my brief usage, I highly recommend it for small teams.

------
tobyhede
If your answer to a privacy concern is "use a Google product" you may not
quite understand Google's business model.

Zoom is as good as video can be in 2020. Google may be on parity, but tools
like WebX are laughably inferior.

------
mehrdadn
_Zoom Removes Code That Sends Data to Facebook_ :
[https://news.ycombinator.com/item?id=22708233](https://news.ycombinator.com/item?id=22708233)

------
tomc1985
Where did Zoom suddenly come from? I never even heard of it until this
quarantine stuff, then all of the sudden everyone is talking about videochat
on Zoom.

It's like WTF, another contender for this throne? Sigh.

------
frabbit
Are there any advantages to Zoom over Jitsi Meet? For most people's use case
(a small group of family friends) the simplicity and quality of the Jitsi Meet
setup is incredible.

------
hanoz
As it's beginning to look like my days as a Zoom refusenik are numbered, what
is the safest way to use it? Android, iOS, Chomebook, some form of
virtualization or container?

~~~
bchociej
I run it, along with other sketchy garbage proprietary software for wook, in a
QEMU VM. Or I just dial in and let people suffer through me being on a phone
connection owing to their choice of software.

------
tmpynews
I don't know if it can. Its always bound by its government. By that measure I
am really surprised people in large companies trust it. I really am surprised
by its adoption.

------
zekrioca
Does any one have any knowledge at how Zoom is architected? I know they own
some datacenters, but so does Microsoft, which has a worse service than Zoom.

~~~
bennofs
An overview is given in their blog post:
[https://blog.zoom.us/wordpress/2019/06/26/zoom-can-
provide-i...](https://blog.zoom.us/wordpress/2019/06/26/zoom-can-provide-
increase-industry-leading-video-capacity/)

However, I would also like to know if there's more to it. Do they do any
server side transcoding? Do they get an advantage by having multiple backend
servers connected through good links, having clients connected to the nearest
one and routing efficiently through their network? It appears that they use(d)
H264 as their codec, are there some technical tricks they use to cope with
variable bandwidth (do they use scalable video coding or simulcast)?

------
liquidify
For a piece of software that initially made claims to having encryption and
privacy concerns, yes, yes they do.

------
brenden2
Not just Zoom, basically every company.

------
quocble
Wow, hackernews is a cesspool of self-serving "intellectuals". We're in the
middle of a pandemic, which already killed 27 thousands people. And the #1
post is privacy act? Can't you guys admit that you didn't come up with video
calling company worth 37 Billion dollars. Maybe it's worth talking the
positive impact on Zoom during this crisis.

~~~
FridgeSeal
“This company is doing incredibly shady things and exploiting its sudden boost
in popularity, so you guys shouldn’t criticise it, because it’s made soooo
much money and you didn’t and it’s therefore above criticism “

That’s how your comment reads. The fact that it’s worth so much is almost
completely irrelevant, and if anything, should mean they have more
responsibility to do the right thing.

~~~
quocble
It's a matter priority.

If it's a real problem, go sue them. Do you need a Havard op ed to tell you?

------
ddrt
Coincidentally NextDNS blocked my use of the Harvard site for bad ad tracking.
Hmmm.

------
monadic2
Too little, too late. Corporations cannot be trusted with software.

------
nsmog767
Of all things, lack of trust and transparency from a video platform is pretty
scary. Hard to justify using Zoom any longer. Lifesize is a good alternative
that a lot of people don't know about (I have no stake in them, but have used
it before).

------
gruglife
I have the feeling that outside of the HN community and other tech
communities, most people just don't care about this, which is sad.

------
st3fan
Where is the Zoom CEO in this thread?

------
bena2005
broken link?

~~~
thought_alarm
[http://webcache.googleusercontent.com/search?q=cache:RxLbT_L...](http://webcache.googleusercontent.com/search?q=cache:RxLbT_LzyRMJ:https://blogs.harvard.edu/doc/2020/03/27/zoom/&hl=en&gl=ca&strip=1&vwsrc=0)

------
meritt
It works really well.

One that has been a total game changer for my company is when I'm hosting a
conference call, I can simply "Invite by Phone" my participants. They get a
phone call, are prompted to "Press 1 to enter the conference", and boom
they're in. It's drastically reduced people fumbling around with phone numbers
+ participant codes, ending up in the wrong meeting, or getting stuck in some
unnecessary software install loop. If someone is more than two minutes late,
they're getting a phone call that brings them instantly into the meeting.

Also a really nice feature, again for phone conferences, is when people dial-
in I see their phone number handle in the UI. But during the call as they
introduce themselves or I look up their number, I can then rename their user
to something recognizable. Now if I'm on a call with 5 people at another firm,
I appear really impressive because I know who each person is by their name.
When someone is speaking on the conference call, their icon lights up. If
someone has a ton of background noise I can easily mute them.

Zoom Phone (addl paid feature) is awesome too. Virtual phone numbers, IVR,
call routing, busy hours, I can instantly turn a 1:1 conversation into a zoom
meeting that other people can join, etc. Zoom Phone works on my iphone like a
regular dialer, and I can place/receive fully digital calls on it (pretty
similar to how Google Voice works), so it doesn't matter if I have actual cell
service.

I've never used Microsoft Teams, and does look really snazzy, but Zoom is an
absolute joy to use compared to every single other conferencing software I
have ever used. The video chat and screensharing is fast and responsive and
just works exactly like you would expect it to.

~~~
panpanna
> It works really well.

Does it?

Asking because I just left a zoom meeting with horrible sound quality and
extremely bad video quality. Why would anyone prefer that to Teams is beyond
me.

Edit: interesting this is _heavily_ downvoted. Can't a person have a bad
experience and tell HN about it?

~~~
meritt
I have about a year of near daily anecdotal evidence to the contrary. So, in
my experience, yes it works extremely well. I'm not saying it's better than
Teams at all, I've never used that, and it looks pretty awesome from their
marketing page. Microsoft has _really_ stepped up their software quality game
recently.

I _can_ say Zoom is way the hell better than: Slack/Screenhero, TeamViewer,
join.me, GoToMeeting, WebEx, Skype, Google Hangouts, BlueJeans, ugh the list
goes on over the past years.

~~~
panpanna
But your flawless experience does not help me.

I had a horrible meeting today (not the first time, but today was particularly
bad).

In fact, I recorded part of it with my phone and tomorrow I Will have a chat
with our IT people to ask people to avoid using zoom.

~~~
mattmcknight
"I Will have a chat with our IT people to ask people to avoid using zoom."
Foolish. What works better combining VTC and easy join phone calls? Surely not
Teams. Was on a 400+ person Zoom call that went great. Problem is likely in
your network.

~~~
panpanna
out of curiosity, why not Teams?

~~~
jedieaston
For one, Teams doesn't include dial-in/dial-out, that's another $1.50 per
month per line (still cheaper than Zoom if you have Office 365 already).

But another, more important one is: the last time we tried using Teams/S4B
meetings, if you are contacting a client where they are in a different Office
365 tenant, and the security settings are turned up on their tenant to not
allow logging in as a "guest" to other tenants, they can't join your meeting.
(or at least, not without launching an incognito window and reopening the
meeting link) Azure AD tries to login as their user account, fails because
they aren't allowed, and leaves them on an error message screen without any
way for the meeting host to troubleshoot. Zoom, since it's out of band of
anything that IT usually touches (unless you turn on the "only allow people in
my organization to join this meeting" function), won't have this issue since
the outsider will automatically be offered the choice of logging into a Zoom
account or just giving a name for this conversation (as far as I've seen).

It's one of those scenarios where Microsoft being so entrenched in the
environment actually lessens productivity. You can argue that people shouldn't
be blocked from joining outside meetings, or that shadow IT is evil and should
never be encouraged, but when security steps in the way of productivity,
shadow IT usually naturally results, as so many SaaS vendors (Zoom, Basecamp,
Dropbox) rely upon. Zoom acts like malware (to a degree) by installing to
user-only directories and working around corporate security to make it easier
for the end user to use the product. At a big company, approval for a video
conferencing system could take months of PoCs, vendor meetings,
implementation, and so on. But if you can just say "Join my Zoom meeting! It
takes a minute! It integrates with Outlook so we don't have to even go to
another website! And it's cheap!", then all of the corporate BS is cut
through, and by time IT finds out, half the company is using it and they'll
start paying for it so the enterprise stuff works (i.e. SSO).

(Basecamp is another good example of this. It gets tons of adoption by running
in a browser window and only costing $99 per month for unlimited users, so it
fits on a manager's expense account and user onboarding is super simple from
there. and it's really easy to use.)

~~~
thoraway1010
This exactly.

What's really funny is if a VP says, we should start evaluating enterprise
conferencing software, get's down the road with the webex and friends sales
teams, and then everyone tells them to go home because it's too late when they
finally have the roll-out meeting or the feedback meeting - everyone is using
zoom already.

------
bluntfang
harvard needs to pay their food service workers

------
shaan1
Think twice before using Zoom. They have a lot of engineers in China
developing the core technology. You would be foolish to conduct meetings and
share sensitive docs over zoom. Communist party is listening to everything.

[https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-
ahead...](https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-ahead-of-ipo-
engineers-in-china.html)

~~~
madwhitehatter
Zoom was developed in China

Look at the top of page 21 of their sec submission.
[https://www.sec.gov/Archives/edgar/data/1585521/000119312519...](https://www.sec.gov/Archives/edgar/data/1585521/000119312519083351/d642624ds1.htm)

------
shd4
Zoom needs to fuck off. This is apologism. We need open source and
decentralized solution and we need to shut up. I'm tired of this.

~~~
tomstockmail
I've been using Jitsi Meet

[https://jitsi.org/jitsi-meet/](https://jitsi.org/jitsi-meet/)

~~~
shd4
Thx! Heard about it already. I'll do a personal analysis and I'll report.

