
Zoom iOS app sends data to Facebook even if you don’t have a Facebook account - softwaredoug
https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
======
godelski
> There is nothing in the privacy policy that addresses [that data is being
> sent to Facebook]

> The Zoom app notifies Facebook when the user opens the app, details on the
> user's device such as the model, the time zone and city they are connecting
> from, which phone carrier they are using, and a unique advertiser identifier
> created by the user's device which companies can use to target a user with
> advertisements

So Zoom is sending the fingerprints of mobile users to Facebook. Which helps
Facebook better track users across the internet. Not only this, but Zoom is
not disclosing this information (though it isn't like people read TOS and
would be aware of this anyways).

Can we just stop sending data everywhere? If you don't need it, don't gather
it.

~~~
leggomylibro
It's past time for us to get serious and apply HIPAA-style protection to the
storage and transmission of PII, without exemptions.

Companies like Facebook will complain loudly that they won't be able to
survive, but that is not our problem. If we pass legislation with teeth, they
will need to change their business model. That would be the point.

~~~
gazzini
I disagree with this — more regulation will make it harder to innovate.

For example, I’ve met several founders who wanted to enable tele-medicine
years ago but decided against it because “the lawyers cost more than the
engineers”, and walking-on-eggshells destroys morale & iteration speed.

I’m not arguing to de-regulate heath data — my point is that we should
selectively apply regulation.

It’s likely a great thing to regulate self-driving cars. But please keep the
lawyers away from my niche online forums, 3rd-party clients for social apps,
blogs, video games, calculators etc...

~~~
danudey
If a company can't 'innovate' without sharing users' data with third parties
or treating it recklessly through lax security (or uploading database dumps to
publicly-accessible S3 buckets) then that company doesn't deserve to be in
business.

It doesn't take a suite of lawyers to enforce that, either. Health care is
gigantic mess of bullshit in the US especially, because of the multiple
different 'stakeholders' \- customers, insurance companies, brokers,
"networks", hospitals, doctors, etc., and every mistake is a gigantic lawsuit
waiting to happen. It's a disaster however you cut it.

As for personal data for some arbitrary startup, any argument that
"innovation" depends on being able to be careless or cavalier with that data
is just ridiculous. Be careful with it. Store it properly. Only collect what
you need, and delete the rest. Expunge data you no longer need. Never send it
to any third party without asking the user, and provide clear information
about where and with whom the data is processed and stored at rest.

There, now you're being careful with user data and you can still "innovate"
decent products, as long as your business model isn't user-hostile from the
start.

~~~
dahfizz
I think you've missed your parents point.

The problem they point out is that well intentioned businesspeople who want to
provide you a useful service and store your data correctly are priced out.

If you want to deal with medical data of any kind, you need a lawyer. Full
stop. It doesn't matter how good your intentions are, or how many "best
practice" blog posts you follow. You need to hire a lawyer, and lawyers are
incredibly expensive.

> Be careful with it. Store it properly. Only collect what you need, and
> delete the rest.

This is great advice, but that's not how laws work. Congress won't pass a law
that says "store it properly". They are going to pass a law that describes how
you can and cannot store data in 600+ pages of legalese. And no matter how
properly you think you're doing things, you have to have a lawyer to know
you're actually doing it properly.

Said another way: regulation always adds cost and barriers to entry. These
affect the "good" business just as much as the "bad" business.

~~~
dx87
Not every business has to be viable for a startup. I'd rather a company that
can't afford a single lawyer not have access to my personal information. If
that means pricing them out of it through regulation, then so be it.

~~~
bpodgursky
Then don't use the startup? Not everyone has the same calculus as you. You
don't need regulation in order for you to not use a product.

~~~
toomuchtodo
Regulation exists to protect citizens at scale. “Don’t use the business” isn’t
how we’ve built society, rightfully so. If you believe the regulation to be
onerous, fix it.

One is not entitled to do whatever one wants to generate a profit, at the
detriment to uneducated or unsophisticated citizens, or society as a whole.

~~~
manigandham
> _If you believe the regulation to be onerous, fix it._

Well, that's what they're doing by not wanting it.

------
st3fan
EVERY. SINGLE. APP. THAT. INCLUDES. THE. FACEBOOK. SDK.

Even if you don't log in. The Facebook SDK sends data back.

Hook your device up to an intercepting proxy and start up a few apps. 99% of
them do this.

I really wish Apple would put an end to this.

~~~
AnthonyMouse
> I really wish Apple would put an end to this.

This is what really gives lie to the whole walled garden thing. Its selling
point is supposed to be in Apple preventing things like this, but here we are
in reality and they don't. Meanwhile they do e.g. prevent Signal from
replacing Apple's default app for SMS, which has no purpose other than to
create barriers for cross-platform competitors to the default apps.

~~~
Polylactic_acid
Its incredible how blocking changing the default app on iOS isn't illegal. Its
obviously insanely anti competitive.

~~~
Phlarp
It's like people forget "the bar" for anti-trust action used to be bundling
the default app (web browser) with the OS (windows)

~~~
yborg
You're forgetting the 90% market share part.

~~~
AnthonyMouse
Apple doesn't have >90% market share for iOS app stores? Who is their
competition? You can't run an Android app on iOS. There are no iOS apps on
Amazon or Google Play. That makes it a separate market.

~~~
madeofpalk
100% market share of your own market doesn't really count.

~~~
AnthonyMouse
Saying "your own market" doesn't mean anything. Every monopolist has 100% of
their own market. On the other hand, Clorox has 100% of the "Clorox bleach"
market.

The question is whether your products and your supposed competitor's products
are really the _same_ market. In other words, are your customers the same
individuals? Are the products substitutes for one another?

For Clorox bleach and other bleach they are. All bleach is the same, they're
perfect substitutes, if the store is out of Clorox bleach and you buy some
other bleach you'll never even know the difference.

For iOS app stores and Android app stores, they're completely different
markets. The customers for iOS apps are people with iOS devices and the
customers for Android apps are people with Android devices -- almost
completely disjoint sets of people. If the iOS app store is down, it's
infeasible for the average user to get an app from Google Play instead -- they
would have to spend hundreds of dollars to buy an Android phone, then replace
all of their other apps, just to substitute one app. It would be like saying
AT&T didn't have a monopoly in 1970 because you could change carriers by
moving to Canada. They're completely different markets.

------
julianozen
To clarify, having just worked with the Facebook SDK library for my company's
codebase, I dont think it is possible to setup the SDK without this happening.
Disclaimer: I do not know what the FacebookSDK does after you call it's launch
methods but I am pretty certain that they are required for a least some
versions of the SDK.

If you are a Zoom user who is not using a Facebook account, I believe the only
info Facebook is getting is that the Zoom app was launched and nothing about
the user itself. Unfortunately the side-effect of using the FBSDK is that
Facebook can track your app's usage for all users.

I believe this is true of all apps with a "Login in with Facebook" button.
FWIW, it does not appear that other OAuth's do this (including Google's)

~~~
xmprt
Can't they fingerprint the device? The fact that Zoom was launched on a
specific device is still a lot more information than I would be comfortable
giving up if I don't use Facebook at all.

~~~
godelski
It looks like they are fingerprinting the device. Which means that if you have
facebook but don't install the phone app, that your phone can be connected
with your account and then you can be tracked across the web. There are also,
of course, the facebook shadow accounts. Information connected with
fingerprints, but not associated with a facebook account.

~~~
valuearb
If they are it's against Apple's rules. Not sure what they are using to
fingerprint anyways, given Apple has blocked access to the older system values
that were being used.

~~~
godelski
> Not sure what they are using to fingerprint anyways

>> The Zoom app notifies Facebook when the user opens the app, details on the
user's device such as the model, the time zone and city they are connecting
from, which phone carrier they are using, __and a unique advertiser
identifier__ created by the user's device which companies can use to target a
user with advertisements

~~~
jayrhynas
There are two identifiers: Identifier for Advertisers (IDFA) and Identifier
for Vendors (IDFV).

IDFA is the same across all apps on a device. However, it can be reset by the
user or disabled (in which case it returns all 0s). Also, apps have to
disclose (to Apple) that they use the IDFA - not sure if that's visible to the
user in the App Store anywhere.

IDFV is unique per _vendor_ \- that is, each app has a different ID, but two
apps from the same developer will have the same ID. I believe this is also
reset when resetting the device.

The FBSDK doesn't require developers to enable the IDFA, so the unique
identifier in the phone home request is either the IDFV (effectively unique)
or just a UUID that the FBSDK generates and stores on launch.

------
sneak
Reminder: The NextDNS iOS app allows you to monitor and block these types of
requests from _all_ of your apps, via their DNS logging/filtering. (You can
also configure the retention on the DNS logging, so as to not cause more toxic
waste data.)

I can't recommend it enough. Until/unless we get something like Little Snitch
for the phone (are you listening, Apple?!), this is the next best thing.

~~~
claudeganon
Are there any guides for running your own setup with similar filtering
functionality? Not keen to run all my traffic through some unknown VPN.

~~~
sneak
NextDNS doesn't send the traffic, just DNS (and, entirely encrypted via DoH,
unlike normal DNS), but if you're concerned about it, something like pi-hole
does much the same thing, and is self-contained/self-hosted.

~~~
leesalminen
I deployed a VPN+PiHole on a micro ec2 instance for use from my iOS devices.
Works great. First i installed pihole and configured, then used this
[https://github.com/jawj/IKEv2-setup](https://github.com/jawj/IKEv2-setup) to
setup the vpn. Took about 30 mins. Works great!

~~~
sneak
Why do you trust AWS more with your traffic than an ISP?

~~~
mariomariomario
Because AWS is going to have to answer to pissed off Enterprise customers if
there was ever a story to come out that they're handling customer data
inappropriately.

------
rococode
If you have a Facebook account and are curious what other apps and websites
are sending data about you to Facebook, check out this link:

[https://www.facebook.com/off_facebook_activity/activity_list](https://www.facebook.com/off_facebook_activity/activity_list)

(click the area with the various app & website icons to expand into a more
detailed view)

I was pretty surprised the first time I came across that list, there are a lot
of apps on there that I never did a Facebook login with. For example right now
I see that a map app I downloaded when I was travelling last year but only
opened once or twice has sent 395 "interactions", the latest of which was 3
days ago. Actually, I should probably delete that now haha. Also, I'm using
Firefox with the Facebook container, Privacy Badger, and uBlock Origin, and
there are still many websites listed.

~~~
koyote
So I do not have facebook installed on my phone but I do have instagram and
whatsapp.

A large amount of phone apps seem to appear in that list. I guess
Whatsapp/Instagram creates a fingerprint of my device and then uses that for
tracking?

~~~
theferalrobot
I believe that is in fact the case. I removed all Facebook owned apps from my
phone a few weeks ago and I stopped seeing reports show up there.
Experimentally, it seems like an uninstall disassociates the ID from your
facebook account.

That doesn’t mean facebook stopped getting those reports, only that they are
no longer associating them with my account.

------
rvz
Well everything that imports the Facebook SDK or allows sign in with Facebook
does this so as long as an app has that blue button on the screen, you
shouldn't be surprised that it will phone home to Facebook once the app is
opened and initialised.

Too bad it isn't practical to have a system-wide blacklist of selected hosts
on iOS. Maybe you can but requires a jailbreak, but that too can break some
apps.

~~~
newscracker
There are some “VPN” apps that can stop connections system-wide. I’m not sure
about custom block lists, but take a look at the free Lockdown app (it’s
FOSS). It does all processing on-device. There’s also a paid app (which for me
is an expensive subscription) called Guardian Firewall, which uses its servers
to process requests.

~~~
pj1115
If you 'supervise' your iPhone you can also configure an adblocker with a
proxy auto-config. Less fiddly than a VPN but harder to customise! Supervising
requires a wipe too. [https://github.com/essandess/easylist-pac-
privoxy](https://github.com/essandess/easylist-pac-privoxy)

------
phwd
At the risk of pointing to the documentation,

graph-facebook-com/app/activities is an endpoint used by 3rd party developers
working with Facebook SDKs to send app analytic data for insights.

[https://developers.facebook.com/docs/marketing-api/app-
event...](https://developers.facebook.com/docs/marketing-api/app-event-api/)
[http://www.facebook.com/analytics](http://www.facebook.com/analytics)
[https://business.facebook.com/events_manager/app/events](https://business.facebook.com/events_manager/app/events)

This is what a URL can look like.

graph-facebook-
com/1106907002683888/activities?method=POST&event=MOBILE_APP_INSTALL&anon_id=1&advertiser_tracking_enabled=1&application_tracking_enabled=1&custom_events=[{%22_eventName%22:%22fb_mobile_purchase%22,}]

If you click the above you'll litter my analytics feed for my app
1106907002683888 with junk data.

Just in case, someone was looking for the specific call talked about because I
couldn't find it linked in Vice's article.

~~~
floatingatoll
It’s generally not a good idea to clearly “wink wink” indicate how to abuse an
endpoint, since that abuse can be easily interpreted under various criminal
laws as malicious and worthy of prosecution. You could protect yourself
against such accusations with more neutral language, starting with rewording
the “litter” sentence.

------
Daniel_sk
A lot of apps are doing it without the developers even knowing about (ask me
how I know). You just integrate their SDK for social login or something else
and it will start sending data to the mothership.

~~~
ryandrake
This is one of the reasons why you are supposed to audit your dependencies and
understand what they do. There is no excuse for an app developer to ship their
app and not know what it does.

~~~
rochak
Exactly. It pains me to see so many developers just going with the flow and
not exercising critical thinking to decide what all they need to do before and
bringing a dependency.

------
bosswipe
In my experience developers that integrate the FB SDK into their apps just
copy-paste whatever code snippet Facebook tells them to do, which is always
maximum data capture, without thinking of any of the implications. There's
usually a way to limit data leakage while using the minimum FB functionality
you want, such as only using FB for login without sending every damn app event
to Facebook.

~~~
rochak
How is this not reviewed by other developers who might not be as negligent as
the one who just copied the code?

------
fmjrey
On Android the first thing you notice when you install a firewall such as
NetGuard is the amount of applications that try to access facebook servers.
It's mind boggling, probably 50% are doing so. And I'm not even on facebook at
all.

~~~
cpv
Apps like netguard open the eyes.

And it was sad to see in facebook offline activity how much data was linked to
me, from apps which have the sdk. And you don't even need to log in via
facebook or like/share. The sdk being present and working is enough.

~~~
wideasleep1
Netguard proved to me that, despite never having a FB account, I surely had
dozens upon dozens of shadow accounts. Pretty much any new hardware that had
vanilla Play Store apps were ratting me out the entire time.

------
qwtel
More breaking news: Almost every website sends data to google, even if you
don't have a google account.

Singling out Facebook as the privacy nemesis while giving a free pass to
"cute" conglomerates like Google reeks of class hatred and flavor-of-the-
month-style pseudo journalism.

Opening vice.com link will send data to Google.

~~~
randomsearch
Whataboutism, and this is about Zoom (on trend) and related to its other
fails.

------
ogre_codes
Every time I read an article with FaceBook in the title I'm a little more glad
that I stopped using the service a while ago. Stuck using Zoom for work, but I
do use it on a semi-quarantined device so it shouldn't be able to tie it back
to my old Facebook account or online activity on my desktop.

~~~
conqrr
Technically it can still link you to the old account through metadata that
zoom has on you like your name, workplace etc

~~~
ogre_codes
It's possible. I don't sign into Zoom though, just paste the link from the
organizer in my browser.

------
untog
People crap on the web for its privacy record - justifiably - but at least you
can open dev tools and see what the page is doing. Selling apps as being
better for privacy just seems like a complete misstatement.

~~~
Polylactic_acid
And you can install extensions that do that for you and actually block the
requests. I'm not aware of any tool to block the facebook sdk in apps.

~~~
roboyoshi
well at leats at home I have a pihole with a facebook blocklist. There should
be a portable pihole as well.

------
kpierce
Their desktop version is not much better.

[https://securityboulevard.com/2020/03/using-zoom-here-are-
th...](https://securityboulevard.com/2020/03/using-zoom-here-are-the-privacy-
issues-you-need-to-be-aware-of/)

~~~
rochak
It has been known for a while now to not touch their desktop app with even a
ten feet pole. The best bet is using the web app.

------
tyingq
This is really somewhat sad, as it seems unneeded provided they have the funds
to wait out the IT approval cycle.

They are handily beating WebEx, MS Teams, etc, on basic shit like showing more
than four video feeds from participants, dealing with low bandwidth
connections, etc.

Feels like they are doing revenue grabs too early. A little more patience and
the contracts will roll in. Especially given how many stodgy companies are
newly coming to terms with the WFH need.

Maybe temporarily extend the free plan from 45 minute meetings to 1 hour and
grab some market share?

------
karljtaylor
Vice has one of the worst privacy policies in the entirety of media, so it's
kind of a curious thing to see them complaining about. They don't mention they
phone Criteo and AdNexus on every page load, and I'm pretty confident I see
them using Facebook events too.

------
lifty
I like the effort started by Objective Development (creators of little snitch)
called IPA: Internet Access Policy [0]. An IAP is a document that defines to
what endpoints does an application connect too. Apple should get on this
bandwagon and enforce it and the OS level, so that any application must ship
this IAP document and only be allowed to connect the endpoints listed in that
document. Furthermore a user should have the option to see which
endpoints/domains those are, and disable some of them.

[0] [https://obdev.at/iap/index.html](https://obdev.at/iap/index.html)

------
thedance
I'd love to throw stones here but I'm just used to it. The official way of
installing Ubuntu linux (and many other distros such as Mint) from a Mac, for
example, uses a giant bloated piece of crap that includes not just the
Facebook SDK but also the Google Analytics stack! I think it's a lost cause.
There simply aren't enough good software developers active in the world and
these SDKs can make it easy or possible for developers to ship product.

------
perfectstorm
Somewhat tangential but with method swizzling Facebook SDK can figure out the
location of your device if the host app has location permission. You don't
need the Facebook app installed, as long as the host app has location
permission (say you give location permission to reddit app which has
FacebookSDK), Facebook can piggy back on that to get your location.

PS: Replace redidt with any app that uses Facebook login. IDK if reddit uses
FacebookSDK.

------
ChrisMarshallNY
Are they using a Facebook dependency? FB has a couple of libraries popular for
use as UI libraries.

I didn't think they phoned home, but I could be wrong.

~~~
RandallBrown
It's probably used for install tracking.

Apple doesn't provide a way to know how a user found your app, but Facebook
does. This is why the app I work on uses the Facebook SDK.

Basically, we want to know how effective our Facebook ads are at getting
actual installs.

~~~
bjelkeman-again
So, do you get permission from the users to send this information to Facebook?
Can they decline?

~~~
RandallBrown
Sort of. It's technically all in our privacy policy. Declining would mean not
downloading the app.

------
_jal
I want to see the App Store list what entities a given app might communicate
with without explicit user request.

If your SDK feeds FB, it needs to be on the label. If you talk to dodgy
surveillance shops, ditto. Making this enforceable (plist authorizations, like
microphone permissions) is a little tricky, but at the very least smoking out
slimy crap like this would be much easier.

~~~
wideasleep1
Never gonna happen. You want the house of cards to come tumbling down?

~~~
dylan604
Yes. Yes I do. It can't happen fast enough. Sorry, not sorry, if your business
model depends on selling the personal data of unsuspecting users and this
makes you go under. If you are up front that this data exchange occurs and the
user accepts, then that's fine. Hiding it in lawyer speak in an comprehensible
EULA/TOS does not count as being up front about anything.

------
ccorcos
I did a study of which applications use Facebook advertising tracking and was
really surprised to see how many products have it. Here's a sample:

\- airtable \- asana \- atlassian \- bear \- stripe \- slack \- loggly \-
tandem \- pagerduty \- figma \- circleci \- evernote \- airbnb

Apparently if you want to advertise on the internet, Facebook Ads are the way
to go. I figure there's enough information to tune in their machine learning
just by knowing if a user clicked an ad, but once you see how much information
they gather, it starts to make more sense. For example, they send the
document.title every time you navigate -- that's often sensitive information!
So the more "responsible" companies embed all the facebook tracking scripts
inside an iframe and interact with it via postMessage.

------
ddrt
Is this article overreacting to something that sounds like a Facebook tracking
pixel?

~~~
karljtaylor
yes, yes it is.

------
gentleman11
So what options do we have for private video conferencing?

~~~
1over137
jitsi-meet, see:

[https://meet.jit.si/](https://meet.jit.si/) [https://github.com/jitsi/jitsi-
meet](https://github.com/jitsi/jitsi-meet)

You can self-host it, or use the first link. No need to give your email, name,
or phone number.

~~~
homerowilson
Indeed. We don't need regulation. Nobody is forcing anybody to pay Zoom for
the privilege of sending their data to Facebook.

I've been using Jitsi a lot recently and it's great! It's high-quality free
(libre) open source software.

------
andersonmvd
It's not the first surprise from Zoom. They run or at least ran a webserver
that was vulnerable to remote attacker, even after uninstalling it:
[https://lifehacker.com/remove-zoom-from-your-mac-right-
now-1...](https://lifehacker.com/remove-zoom-from-your-mac-right-
now-1836209383) (2019)

------
amelius
What does the GDPR say about this?

Anyway, let's just ban targeted advertising already to stop this madness in
its roots.

~~~
Nextgrid
GDPR says it's illegal, but its weight is about the same as the UK law that
says it's illegal to handle salmon in suspicious circumstances
([https://en.wikipedia.org/wiki/Salmon_Act_1986](https://en.wikipedia.org/wiki/Salmon_Act_1986)).

A law is only good if there are actual consequences for breaking it and so far
there hasn't been any for these kinds of large-scale breaches.

------
sandov
What's the point of having a closed ecosystem if you allow spyware in your
store anyway?

~~~
theNarrative24
You can ban competitor apps and charge big fees.

For the customer? The false feeling of security and privacy. Marketing!

------
neycoda
Yah,this is all part of profiling without your permission without it needing
to know who you are but still being able to identify you. Thanks Zoom for
being a trustworthy entity.

------
mikorym
It's interesting how all the infosec experts are zooming in on Zoom and
providing details that otherwise may have gone unnoticed for a long time.

~~~
saagarjha
Because a lot of people are using Zoom regularly?

~~~
mikorym
Yes, due the lockdowns and quarantines.

------
samstave
So facebook sent me a cease and desist threat for revealing that they were
tracking all vehicles driving by their campus and then telling the city of
menlo park of this.

So facebook, i want you to cease and desist in tracking anything and
everything about me or anyone who wants nothing to do with your leviathan of
bullshit tracking or pay out the ass and prove all my data has been deleted,
and provide me a manner with which i can audit you for having no data on me.

If not, lets reveal all the other things you track on people who want nothing
to do with you.

~~~
dylan604
>So facebook sent me a cease and desist threat for revealing that they were
tracking all vehicles driving by their campus and then telling the city of
menlo park of this.

Do you have a blog or some such going into more details? This raises all sorts
of curiousness. How did you find out this is what was going on? What
justifications did FB claim for doing the tracking? What justifications did FB
claim for stopping you from talking about it? As the Robot says "Data
inadequate!"

~~~
samstave
..

~~~
dylan604
thanks!

------
bitwize
This is why I have a strict "PSTN or GTFO" policy when it comes to how people
contact me for e.g. a phone screen.

------
time0ut
I'm not a lawyer, but I suspect this would violate our HIPAA BAA with Zoom.
Forwarding this to our legal department...

------
basicplus2
if you don't have facebook you are still tracked by facebook from apps you use
that track your activity for them.

The only way to interact with what they collect is to have a facebook account!

[https://www.facebook.com/off_facebook_activity](https://www.facebook.com/off_facebook_activity)

------
node-bayarea
I see that as Zoom's stock price is increasing, people are writing hit pieces
against it! Good job!

~~~
netsharc
Such "hail corporate"... How about you look at it another way: the stock price
is increasing because the app just got super popular the last few days, but
users might not be aware of the privacy implications of the app, and curious
experts started digging into it to see if it's a safe app.

It'd be like saying the people who were investigating Dieselgate were doing it
because they wanted to destroy VW's stock price, instead of caring about the
health of humans.

------
kevin_thibedeau
The HTC/Nokia phones do this when you open the camera app. Blockable with
NoRoot Firewall.

~~~
zachware
I believe NextDNS also blocks this.

------
liquidify
Didn't zoom get their start claiming to be a privacy conscious company?

~~~
dylan604
If they did, what's that matter? Google started with a tag line of "Don't be
evil". 9 out of 10 doctors used to say smoking was good for your health.
Choosy moms choose JIF (not GIF).

------
diminish
Sorry state of apps and privacy despite shameless Apple marketing

------
cageface
This is exactly why singling out tracking on the web while ignoring tracking
in native apps undermines Apple's claims to be protecting user privacy. At
least on the web you have some tools to fight this kind of thing.

------
besieged
Does anyone know if this applies to other operating systems?

------
ncr100
Wow this is not good.

I do NOT want Facebook to know whom I'm calling.

------
throw03172019
Is this for advertising reasons (I.e. closing the loop)?

~~~
badwolf
Facebook login.

Edit: Also attribution.

------
yalogin
Why do people use zoom at all? I know big companies that use it. A little
disconcerting that even large companies don’t ask the right questions or do
the due diligence and when paying for it.

~~~
jdm2212
It actually works, which sadly makes it way above average.

I've had to switch off between WebEx, Zoom and Hangouts for the last month and
Zoom is head and shoulders above the other two in terms of usability and call
quality. And there's whatever Cisco's previous craptastic offering was
(jabber?) which is far, far worse than any of those three.

------
klathzazt
Criminalize targeted advertising

~~~
dylan604
And what agency will police that policy?

------
qserasera
hand to god this guy (zuck) would data mine my farts if he could

------
scarface74
Obligatory:

Is anyone surprised?

[https://www.theverge.com/2019/7/10/20689644/apple-zoom-
web-s...](https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-
automatic-removal-silent-update-webcam-vulnerability)

------
justlexi93
The very idea of sending someone's data to anywhere without explicit
permission SHOULD BE AGAINST THE LAW.

~~~
xenonite
It is, in Europe with the GDPR.

------
clement_b
Ahem. That's just Facebook Analytics. Yes, it should be mentioned in the
privacy policy, especially if they operate in countries under the GDPR (they
do).

But having a go at Zoom on this ground is unfair, given many developers do the
exact same thing.

~~~
yjftsjthsd-h
How does that make it better? Does FB not commingle the data? And no, others
doing the same doesn't make this better, it makes them all bad.

------
davb
Monzo does this too, on every app launch on Android. They say it's to
attribute referral sources but, as someone who actively chose not to have a
Facebook account, I hate that they initiate any request to Facebook from my
device. I'm blocking it with DNS66 but not everyone knows how or why they
should consider doing this.

------
exotree
Here’s a reality for folks: right now, Zoom is literally saving entire
corporations and jobs in the midst of a global pandemic. Outside this little
bubble, no one is blinking twice at this, and neither is our government;
frankly, and that’s how it should be. The benefits of Zoom actually _even
working at all_ during this time is to be applauded and the engineers and
customer service reps should be applauded. This... this right here is a
privileged group of people with no conception of what real problems actually
look like.

~~~
wideasleep1
Welcome, Zoom employee. The 'privileged' condescension tact will not win
friends and influence people. Have you tried meet.jit.si? It's secure and
free, no account or download needed. Cheers.

~~~
exotree
I’m an independent contractor with no ties to the company in any capacity

------
bluesign
Facebook is also ad & analytics network. You can replace facebook, with any
ad/analytics network and it will still be true.

Probably vice’s mobile app, or website, or any other app with ads, sharing
this information.

Problem is trying to create fake news like this, with using popular names like
zoom and facebook. (When I mean fake news, this is not news at all, things you
can see on google analytics vs this is not even comparable)

~~~
otterley
Please don't misuse the term "fake news." Fake news has a specific meaning:
false stories that have no basis in fact but have tantalizing headlines meant
to attract attention.

Attempting to change the meaning of the term dilutes its importance and
introduces unnecessary confusion.

~~~
nickthegreek
If "Fake News" ever meant that for the majority of english speakers, it is
gone. It seems to have skyrocketed in the modern lexicon as a way to attack
media to shift the conversation. Whenever I hear someone use the term Fake
News, I am immediately more critical of their words.

~~~
astronautjones
agreed. using this phrase is the equivalent of putting your fingers in your
ears and running away

