When someone sends you a zoom invite, cancel the download, then click the having problems link to download again. Cancel it again. It will show you a link to join by browser.
A few other meeting apps have dark patterns like this. One of my favorite things about Hangouts Meet is it's web first.
What I find irritating is this proliferation of meeting apps like these, all using their own proprietary variations of protocols and consuming huge amounts of system resources, when there has been a standard protocol for it that's been around since the late 90s, with a variety of different clients available: SIP. One could be sent a SIP URI for a meeting and it would work in any client.
Maybe it's like IRC vs all the other IM "solutions", except with an even larger difference in userbase.
At a previous job there was no "blessed" app. We used Mac/Win/Linux and different apps seemed to work better depending on the situation (screen sharing, group chat, one-on-one video chat). Not only in resource usage, but if you had more than one open I'd see issues with sharing resources like video and audio.
I have used Jitsi. Last week I did a few pairing sessions where the both of us were sharing our screens and still had our webcams on in the corner and it was awesome.
We tried to do a standup with (I think) 8 people and it was terrible - people would randomly not get any audio for stretches of time, video would get choppy or lost completely, it was not pleasant.
I will keep using it for pairing since I haven't found another tool that gives me that kind of flexibility and it was in fact very good. I believe the whole experience is limited by the connection quality of the worst participant.
It has terrible Firefox support but works decent if all participants are using Chromium / Chrome[0]. Asking other people to install Chromium makes me feel dirty but I don't know any other login-free cross-platform open source easy-to-use video conferencing apps than Jitsi Meet.
Hopefully WebRTC becomes more thoroughly implemented cross-browser
Chromium has waaaay better support since WebRTC is primarily maintained by a team at Google.
Zoom is unencrypted by default? So you have to physically turn encryption on. Also, it is very unclear if your data is encrypted at rest. "End to end encryption" does not necessarily mean "end-to-end encryption" as has been shown many times before
I haven't used Jitsi, but different apps and approaches work better in different situations. Are you screen sharing? Audio chat? video chat? Large meeting with multiple people? Mac/Win/Linux? Is your connection bad? High latency? Low throughput? No solution was very robust and if you're working internationally and people have their own equipment it can be a mess. People are also get really familiar with one piece of software and hate installing yet another.
The churn between companies like Google and Microsoft (each offering, and deprecating multiple solutions) doesn't help.
The problem with SIP was that without a central directory there was no easy way to find someone. Plus the client interfaces were, quite frankly, fugly, and management decision-makers dismissed them in favour of Skype etc.
Well the best product usually wins in this space. Usually this means well-managed vanity features like sleek design, animations, emote, but also occasionally more heavy weight performance improvements like video quality and sound quality. Ultimately if the standards and protocols you mentioned provided for that, they'd have won, but they didn't so here we are.
There is no real difficulty switching. At work, we use multiple solutions, including Zoom. Zoom has been the most reliable. If one was more reliable or had a killer feature, we could switch in an instant.
Slack has chat history that makes it difficult to switch. What does Zoom have?
Sounds like you don't work in a large organization with lots of standing meetings and extremely non-technical users. That must be nice.
Many large companies have lots of extremely valuable non-technical users who can just barely figure out how to follow step-by-step instructions to setup calls with even the most point-and-click interface. The switching cost there is extremely high.
The top of page 21 in the first set of SEC documents:
Quote " Many governments have enacted laws requiring companies to provide notice of data security incidents involving certain types of personal data. In addition, some of our customers require us to notify them of data security breaches. Security compromises experienced by our competitors, by our customers or by us may lead to public disclosures, which may lead to widespread negative publicity. In addition, we have a high concentration of research and development personnel in China, which could expose us to market scrutiny regarding the integrity of our solution or data security features. Any security compromise in our industry, whether actual or perceived, could harm our reputation, erode confidence in the effectiveness of our security measures, negatively affect our ability to attract new customers and hosts, cause existing customers to elect not to renew their subscriptions or subject us to third-party lawsuits, regulatory fines or other action or liability, which could harm our business. "
I tested "Join by Browser" recently. On macOS (Mojave), it only seemed to work in Chrome, and the video resolution of the other person was poor, but it did work. Also, I did not need to click a "Having problems" link before the "Join by browser" link to appear, so maybe this feature is being deployed more widely now.
Since you mentioned Google Meet, I recently tried that with a group of 6-7 people, and it only lasted about 10 minutes before multiple participants (myself included) started having issues. It seems like it needs more time to bake, but since we're talking about Google, it's probably unlikely to ever receive that time before they kill it and reinvent it a year later.
We've been using Google Meet at my work for daily "standups." Typically 4-6 people, lasting 15-30 mins. Been very smooth sailing, even using Firefox. Out of curiosity, what kind of issues were you running into?
It was a SaaS demo, so we had one person sharing their screen, several participants watching, and a couple dialed in via phone. I was one of the ones watching the presentation. About 10-15 in, a few of us, including myself and the presenter, were booted off the call. Attempts to rejoin were all met with vague error messages about there being some sort of network issue. (None of us were co-located at the time.) I was able to rejoin by phoning in, but the presenter was never able to reconnect on his computer. We eventually abandoned Meet and used WebEx instead.
This has been my only experience with Meet, but first impressions do tend to carry a certain weight. It's entirely possible this was an unfortunate coincidence, and that the service is typically as reliable as other solutions. My limited personal experience with Meet, and previously with Hangouts, does not support this however.
There is an account preference option for the one scheduling new meetings whether the join with browser link is present in meeting landing pages. At least, that's how it works with our university license...
Whereby (https://whereby.com/) is also web-first and works really, really well. Simple, no fuss, people don't have to install anything to join your meeting. Highly recommended.
> We in Whereby are committed to safeguarding the privacy of our users. Our business model is to provide a paid service to users who need additional features on top of the FREE version, and does not rely on widespread collection of general user data. [0]
The one thing nobody ever mentions about this is the Chinese connection. Zoom is 100% developed in China. They have a datacentre in tianjin. Even states in their financial papers. The S1 form that one of the risks is the fact the product is predominantly developed in China. By PRC citizens.
Encryption is also off by default? why is this?
The Zoom App also collects screenshots and transcriptions of shared data. This is fine if you are Facebook or Google.
I'm surprised it was that complicated. I helped a friend out with Zoom last weekend and she had been using the browser exclusively until I pointed out they have an app. She's not very good with computers but zoom is fairly easy to use.
Also reading the EFF article on Zoom I feel like these are great usability features. The issue is if Zoom collects and stores the information.
"Hi, attention tracking feature is off by default - once enabled, hosts can tell if participants have the App open and active when the screen-sharing feature is in use. It does not track any aspects of your audio/video or other applications on your window."
The twitter thread in the OP says "collects data on the programs running" without backing anything up. Seems like FUD from the face of it. Yes, the privacy may not be perfect (according to EFF admins can see time spent by others in the organization on meetings etc.), and zoom can notify the meeting organizer about participants not having the window in focus. But that's it?
Not exactly the gravity touted in the linked twitter thread, saying "If you manage the calls, you can monitor what programs users on the call are running as well". No proof of that...
Kinda scared by how much a single tweet can make something blow up, without a shred of evidence backing the claims up.
The more interesting aspect to me from the EFF article was that admins can also see your geolocation, who you are meeting with and when, etc. Basically, if Zoom is your platform for communicating, your Zoom admin knows a LOT of metadata about your people that they might not be aware is knowable.
> If attendees of a meeting do not have the Zoom video window in focus during a call where the host is screen-sharing, after 30 seconds the host can see indicators next to each participant’s name indicating that the Zoom window is not active.
It doesn't seem too invasive, although of course it'd still be annoying if you have two monitors etc.
So what if the student has their notes app pulled up? That's a legitimate reason to trigger the alert. The student could also just be playing xbox or something unbeknownst to the professor and still appear alert on the webcam.
It seems like it trades a lot of privacy for something students will evade with no effort at all.
This reminds me of read receipts in chat apps. Hate them with a passion. I usually just leave the chat itself unopened and read the notifications until I'm ready to actually reply.
It can be helpful for certain scenarios. And others don't have to enable it. For companies, at least in the enterprise plan you can also disable it company-wide (according to reports by others). So companies can simply opt out for everyone.
Contact me if you want to learn how to use the Qbix platform. I will be teaching classes and put it online. We are following the wordpress model. My email is in https://qbix.com/about
Quick question for the networking experts here... with everyone connecting from home, what percentage are behind a LAN firewall that you need to use TURN servers? What if you avoided those servers and made peer to peer infra entirely, how many people would we lose?
(Is a complete graph of everyone sending to everyone worse than an SFU once you get too many users? Isn’t it exactly the same number of streams, just in a star topology? Can’t we just nominate a few of the browsers to do what the SFU does, namely forwarding video to the others? Is the issue only with resolution?)
with everyone connecting from home, what percentage are behind a LAN firewall
From home? Essentially 100%.
that you need to use TURN servers?
That's less clear. I'm not sure how many home firewalls are impenetrable by STUN as well. I worked on Twilio's WebRTC-based audio product back in 2012-2014. In the beginning we only supported STUN. We did get some customer support requests about initial connection failures (which I mostly attributed to STUN failures), but never kept track of stats on what the success/fail ratio was. We eventually added TURN support (after I left that product team), but based on how long it took us to do that, my guess would be STUN was effective for most setups. Also consider that many (most?) of our users were probably behind restrictive corporate firewalls, and I'd expect home firewalls to be more lenient.
> Can’t we just nominate a few of the browsers to do what the SFU does, namely forwarding video to the others?
IIRC this is basically what skype did back when it was P2P, those clients were called supernodes and would route calls for clients that could not be directly P2P. To be a supernode you needed to be internet-routable and have good bandwidth.
Supernodes could be used for hole punching or to relay calls (as you talk about).
What does this specifically have to do with videoconferencing? As far as I can tell, this is a general cross platform application framework. If that's the case, what is the value proposition vs something like the current dot net stack?
this isn't the first time zoom got caught red-handed[1]. Last year they were called out for installing a local web server in order to disable security controls to get around the deprecated NPAPI[2] ... this is literally what malware does.
About the same time this story broke I interviewed for a Paris based AppSec company and their CTO asked me to install Zoom. It was really awkward because I had to ask: "Is this a trick question??"
Seriously I wouldn't touch Zoom with a 20 foot stick!
> Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products. We may gather the following categories of Personal Data about you:
> - Information commonly used to identify you, such as your name, user name, physical address, email address, phone numbers, and other similar identifiers
> - Information about your job, such as your title and employer
> - Credit/debit card or other payment information
> - Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)
> - General information about your product and service preferences
> - Information about your device, network, and internet connection, such as your IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version
> - Information about your usage of or other interaction with our Products (“Usage Information”)
> - Other information you upload, provide, or create while using the service ("Customer Content"), as further detailed in the “Customer Content” section below
So, all this doesn't sound great, but... the specific accusation in the tweet is that they're tracking other applications that are open. Their privacy policy does not say they do that, and the Zoom twitter account says they don't either[0]. Now, it's a matter of trust, of course (and after [1] I wouldn't blame people for a lack of trust), but to state authoritatively that Zoom tracks other open applications seems like completely unsubstantiated fear-mongering.
Sure, as I said, the privacy policy isn't great, but the tweet specifically accused Zoom of tracking and recording what other applications people are running. There seems to be no evidence of that.
> your name, user name, physical address, email address, phone numbers, and other similar identifiers
My problem with this isn't the info they collect, it's how they would collect it, which this privacy policy doesn't seem to clarify.
As it stands, this policy technically gives them the right to crawl through all my personal files or even listen using the microphone to search for and collect this information.
I'm not saying they are doing this, but the policy is not reassuring. I wish there was enforced legislation (so GDPR is excluded, as regulators don't give a fuck) to curb this. There should be a legal requirement describing exactly the information collected, how is it collected, transmitted, sorted and which third-parties it is given to, if any.
This is standard language to cover everything in normal use. Billing details is obvious. Profile info is provided when you signup and use the service. The system info is used to run and optimize the calls.
Zoom isn't actively scraping your info, and there's 0 evidence of anything in the Tweet.
Sure! Except it was mandated by your boss. Or you have a choice between a bunch of offerings with the exact same screwball terms. This might not actually be true for videoconferencing now that it's getting somewhat democratized and competitive.
Point is: "just boilerplate" is just rationalization. An honest person would never present it as comforting and a knowledgeable person would never find it comforting. Of course, the world is full of dishonest people, so it gets used all the time. Hence "lawyerspeak."
Do you refuse to use any other software mandated by your company? What's the difference?
It's standard policy to cover any potential personal data that they might receive. What is your concern exactly? That they shouldn't spell it out? That would be illegal under current data regulations.
Let me tell work that I can't collaborate remotely anymore on video because I am using my agency to refuse to use Zoom even though everyone else at the whole company does. Then they can use their agency to put me on a PIP because my choice hindered my ability to do my job.
I'm sure you realize it's not as easy as you say, but I suppose it's easier to assert that situations don't have nuance because then you can make blanket statements like you did.
There is an incentive to do so and they have taken measures to legally protect themselves if they do. That's grounds enough for alarm, even without evidence of them actually doing it.
Alarm for what? It's enterprise video conferencing tech. They make their money from subscriptions. Your personal data is rather useless to them and now a liability under data regulations.
Worrying about Zoom here (and I'm not sure the tweet is accurate) seems to ignore all context of the product and business.
That privacy policy is a clear indication that Zoom is only concerned about protecting themselves at all costs. They may not be acting maliciously, but they clearly aren't dedicated to acting ethically either.
I'm not saying it's an emergency, but a privacy policy like that should at least set off some warning flags for a privacy-concious user.
> They make their money from subscriptions. Your personal data is rather useless to them...
I don't care if the data os valuable to them as long as it's valuable to someone.
Every company will protect themselves. Why is this controversial? Please list the companies that open themselves up to litigation and show me how that's ethical.
"as long as it's valuable to someone"
This is so vague as to be meaningless. What about your browser, ISP, OS, phone, and the million other services that you use? Context matters.
"The liability is worth it if the price is right."
Are you claiming that a company selling enterprise video tech for 100s of millions and operating under all the latest data regulations is somehow trying to squeeze out a few pennies by selling some worthless data while risking massive lawsuits?
These don't look that bad, but what's describe in a tweet (tracking focus app etc) is much worse, it doesn't seem to be in the privacy policy though (or they masked it?). So where's the information about focused window come from?
Your name, physical address, email address, phone number, employment, credit card, Facebook profile, IP address, MAC address, device ID...is not that bad?
These are technical details for normally working with the app. They charge you, so they need you name and credit card. You ask for a support, so they need your ip etc. They list what they may gather, because privacy policy should cover everything, doesn't mean they require all that info at once. I also didn't provide them many of these items.
They have to name every possible thing they can potentially receive. Mac addresses are available as part of networking details if you're using their desktop software. Zoom is enterprise video conferencing that only recently gained attention for average consumers.
That's not how PII is defined nor how privacy policies work. They list potential PII received in standard categories with normal product usage and backend processing.
Otherwise every server on the internet can be sent data by you at anytime which effectively makes listing things pointless.
No it's not. As I explained, it's well developed legal structure that's used by several countries for major legislation and has decades of precedence. There's also further complexity on how data is submitted, stored, and processed.
Any random file is not considered PII. It doesn't automatically identify you and it's still your responsibility if you send your private files everywhere.
How do you know that? These statements leave other possibilities open:
It covers all Personal Data that you affirmatively provide during your interactions with us, information that we automatically collect when you interact with our Products, and information that we collect about you from third parties
Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products.
It says "when you use or otherwise interact with our Products."
It's not unreasonable. I'm not sure what your claim is here, because you'll find this language in every single online business. You realize Zoom sells enterprise video conferencing right? They have no use for your data otherwise.
The GDPR’s specific, granular and informed clauses for opt-in couldn’t have been more timely. I wonder how long it is before Zoom have to stop providing services to the EU?
Is that a technical question? All of that information is immediately available because you typed it in when you made your account, or because of the nature of the internet.
Seriously, you've given this information to any service you've ever signed up for and / or ran.
I'm not sure this is an example of that. It is not atypical for office buildings to have cameras/timeclocks/access control which records the movements of employees throughout the day, packet inspection and/or MITM of your network traffic, and a boss that literally looks over your shoulder.
If Zoom would be a Chinese company they'd immediately be branded threat-actor! A company that bypasses security controls on the host[1] has no place in a corporate network, covid19 crisis or not.
At least most work from home roles justify company owned equipment.
I certainly avoid mixing activities (I don't have access to a company computer at home, but I don't use the work computer or network for personal stuff).
That's messed up. Our zoom usage at the company has skyrocketed these past few weeks. I was marveling at how smooth and seamless the process was. Though I was a bit peeved zoom always steers you to the installed app instead of keeping it in the browser. Now I know why...
Super timely. Even on my linux box I noticed yesterday that zoom, even though I had "closed" the application, was still running `ps -ef | grep zoom` so I killed it.
After reading this, I've deleted it too. Super weird.
I saw a tray icon after I closed it out when I ran it this morning, on Xubuntu with the Cinnamon desktop. I right-clicked it and selected Exit, and it did indeed exit.
ETA: Checking the dpkg file listing shows that everything goes into /opt/zoom except a /usr/bin/zoom symlink to /opt/zoom/ZoomLauncher.
Yes. And people on HN complained that it is yet another example of Apple “locking down” the Mac for killing an app that secretly installed a backdoor and let an app reinstall itself.
Truly, I was passing an online interview on programming position, and almost in the end of the process I had remembered that I could be asked on the design patterns, I opened browser, came to the site with patterns' descriptions and... the interviewer's last questions was: "I think that's all... But I have yet one question on the design patterns."
I made a simple sandboxed WebView wrapper for Windows, that should address the privacy issue and remove the annoying need to deal with constant "download the app" nagging: https://losttech.software/Downloads/FuZoom/
Is it related to screen sharing? They allow sharing a specific window. Without knowing about other processes you may not share the window. You have to specifically allow it in System Preference on Mac though.
I don't use Zoom. But I'll assume it's the same as Google Meet and so now I'll complain about Google Meet.
1. When the call quality is less than 100%, it is difficult to attribute this blame to the other person, my equipment, my connection, or the service provider. A heartbeat signal could fix this.
2. When somebody else is presenting, I can't point on THEIR screen. I have fumble through "higher, higher, too high, it's on the bar, do you see the bar?, yes, click on that one, you're right it doesn't really look like a pencil does it?"
If you would prefer to self host, there's always FreeSWITCH [0]. It can act as a server for meetings. There is a webRTC client called Verto Communicator that seems to work quite well, or you can use SIP clients.
The documentation is a bit lacking, but it's actually a very capable system for unifying voice, video and chat communications – and a whole lot more.
Speculation based on racial profiling, aside from the obvious fairness issues, is actively damaging to the privacy cause in the US because it frames the issue in nationalist terms. This diverts attention from the more insidious threat of American government spying on American citizens, slowly boiling the frog of our privacy and paving the way for a future repressive regime and police state.
Hello all I am taking cless via zoom meeting someone come and type fuck you how can find who is he can you help me in this how can find id and ip address
A few other meeting apps have dark patterns like this. One of my favorite things about Hangouts Meet is it's web first.