I think this article from EFF is clearer and more comprehensive in general:
Previous behavior is highly predictive of future behavior. The point about the web server was not just that is was improperly secured, but that it was done to bypass a user facing pop up in Safari. This kind of decision tells the reader something about company culture.
HN is a highly skewed audience. 99% of business users don't care, they want software that just works, and the trust is well placed in companies that sell software licenses (not your data) and fix security issues quickly.
That was whiplash-inducing goalpost-moving speed.
I have 12 years of experience in adtech. I know the major data markets (ads, credit bureaus, banking, retail). People vastly overestimate the quality, usefulness, and price for "data", and don't understand any of the regulations around it.
It's only worth what you can legally do with it. That's why most companies don't sell it. They don't have anything special and it can't really be used anyway. Zoom doesn't have anything worth buying.
What else do you need from them? :)
I understand being wary, that never hurts, but the company is doing good things and apologized and fixed it.
Now that it's back in the news as one of the only companies who might financially benefit from COVID-19 (their stock is up significantly, last I checked), they seem to be everywhere.
I've seen some large news orgs using WebEx, but that's probably not new for them as they need something that's really enterprise-grade and won't go down on a whim.
To that end, why has Zoom caught on so much this time around? iOS has FaceTime and Android - at least Google variants - have Hangouts. They're system apps, and everybody already has credentials sorted out.
Does anyone know Zoom's relative marketshare before this hit?
Meh, maybe I'm just getting old in the my 30's and trying to use less software if I can help it.
How do I find the dial-in phone number for a FaceTime call?
Nit: "PC" as in Windows PC is weird, Linux exists too, before you even consider macOS.
Dial-in numbers!? Where we're going we don't need a conference "bridge" because there isn't really a server sitting in the middle between you and all the other people on the call.
I've had no problems from the browser, although I think on some platforms they suggest (or require?) Chrome over Firefox.
Has more information and browser support/feature tables.
Thanks a ton for posting this. I don't use Zoom as much as I used to but I know the browser client didn't use to exist. I can't vouch for how well it works to anyone reading this, but I prefer browser clients in general if possible and will try it out to anyone from Zoom. Your email QA was helpful years ago and sent a Linux build with more debugging so you could fix some issue when that was still new!
 I don't remember the details now, I don't think they were anything particularly exciting then. I appreciated the "Yep, we've heard about it, can you run this version and email us the logs when it happens again?" That's all I remember so I think we can assume they fixed it.
old link: https://support.zoom.us/hc/en-us/articles/115005666383-Show-...
I looked into the browser based version, but couldn't get it to load for some reason. Tried using Chrome and turned off Pi-Hole just in case they were blocking it.
Might have to do with my connection upstairs not being good enough - router is on the first floor on the opposite side of the house. Does anyone know what kind of bandwidth requirements there are for Zoom's clients? I don't see anything at that URL.
If all else fails, I'll probably do it from iOS, just so I can uninstall their client when we're done. No freaking way this comes anywhere near my laptop in any permanent fashion.
Update: Bandwidth reqs are here - https://support.zoom.us/hc/en-us/articles/201362023-System-R...
I don't like dark patterns either, I think they should have posted something really visible saying GUYS LOOK SERIOUSLY it works better in the app instead.
But I do have some sympathy. I wonder if anyone would have ever tried the app if they weren't pushed so hard to do it.
At least there is a browser sandbox...
With the browser version, I can just open my browser and point to the URL and run it. Easy.
With a native app, this usually means I'd have to go buy a new computer running Windows or MacOS just to run this one stupid application, because I don't have either of those OSes at home. Of course, I'm not going to do that, which means I just don't use the app at all.
Most non-tech people just blindly drink the poison and install it.
Zoom is not alone in doing this. (Or maybe it's a Windows "feature"?)
If that's what stopped parent poster from uninstaling, that's PEBCAK.
Web applications are generally better, because, as a Linux user, an in-browser application means I get to actually use the thing, instead of not using it at all.
Then you're not most people. This isn't that controversial.
And Zoom does have a Linux version in case you're not aware: https://support.zoom.us/hc/en-us/articles/204206269-Installi...
If your boss/manager/etc is excited about this feature as a way to monitor you, odds are they already have you under surveillance in a bunch of other ways. It's unfortunate that you are in this situation, and I hope you're able to find a way out of it soon (e.g. by switching teams or finding another company that values and trusts you more).
This feature is of limited use, though. With my laptop in my lap, it's trivial to hold my phone right in front of the lower half of my screen. It will be outside the field of view of the camera, but there will be no discernible difference between me looking at my laptop screen vs my phone screen.
I'm all for fighting against companies chipping away at our privacy, but this one seems pretty far down a rather large list.
I can't stand people who get excited at the thought of tracking their employees. What's the benefit? Control? Ego?
Years ago I had a boss but set up security cameras. Normally, this is completely okay because you gotta secure the building you just never know who's gonna come in and rob the place or maybe track an incident (rape, violence, etc).
This boss of mine however went home or worked from home from time to time or sometimes he would go on a vacation and he would just connect to the video stream of the security cameras.
One day I was the only one in the building as I still had to finish my shift. He gaves me a call, he didn't say he was monitoring me of course but he seemed to know what I was doing and proceeded to ask the following question: is everything okay? how's the workload etc etc. Common questions, nothing out of the ordinary.
So it seemed he just called because I wasn't receiving a lot of support calls and sometimes I would just go get coffee he probably saw me standing a lot, maybe thought I was neglecting my job.
I can be incredibly outspoken at times. A lot of the things in the call just screamed "I'm monitoring you". When the call ended I was furious. There's nothing more damaging than not trusting your employees. It breaks trust and relationships. I've never in my professional life felt so insulted that I need someone to monitor me.
If you are this type of manager/supervisor: Kindly put, shame on you. I say kindly put because the words I want to say can't be conveyed here without getting moderated. Cease and rethink your strategy, we are professionals not kids or teenagers and doing this to teenagers remember you are growing professionals, nothing like giving them the ground to grow but if they find stuff like this you are destroying everything.
To workers that are aware I can only hope you find other jobs. It's stressful enough, no need to tolerate this behavior.
Deeply flawed, IMO.
GoToWebinar has the exact same functionality, fwiw. Not saying that makes it OK, and not saying that this feature _should_ exist in general. I'm just not really buying the whole "Zoom is evil for having this" argument that is being pushed so heavily here.
I had no idea they were able to track all of this and all companies were adamant about using the native client for the interviews and/or sharing my screen even if I wrote code in collaborative documents. I passed the interviews but honestly finding out about this now kind of turns me off..
I bring this up because that can also cause privacy issues. There are the direct concerns, like not being able to access the text of their policies or accessibly manage your preferences. But the less obvious factor is inaccessible controls to:
- verify whether or not you're streaming video;
- determine whether your microphone is muted or not;
- ... etc.
If I don't know what I'm streaming and exposing to meeting participants, I'm losing on the privacy front. So Zoom it will have to be for now, I'm afraid. If you think it has too many issues for you to be a viable product, and have the option of making an alternative more inclusive, I'm open to chat.
Does that mean Zoom does in fact perform the necessary legwork on the accessibility front?
Pretty much. They're not perfect, but they have put a ton of effort into it. It may be because they do business with governments, so require things like Voluntary Product Accessibility Templates (VPATs). But it is the only platform I can actively consider using for work, as someone who relies on a screen reader.
There's even the Picture-in-Picture spec coming into place, which should allow more seamless desktop integration: https://w3c.github.io/picture-in-picture/
Fully browser-based alternatives to zoom:
Much better efficiency and ergonomics?
Freedom to choose independent client implementations interoperable by standardized protocols (e.g. SIP)?
Independence of client provider and service provider?
Interoperability between different providers (i.e. different users can use different service providers)?
On independence and interoperability though, doesn't an open WebRTC stack spec'd by an independent standards body give us our best hope there?
It's easy to understand why a topic like this might show up twice: it's topical, and most people don't see most threads.
Um, really? It's probably the #1 conferencing app being introduced to a world of people not used to remote work. A lot of people are encountering it for the first time.
Why? Well unlike (say) GoToMeeting or Webex, you can use it for free (albeit with a time limit). Until recently it had a much more modern, easy-to-use interface than GoToMeeting as well. Also, apparently it's one of the few videoconferencing solutions that works reasonably well in China.
Also, it apparently scales pretty well; one of the groups in my church apparently had nearly 100 people in a zoom.us conference last week. I didn't participate in that one, but there was a distinct lack of "and that was a disaster" comments.
I resisted using zoom for about two weeks, specifically due to the "start a local web browser to work around Safari's security features" disaster; but ultimately, you need to say "no" to every other person who wants to have a meeting with zoom, and eventually I just had to give up and install the client.
(I've been recommending meet.jit.si since it's 1) open-source 2) unlimited time for the free version 3) doesn't need to have a client installed.)
Not too much it's easy to use. Everyone, from boomers to tech-challenged zoomers, can easily sign in and use it.
Probably it spreads from company to company as people organized video conferences with external companies, introducing the tool to those people, who decide to try it out, etc.
My biggest complaint is that, for new users, it seems to choose either the wrong speakers or the wrong microphone about 80% of the time. Once that's fixed, it mostly works well. The interface is a bit clunky, but I can usually get it to do what I want without too much trouble.
Source: I've been a mostly happy user of Zoom at a university for two years.
As far as I know other competitors would be Skype (Microsoft) and WebEx, neither of which seemed nearly as polished.
Wiggum: The McWhat?
Lou: Uh, the McDonald's restaurant. I've never heard of it either, but they have over 2,000 locations in this state alone.
Eddie: Must've sprung up overnight
If you are using a system with the apt package manager (such Debian or Ubuntu), you basically only have to run two commands: https://github.com/jitsi/jitsi-meet/blob/master/doc/quick-in...
Which I had, yet for maintenance reasons a container-based solution had my preference: https://github.com/jitsi/docker-jitsi-meet
100% agreed about spotty connections, it does not handle them very well. As long as everyone has a decent connection and enough CPU, it handles groups of 10+ participants just fine. My company ended up switching to Google Meet for reliability reasons, but was a year ago so it might be better now.
What exactly are you suggesting by randomly throwing out the word "encryption"?
Peer to peer connections would quickly become impossible when you have meetings with more than a handful of people connected. Meetings/Webinars with hundreds of participants would be impossible with P2P technology.
Adding proper videoconferencing hardware would be tough using P2P since all that supports is usually some sort of SIP standard.
Now, working KEx does leave you still not certain who the other party is, you're now communicating securely with someone but you aren't sure who. That's why the Web PKI exists. But choosing to have Zoom hold all the keys is a choice and not as you've portrayed it a necessity, the system could be designed to work just fine without doing that.
The point is that Zoom doesn't need to know these keys. Yes, if there's no assurance that you're really talking to Alice and she's really talking to you Zoom could sit in the middle of some or all conversations - but right now they are in the middle of those conversations.
It doesn't change what is theoretically possible, but it changes the posture - what is easy to do, and why.
If you really don't like the uncertainty of a MITM being possible even if unlikely - you'd need Signal, or something like Signal's protocol which lets you compare your shared secrets to determine if there's really nobody in the middle.
Aside from being good advice generally, I doubt anyone who's concerned about the violation of privacy Zoom engages in, would have a Facebook account.
I have a Facebook account that I originally registered when I was in high school a little over a decade ago. The reason I've kept it is because I use Facebook Messenger to talk to some people, and because a lot of events use Facebook.
The main Facebook app I have not installed, because I don't need it.
The Facebook Messenger app I have installed because I use it. I trust iOS to limit this app from being able to do anything too nasty.
I never use "log in with Facebook". I clear my cookies regularly, and I often use a different browser for logging into Facebook from the browser I use for most stuff.
I try my hardest to be vigilant of my privacy, even though it is a losing battle.
The fact that someone has a Facebook account should not be taken as a sign that they think that any of the privacy violation stuff that businesses engage in is ok.
As for Zoom, I made a conscious decision to not install the Zoom software on my MacBook Air because of the previous shenanigans that Zoom had been engaging in. When a client expressed desire that we use Zoom for our meetings, I therefore chose to install the Zoom app on iOS rather than on my MacBook Air, because iOS limits apps from being able to do anything too bad, and after we were done with the job I uninstalled the Zoom app from iOS as well.
The events part is unfortunate, but just in case you didn't know you can deactivate your Facebook account and still retain access to Messenger.
If you go through the process to deactivate your Facebook account, the last question in the process is "do you want to keep messenger".
The events thing I can see because Facebook has become the de facto way to organize events and has become the de facto websites for a lot of small businesses and organizations. But the thing about not being able to give up Messenger always confuses me when it comes up. (Please note that I'm not specifically picking on you, I just see this same sentiment a lot and this was a convenient comment to reply to).
Presumably anyone that has a Facebook account has an email address or a phone number, since it's not possible to create an account without one, so anyone on Facebook should be available via email or text message (since 'phone number' nowadays almost always means 'cell phone number').
But maybe the people that you're talking to don't want to give you their email address or phone number for whatever reason. That seems weird that someone who is ostensibly my friend would withhold that information, but I'm sure that there are valid reasons for that to happen.
Then you can give them your preferred alternate contact method: Jitsi, IRC, email semaphore, smoke signals, USPS mail, whatever. Then the rebuttal is usually something along the lines of, "Well, I can't force them to use the communication method I want to use", which is also weird because that's exactly what they're doing to you by refusing to use anything but Messenger.
And, yes, I understand that a problem can arise where one friend is only available via ICQ, one via IRC, one via Skype, one via Signal, etc., and you don't want dozens of apps clogging up your phone/computer/whatever, which is why I recommend my friends email or text or even call me whenever they want to chat.
There is also the case that is brought up that the person that has to use Messenger to talk to people because they're literally not reachable any other way, which I understand is possible in certain countries where Internet access is severely restricted or nonexistent and the only reliable access to the outside world is via Facebook/Messenger on a cell phone. I get that, too, and that actually does make some sense. But for everyone else, I don't get it.
Nowadays, "some" people isn't worth Facebook harvesting your data. If you really want to keep in touch with those people, you can find a way.
Wanting to be informed about privacy concerns is a world apart from being so single-mindedly concerned that you'll refuse to engage with a company who's bad in that regard, whatever the cost.
Managers, try being a real leader. Or is that too hard?
Oh no!! Unlike any other technology on earth that is actually used by non-trivial amounts of people?
> “Does Zoom sell Personal Data?” the policy says, “Depends what you mean by ‘sell.’”
I for one definitely don't see that as "selling data", I'd agree with Zoom here.
> We do not allow marketing companies, advertisers, or anyone else to access Personal Data in exchange for payment. Except as described above, we do not allow any third parties access to any Personal Data we collect in the course of providing services to users. We do not allow third parties to use any Personal Data obtained from us for their own purposes, unless it is with your consent (e.g. when you download an app from the Marketplace). So in our humble opinion, we don’t think most of our users would see us as selling their information, as that practice is commonly understood.
It seems a bit more nuanced than the article would suggest.
I’ve noticed over the last few years this trend to add a superfluous “here is” or “here are” to a headline. Doing so add absolutely zero information, e.g., from the top three current Duck Duck Go search results for “here are”:
1. “Here Are All the Major Concerts Canceled Due to Coronavirus” – could just be “All the Major Concerts Canceled Due to Coronavirus”
2. “Coronavirus: Here Are 10 Misconceptions Being Spread” – this listicle could simply be titled “Coronavirus: 10 Misconceptions Being Spread” or “10 Coronavirus Misconceptions Being Spread”
3. “Have Children? Here Are 3 Tax Credits You Need to Know” – this listicle could be “Have Children? 3 Tax Credits You Need to Know”
In two of the above cases, it’s also not just the headline but the text body also. I get the psychology behind listicles (and other clickbait phrases such as ”you need to know”) but I don’t understand the rationale for inserting these two wholly superfluous words that neither inform the reader nor embellish the prose.
It’s had the opposite effect on me and I now have an internal heuristic of associating this practice with low quality information and I rarely – if ever – click on such links. Going by the comments on this article, it seems I was right in this case but surely, that’s the opposite of what the publishers intend.
Okay not the same issue this article is talking about, but do pay attention to if your camera is on and where it is pointing :)
Please consider writing up your findings in more detail.
No plugin needed.
Oh dear ...
dont want attention tracking? thats a feature, not a "privacy" bug (you expect personal privacy and freedom during business meetings?). bosses love this kind of metric, and not without reason. maybe if your meeting "attention" rate is low, theres an issue a boss could solve to make the business and employee's lives better. also you can just turn your camera off in zoom.
>it will collect and keep data on what type of device you are using, and your IP address
so... like almost every single piece of the internet? most personal IP addresses rotate, and who cares about your corporate ip? this has to be the lowest value and most common data point there is. not great, but not alarming.
>Do not use Facebook to sign in
hard to see a legitimate use-case for this. the corporate account features of zoom means everyone gets an account with their corporate email address, so why did they ever integrate with facebook? seems likely about scavenging data, but maybe theyre just trying to be trendy.
all in all, seems like a hit-piece. hit-pieces arent necessarily wrong, but they are always agenda-based. maybe the agenda is something i agree with, but i dont know richie koch or what protonmail's stake in the game is in order to take this at face value without any actual details and sources.
Use a new version of zoom?????? Seriously, I mean well duh.
Use a different device to check email??
Very disappointed with the conclusion, I was expecting some way to go into settings and disable all of the tracking garbage.