As other people have stated in this thread everything in Zoom's privacy policy seems to indicate they are sending data to advertisers only as necessary to advertise their own products. They likely:
- Use the Facebook iOS SDK to measure conversions from app install ads
- Send a list of hashed email addresses to Facebook or other advertisers to do ad re-targeting
- Have Google Analytics on their websites to track where people are visiting their website from, i.e. a click on a Google AdWords ad
While these are all not _ideal_ because _yes_, Google and Facebook use this data for their own purposes as well, it's far from _nefarious_. In fact, it's pretty standard fare. Could Zoom go above and beyond and reject these tools? Yes, they could. Does anyone in practice? No.
If Zoom was selling metadata about their calls, leaking contents of their calls, or themselves served ads – then yes, I'd be concerned. But all indications point to them purchasing ads to further the growth of their business.
I think it is perfectly reasonable to seek guarantees around the usage of the above, more sensitive data (contents of video calls, metadata of video calls, etc.) but on the flip side to imply from their privacy policy that they are sending it to Facebook or that they are "in the advertising business" is jumping the gun a little bit.
If their Privacy Policy doesn't say they won't sell or distribute call metadata or contents, I have to assume they will. If they want to update their Privacy Policy to make that clearer, I would encourage that.
(And hashed email addresses? Might as well just send the email addresses. Hashing is kind of useless there.)
Yeah, I hope that the outcome of all of this negative attention is that Zoom publishes those guarantees. What’d be even better, though, is if they enforce them with tech – WhatsApp and FaceTime both offer end to end encrypted group calling.
Hashed contact info is just how Facebook intakes contact information. Makes it harder for them to get the info of non-Facebook users who are patrons of the business. They claim to delete it: https://www.facebook.com/business/help/112061095610075?id=24...
I suppose, but why would you single out Zoom and expect them to act more decent and morally than any other company? Is there any reason you would expect this?
Calling out the biggest players is fine. They have the most resources to roll their own or at least shop around, should they value their users privacy.
This is the most levelheaded comment I've see in this thread. Not least because I have literally never seen an ad run on either the Zoom website or the app. Moreover, Zoom is one of the most successful SaaS companies in the world because their unit economics on their basic business model (of selling premium subsriptions) is literally better than almost any other SaaS company out there: https://tomtunguz.com/benchmarking-zoom-s-s-1-how-7-key-metr...
> One key driver of profitability is labor-market arbitrage. Nearly one third of Zoom’s team, and the majority of its engineering team is based in China. The result is the company spends less than 10% of its revenue on R&D, which is less than half the median of the peer set.
The other thing that's important is the privacy policy includes their marketing site You can see a clear list of tools that zoom uses on their Content Management System (CMS) aka Zoom.us here: https://builtwith.com/zoom.us
I just downloaded Zoom for Mac, saw that it was a .pkg file. Great, I can see what files it installs before I install it.
I open the .pkg, click Continue so it can run its script, then a second later Installer quits and the app launches. What?!
Turns out, Zoom installs the entire app in the 'preinstall' script of the installer package! Inside there's a copy of '7z', and the app is extracted with that. The preinstall script is littered with typos and poor grammar.
I'm not one of those people who thinks that Apple is going to force all Mac software to come through the App Store, but when I see stuff this stupid...I start to wonder.
Suffice it to say, I no longer trust Zoom to be running in my regular user account. I have a separate user on my Mac to isolate it. If you have the means, you might even consider a spare computer or a VM to run Zoom.
I use my iPad for Zoom. One of the few times I'm glad the App Store and sandbox exist.
Even their iOS/iPadOS app is annoying, because the first time you open it and sign in, it pops 3 (!) permission dialogs (Calendar, Notifications, and TouchID/FaceID). Way too aggressive IMO.
Now, if only they'd make a Mac App Store version of Zoom. I'd be so happy...
Man, it's disappointing to hear this has stayed the same for so long. In the future, Apple should sandbox 'preflight' to disallow writing files, and then enforce it as a condition of notarization.
I feel like Zoom has a history of doing shady things under the vail of "ease of use" (referring to the uninstall complaints a few months ago).
I do think on macOS the average user doesn't understand DMG files, run apps from inside the DMG instead of copying them to /Applications and deleting the disk image. My guess is that most people install Zoom after a meeting has started and this was the quickest, fewest dialog method of getting it up and running.
Stop apologizing for them. It's literally two more clicks, and anyone who has gone through the flow expects those clicks. Also, if Installer never realizes it installed something, it won't even offer to delete the installer .pkg.
I'm pointing this out not as an excuse for Zoom, but as an example of long-standing friction in macOS. I think it's worth pointing out they've had the same motivations in the past. Like Dropbox, I hope the OS improves so this isn't necessary and knowing this is a pattern (and not a one-off) with the company I will avoid them when possible.
There are already good solutions to this issue. In particular, simply placing the app package in a zip file, then checking to see if it's installed correctly when opened.
My annoyance with macOS/Apple is that this isn't standard and default. Therefore, not consistent and can be confusing (especially if you're trying to join a call in progress). Because of this, Zoom chose to reduce the number of dialogs thrown up.
Sure, you can technically run .app from most places. It becomes problematic in that you can't write to that directory or self update the app if it's still in the DMG. If you reboot you have to know to remount before launching. Not having it in /Applications also becomes a mess if you're in a multi-user environment.
> Also, some apps display a message asking to be moved to /Applications when launched from a DMG.
This is the kind of friction and extra dialog boxes I'm sure they were avoiding.
Personally, I hate pkg files. I wish macOS had a better flow for unsavvy users to deal with DMG and app files.
I read this like 10 minutes after installing Zoom on my Mac. Yikes. Anyone have a list of files and processes I can tweeze out (beyond the obvious files, which I've already purged)?
Since this .pkg completely subverts how packages are supposed to work, none of the files show up in Pacifist. Everything is in 'Scripts', which is a .cpio.gz.
7zip isn’t the complaint, it’s that the installer installs the app before the user OKs it.
Honestly zoom is something that I would never let near a personal computer. What really surprised me is that there’s a “zoomgov.” (a friend at a defense contractor showed me) Either our government is enjoying the benefits of being able to force companies to be audited because of defense budgets or things have become way more relaxed than they should be. Judging by our “stockpiles” and inability to get critical equipment I’m guessing the second one.
> 7zip isn’t the complaint, it’s that the installer installs the app before the user OKs it.
...I was about to write a reply saying "well in that case I don't understand what the GP is complaining about", but then I opened up the installer again.
I didn't fully take in what the parent was saying. Zoom is completely short-circuiting the normal macOS package install flow. You click continue once to acknowledge that "this package will run a program to determine if the software can be installed", and then Zoom is suddenly installed and the installer exits.
I can understand why they did it, but it's not good.
Although, Apple deserves some blame here. Firstly because their non-app-store software install flow has been screwed up since the release of Lion, and secondly because why can't you use Installer's "Show Files" option before the preinstall step?
I'm not a MacOS user, but I'm having a really hard time getting my head around this:
1. You download an installer.
2. You activate that installer.
3. Your system tells you that the installer can run some code.
4. You agree to the installer running some code.
5. The installer installs some software, via the code that you said the installer could run.
Seems perfectly acceptable to me. If you literally cannot open up the archive file to inspect its contents without running some code inside it, that's not Zoom's problem. It's just a really stupid decision on the part of Apple.
> Your system tells you that the installer can run some code.
The message reads "this package will run a program _to determine if the software can be installed_". Old iWork updates used this to see you had a previous version of iWork on your computer. nVidia's Web Drivers used it to check if your Mac had an nVidia card. No other macOS pkg that I'm aware of makes actual changes made to your system during this step. That's not what the user agreed to.
Behind the consent message is a grayed-out "next" button that you never get to click.
I suppose this system was ripe for abuse, but that doesn't excuse the people who abuse it.
This is a legacy path in the installer they are abusing.
Pre-install scripts are only supposed to do things like check if you have prerequisites installed, eg if your app requires some version of Python or whatever.
Instead they are abusing that to just install everything immediately.
There is literally no reason for it beyond saving one or two clicks.
Apparently, there's an upgrade for HIPPA compliance, too. I have no idea what that entails or how to tell from the client-side if that's in place. I was working with a medical provider and had to switch to remote sessions. Our first VC was cancelled last minute because they were upgrading the account for HIPPA.
This is a great point. People understand installers/.pkg files far better than `.app`'s wrapped in a DMG. Those often get launched inside the DMG which has a ton of other issues, rather than being dragged to the Application folder.
Also packages allow for easier deployment rather than dmg's.
This isn't the point, it's the fact that the installer is being abused to install an app without even giving the user the option to proceed or not. Nothing should be installed as part of the preflight.
Whenever I have been told that I have a meeting coming up with some kind of conferencing software that I don't have installed, I immediately install it. I don't wait until 3 minutes before the call to try and install. All kinds of things could happen, such as incompatibilities or missing passcodes.
I have a need for Zoom, virus or no, but the point of the article is why I don't give them money. Give them money, while the company is apparently still going to worry about milking advertising dollars out of me? That's just going to be a strong "no". As the final paragraph of TFA says, either charge more or give away less for free. But if you're selling me out to advertisers after I've given you money, then you're one of "those" companies that I avoid if at all possible. Because they're skeezy. You don't want to appear skeezy, do you, Zoom?
So for now Skype and MS Teams works fine, or at least fine enough that I don't bother with Zoom. Which brings me to a side question: what is the value proposition for Zoom? What does their product do so much better than the others that I'd put up with this shit? Why am I hearing the hell out of it lately? Outstanding PR department?
EDIT: thanks for your answers to “why use it, then?” Because “it just works” seems to be the summary, which hoo boy, one cannot say about a lot of the competition.
> What does their product do so much better than the others that I'd put up with this shit?
I'll share my perspective as an academic. Many of us have adopted Zoom, practically overnight, for our teaching, for one-on-one meetings with students, and even for conferences [1].
The answer is: It just works. It's easy. It does what we want it to, with a minimum of fuss.
As someone who now has a whole bunch of unanticipated shit to deal with, this is one less thing to worry about.
I definitely share your objection in principle. If this situation continues long into the future (a terrifying thought), then perhaps I'll revisit my choice of software. But in the short term, to be honest, I don't much care.
I've actually found the opposite to be true. Google Meet is an example of a product that just works. Zoom, by contrast, pushes you very heavily into downloading and installing an application on every device you want to use it with, and provides a secondary degraded experience in the browser if you find the right link to use it (which you have to do EVERY SINGLE TIME; there doesn't seem to be a way to permanently opt out of the "install this application" nag flow).
For many people, the criteria by which to judge VC software might be quality of audio and video, ability to deal with low bandwidth, and the ability to run a functional meeting with it. In fact, for many people, while installing an application might be a one-time pain, if it offers better service in some way, it's probably seen as a benefit, not a drawback.
We have Hangouts Meet free at work, available for every single meeting with a single click. Zoom is also quietly available, but we're disincentivized to use it, because the company has to pay extra. We have to jump through hoops to get access. Yet since the COVID WFH revolution, Zoom is becoming more and more widespread. Because, as a VC solution, it just works, and works noticeably better than Hangouts Meet.
I feel like VC software will just get more funding by pushing apps/downloads because it makes it easier to collect more data, serve unblocked ads, and nag with notifications for engagement. Not a startup but I'm convinced mobile Reddit is slow and missing features on purpose for just this reason. All they had to do for a perfect mobile experience was enhance .compact a little.
I can vouch for this. Organizations are adopting left and right - both in the healthcare and food industry. Why is zoom getting more traction than google hangouts ever had?
No way to view anything in the right side panes (chat and members) at the same time yet when you do view them your bottom pane with the meeting controls auto hides (???). Some panes auto-hide some panes don't. After about 6 people video has a tendency to hang (even if all users are on a gigabit connection). No way to request control of someone else's screen. Also for large conferences (100+) Meet just doesn't have the standard options at all. It's smart enough to mute everyone by default and (I think) disable video automatically now but it's nothing like the features most others offer for large meetings.
Outside the one or two time app install (depending how many devices the user has) Zoom actually has everything you need to get a meeting done. Need a multi user whiteboard? There. Need to have someone control someone elses stuff? There. Need to hold a large meeting and have one at a time raise hand questions? There. Most importantly these don't get in the way of "need to just talk with someone else" being there and just working as well.
No meeting app is perfect for everybody but Meet lacks a lot of flexibility to get it's simplicity and it's not all that much simpler than Zoom for it.
You're using the exact same definition. "It just works" for you, so you're saying it just works, and you're discounting that it doesn't just work for me and many others who don't want to install software just for fricking videoconferencing, when plenty of other apps do it well in-browser without constantly nagging you to install something thereby making you feel like a second-class user.
Of course "it just works" is a subjective, personal opinion.
I guess I'd rather install an open source browser plugin to do this than a closed-source proprietary application, but ideally I wouldn't have to do either!
Anyway, thanks for the link. It didn't even occur to me to look for something like that.
For bigger classes Meet is just not good enough. Unless it changed recently they've got a limit of 20 connections per meeting. Also you can't mute everyone apart from you easily (you have to do it one by one) which adds another problem.
Until July 1 the premium version of Hangouts Meet is made available for free to you if your university has access to Meet. This means up to 250 people in a single meeting:
"Starting this week, we will begin rolling out free access to our advanced Hangouts Meet video-conferencing capabilities to all G Suite and G Suite for Education customers globally including:
- Larger meetings, for up to 250 participants per call
- Live streaming for up to 100,000 viewers within a domain
- The ability to record meetings and save them to Google Drive " [1]
Zoom definitely has better crowd control (for lack of a better term) than Meet does. Meet does have some relatively unused but helpful features though like the questions that you can ask as an audience member and upvote others' questions. Can be very helpful in a lecture.
It looks like Zoom started in 2013. Google Hangouts was only released in March 2017. When trying to use Hangouts I've had to jump through different browsers because the one I was using wasn't supported.
I also think accounts are a friction. Even though we all used Google services, with Zoom if I needed to hop onto my phone so I could listen in while running an errand I would have needed to authenticate if I was using Meet. I also don't think I've ever been in a Google video chat with more than 2 people. With Zoom we did company meetings without issue.
Maybe it was the friction around plugin deprecation (was it Firefox?) combined with the treadmill of deprecations and transitions to new products; within the past year or two I've had to jump between Safari, Firefox, and Chrome to join a meeting--also requiring a separate plugin install. Over many previous years Zoom worked just fine as a standalone app.
The Hangouts video meetings you have access to do in public Gmail/Calendar are not the same product as "Hangouts Meet", which is only available with a G-Suite account. Meet is definitely a more polished experience.
I also use the commercial google hangouts, I struggle to think of the differences. I know there's the annoying (must be in the domain to join a meeting without being invited) thing. Uh, is recording only in the paid product? I'm just not seeing it. Maybe there's some limit in the free product? it works for just my group of friends.
I thought Hangouts "classic" was phased out already. But they have extended its life until June 2020. Not many differences with meet, but not available forever.
I'd guess they'll take pity on us and keep it alive longer. Meanwhile in that time they'll introduce 2 new texting schemes plus announce EOL hangouts yet again and then extend it ;-)
> The answer is: It just works. It's easy. It does what we want it to, with a minimum of fuss.
I think the real reason is "it's just what everyone else was doing." All of these apps "just work," as someone who has used a veritable gaggle let me tell you there's scarce difference between them. Except zoom makes it more difficult to join without the app (others work in the browser outright, zoom tricks you into installing).
Zoom I think just happens to be one of the trendiest. But with this kind of behavior there's really no reason to use them.
> I think the real reason is "it's just what everyone else was doing."
I can't speak for others. But for me, using Zoom is really because it worked better than everything else I'd tried (Skype, Google Hangouts, WebEx, rolling my own SIP server). That was parts: Linux software reliability (WebEx, Skype), limits on the number of people that could join meetings (Hangouts), and effort to talk my collaborators into installing new software (SIP+Jitsi). A bonus is that my employer had an institutional Zoom account. I've been happily using Zoom for 2-3 years now. I'm unhappy about these privacy issues that are being discovered/discussed now and I kinda feel like I should have looked into it. I'm sure there is a bandwagon effect happening, but there was also a real component of it working better than other solutions.
> Why would your collaborators have to install any software to use Jitsi? (It should work in a browser AFAIK)
Honestly, I didn't know that there was in-browser capabilities. The last time I used jitsi was via the java desktop client, probably 3-4 years ago. It was a year or so later that I started using Zoom, so I didn't revisit jitsi.
I hear people talk about meetings not working for them. I can't understand the issue. I've used it for many years across groups that are small or large, personal, commerical, whatever, macs, all phones, linux, windows.
At my new company they wanted to pay a license to use zoom. I asked why don't we just use meetings for free? The answer was it makes us look professional. That's where zoom is. There are dozens are alternatives.
I think zoom's secret sauce is meeting reliability and quality. You can consistently communicate without audio hiccups and other issues more vs others. Otherwise, why would zoom get so popular with the word of mouth of 'it just works'?
What you're saying is basically a form of 'works on my machine'.
At my previous company there was no official VC app. Zoom was used the most across multiple years even after trying every other app often. Personally, I didn't like Skype because it seemed heavy and they kept making the things in the UI I liked more difficult to use. Google Meet wouldn't work in my default browser. Both required accounts to sign into a meeting.
We were all over the world and using Mac/Win/Linux. So latency was high and bandwidth was often narrow. We also did company meetings every month or so. We pushed in a bunch of different directions. Often apps are only good at one or two of these scenarios, but Zoom was good enough at all of them.
I had no clue until this week there was a web version, but after using all of the others I'm glad it heavily prefers a standalone app. I do wish they had less scummy practices or there were better alternatives.
> We were all over the world and using Mac/Win/Linux. So latency was high and bandwidth was often narrow
for me, i think this is key. I've used skype, hangouts, and gotomeeting over the years. only zoom works this well, multi-platform, including my fave, linux, in all sorts of conditions.
i wish this wasn’t so, and that we had good cross-platform solutions. :(
My anecdotal experience: Zoom's audio and video has consistently worked much better than any of the in-browser tools my team has tried.
I'm sure part of this is due to it being a native app.
Once a user is over the hiccup of "download and install this," being able to hop into a call immediately without much mucking about with audio and video settings seems consistently better with Zoom.
Most of them require you to create an account, often confirming an email in the process, which is a big barrier to setting it up. Accountless video conferencing is valuable if you don't have everyone at your company setup with Google or 365 accounts.
You have not set up video conferencing in academia then. Or have the WebEx or high-five meeting falter when a hundred people join. Zoom is definitely the most seamless video conferencing system out there, and there's a reason more and more corporations are switching over to them. It sucks that they're skeezy as well, but perhaps it's because they know they have the technical advantage
Not true in my experience. I have a remote cofounder and we do always-on video for hours a day so we systematically evaluated each option. The absolute best (resolution/framerate/latency) is FaceTime and the best cross-platform is Zoom.
it kinda works. I've had a lot more luck running massive meetings with the open source and free alternative jitsi. Their offering https://meet.jit.si/ is amazingly simple with no installs and definitely 'Just works' to the point that in lockdown I use it for family catchups, large friend coffee + beer catch ups and all meetings because all I need to do is send people a URL and they literally just have to click it with no plugin installs etc.
> The answer is: It just works. It's easy. It does what we want it to, with a minimum of fuss.
I guess I'd like to know the details of how its easier than the other of myriad of products on the market for you?
At my company we use Slack Video calls, WebEx, and Zoom, and they seem as identical as each other (I'd argue Slack is easiest since we're all logged into it all the time, but that's us).
Two days ago I was in a Zoom Townhall Meeting, shortly after a friend of mine who is working at Deutsche Telekom (largest telco in DE) told me that their internal webconferencing solution is crushing under the load and staff is advised not to use video when it's not critical.
Our Zoom THM with 130 participants ran without any issues whatsoever. I'm stunned how flawlessly they seam to scale. I want to work with the people responsible for this tbh.
Yeah, it feels like overnight with this pandemic that "zooming" turned into the verb of choice (e.g. https://www.reddit.com/r/consulting/comments/fmfdh6/my_old_c... ), even for friends of mine who are non-technical and have never used it before, and this is not surprising. Its scalability during this pandemic has been amazing, getting into a zoom call for new users is as simple as clicking a link, and the "brady bunch view" when you have more than 5 people is better than anything else I've tried.
Our town-hall meeting was 12000 (twelve tousend) people and there was no problem. We used it in some special mode where you only could open your microphone but not the video. I have no idea how many countries we were from but we're a fortune 500 company.
We regularly have milestone meetings at a custommer with 300 people joining with the normal setup where everyone can join the conversation, never had any problems with zoom.
The more amazing part is that they are able to handle this unexpected, enormous increase in traffic. I'm guessing it's a mad house there trying to keep enough capacity. But if not, and it is scaling in the cloud this seemlessly, then their infrastructure is definitely a work of genius.
We've found Google Meet / Hangouts too unreliable for even small-scale calls (e.g. our daily standups) whereas Zoom has pretty much perfect quality (and the lowest CPU footprint).
It's actually not that easy with cross team / cross company slack calls, especially depending on how your company set up slack. So it's both onboarding and some configuration to get everyone invited / permission properly.
Or you know - send over my zoom meeting room number - and done.
> I guess I'd like to know the details of how its easier than the other of myriad of products on the market for you?
I haven't comparison shopped yet. And, for that matter, I haven't initiated any Zoom meeting myself, except once when someone else requested I do so. (I used Blackboard to meet with my classes.) I just noticed that it's been popular with others, and I've gotten it up and running with no effort.
I am trying out MS Teams, but it's a pain to setup. Multiple emails back and forth to tech support, and apparently I have to go in and manually add every person I want included. From what I can tell, it seems to be designed around a rather elaborate setup, in a situation where you consistently communicate with the same handful of people.
With Zoom, it's "click on this link". You don't have to have configured anything in advance. Especially useful when you want your meetings to be open.
As an example, you can now watch the Number Theory Seminar at MIT, live:
Researching a 'myriad of products' takes its own time, perhaps not usefully if you're dealing with heaps of 'unanticipated shit' in a time of crisis.
Zoom is well known, so people are likely to try it early in the process. If it works they may choose to move on to other things. This may not be the perfect process in the abstract, but in reality it's practical.
My experience is that Slack video is not nearly in the same class as Zoom. Granted, I haven't used Slack video for work in a year or two but I have been using Zoom at my company for the last 9 months and it has really been flawless. I didn't want to like it but I kinda do now. hah.
I mean, so do all the major WebRTC video chat programs. Google Meet is absolutely painless, and I can use it in the browser instead of downloading Zoom's very sketchy application.
But Google made Hangouts/Meet G Suite only. My university is not using G Suite beyond student email (employees have outlook).
I only started using Zoom now and it solves a lot of my problems: virtual backgrounds while talking to students in my bedroom, recording my lectures, handling large live streams (50+ people), painless set up for non-tech-savvy users.
The only problem I had is that it would corrupt sound from my mic about every hour in a 4 hour stream.
They will be successful, but in part because other chose not to be.
I’m interested to hear the type of institution and age range of students with whom you are having 1 to 1 video calls. I’m a teacher in an 11-18 secondary school in the U.K., and we have been instructed to avoid 1 to 1s with students as a safeguarding risk.
I’m not casting any aspersions here, I’m only interested in comparing notes with a fellow teacher.
1 to 1's are totally common and accepted in a university setting. You're generally supposed to leave your office door open (when having them in person), but otherwise this doesn't raise any eyebrows.
(U.S. here and didn't recognize the term, link for others' convenience)
Safeguarding is a term used in the United Kingdom and Ireland to denote measures to protect the health, well-being and human rights of individuals, which allow people — especially children, young people and vulnerable adults — to live free from abuse, harm and neglect.
> I definitely share your objection in principle. If this situation continues long into the future (a terrifying thought), then perhaps I'll revisit my choice of software. But in the short term, to be honest, I don't much care.
It is a trap. Traps are especially effective and harmful in panic mode when everyone catches the first bait. In the long run, free software (not as in beer) is much better for everyone. Especially in panic it is essentiel to think thoroughly through your decisions.
Except the horrible "trap" is not something many people care much about.
Zoom seems VERY focused on making stuff easy to use.
They clearly are doing things like installing in user folders etc to get around organization "protections". Same thing with the crazy web server launcher. Yes - creates privacy / security risks but also made things marginally easier. Same with the Facebook SDK integration etc. They are going for ease of use FIRST.
HN is treating zoom as if it's some devil software. Part of the REASON for it's success (vs the fully end to end encrypted offerings etc) is because it DOESN'T emphasize security / privacy, it can be installed in a shadow IT manner etc.
Last week on Zoom, I attended an online conference (https://www.daniellitt.com/agonize/), and participated in a D+D game. Privacy and security weren't priorities. (Indeed, complete video of the conference has since been posted.)
That said, there have been problems, see for example here:
This use of the word security drives me insane; security is composed of availability, integrity, and confidentiality weighed against each other. Having 0 confidentiality controls (hypothetically, not that this is the case here) is not necessarily insecure.
Privacy is not a synonym for security. It's not even necessarily a requirement for good security.
How do you think hiding the possibility of doing calls in the browser fit into that picture? Surely doesn't make things easier for the people that don't want to / aren't allowed to install things.
Because the security / privacy focused video conferencing apps are getting no traction. Because the tradeoffs for security / privacy (more difficult onboarding for an individual on new devices, more difficult inviting, poorer video quality etc) seem to have scared people away from those options (which do exist) and into the arms of zoom which has made ease of use it's entire focus.
You can set your own meeting room to be join-able BY ANYONE with an ID that DOES NOT CHANGE. Terrible security - great convenience.
Business and educators get feedback if students etc are using other programs other than zoom while on call. TERRIBLE for privacy (zoom tracking which windows are foreground etc) - nice convenience for teachers and bosses who like this.
At every turn, zoom has emphasized things like this.
At a major academic medical center, we’ve been using it for massive town hall and department meetings and it has been working flawlessly. Very impressed.
If you are going to require students/employees to use a tool like Zoom (and choosing it for lectures is definitely making it a requirement) then you are obligated to, at the very least, seek informed consent from students/staff as to what privacy they are giving up. And if someone doesn't consent (voluntarily), you have to seek alternatives and mitigations.
If you're a Comp Sci or Engineering prof you really have an obligation to try harder. You have the capability to explain mitigation techniques (virtual machines, sandboxing, using temporary email addresses, VPNs).
Longer term I think we will see a host of Zoom competitors, because really there is nothing special in the client. Hangouts in particular could easily eclipse it with some work.
Also, I think the grid of faces approach is just awful. Many people have been working on VR meeting systems which have significant advantages for multiperson communication (i.e. discussion vs broadcast). Lecture/theatre VTC (which provides an aggregated feedback signal to the presenter) is completely unmet by Zoom. So once we're past the hump the field will broaden, and at that point the privacy requirements have to be enforced rigourously.
Both in high school and college I used PLENTY of stuff that I didn't want to and was never provided "alternatives" if I didn't consent. Seriously, endpoint protection products centrally controlled with total system access control are not uncommon in these settings.
You are claiming I can opt out of all of this if it invades my privacy?
The school had a third party vendor that tracked every keycard access to every lock on campus - I'd def like to opt out of that!
There's a difference between the school allowing tracking your use of their equipment and the school requiring you to use tracking software on your own machine.
Of course, if the schooling is voluntary; either private K-12 or any collegiate level, then you just have to play by their rules or go home. Someone could definitely bring the case against a state K-12 requiring Zoom use though, were they properly paranoid, motivated, and funded.
Privacy legislation in America has not kept up with technology. But if you're going to a public school you can at least take political action at the School Board level.
It might not be a legal requirement, but it may be ethically wrong, and university staff who act unethically can face consequences. Student organizations are hopefully not totally powerless, though they are no doubt using Zoom for meetings too.
From a technical perspective I don't think anything groundbreaking is required, it just wasn't a market segment earning money before now, because why not just walk down the hall, or have a conference etc? Noone is saying a Zoom meeting can replace that, it is just a stop gap.
>
Longer term I think we will see a host of Zoom competitors, because really there is nothing special in the client. Hangouts in particular could easily eclipse it with some work.
Then why hasn't it, despite far more work and funding than Zoom, for over a decade?
This is a "I could have invented Facebook" comment. Things are
harder than you suggest.
Google notoriously loses interest in what isn't hip at the moment. I think they might notice this market segment.
Also I've done 300+ participant A/V conferencing systems, it isn't the client part that is hard, its the authentication, directory and latency that becomes difficult, and google already has that pretty well sorted.
So some company I don't like will advertise at me. I don't like it, but I don't care that much.
I am prioritizing. During the present COVID-19 situation, my top two priorities are (1) maintain my health, including my mental health, and refrain from posing a health hazard to others, and (2) maintain my relationships with my students, colleagues, and collaborators.
As I see it, if I give some skeezy private company some personal information by accident, then I am making a personal sacrifice, and not all that big of one. I'm trying to worry about my duties to others first.
> So some company I don't like will advertise at me. I don't like it, but I don't care that much.
You're normalizing it and making your students use it though, so it's really not "it affects me, but I don't care enough", it affects others as well. And let's not kid ourselves: once it's established, nobody will switch to something else, because they'd have to explain and guide everyone they want to talk to to install another app etc.
We probably live in different countries and are affected by the current virus situation in a different way.
I live in France. Overnight schools were closed and the existing school platforms are a joke.
Beside the fact that they crashed, there is no interactivity built in.
So as a parent of two children I would have been delighted if the teachers switched immediately to Zoom or Discord and I truly do not give a fuck (not that I do not care, I do not give a fuck) about privacy and whatnot when it comes to middle age history or derivatives.
This is this, or me having two jobs.
So except if the software keeps on spying after it is switched off (which would be unacceptable) they can use Zoom or whatever if the teaching process is maintained.
If the teacher asked me to install The Catholic Video Conferencing System my only question would be where to get the msi from. (again provided that there is no spying afterwards)
> So except if the software keeps on spying after it is switched off (which would be unacceptable)
This is really kind of funny, because this exact thing happened literally less than a year ago. It was technically a vulnerability, but they refused to see it as such and fix it until it was disclosed publicly and they had a wave of negative PR. They literally allowed anyone to connect to the webcam on your computer through an always-on server which remained installed after you removed Zoom from your computer. https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...
I can't believe everyone has forgotten this quickly. Zoom is not a trustworthy company.
Your second point I disagree with; I think if people raise objections, encourage people to switch, and volunteer to shepherd others through the technical details -- then people will be agreeable, and we'll see a shift which will gradually become pervasive.
I'd love for it to be so, but social inertia is a big factor. It's easiest to just use what everybody else is using, you won't have complications and, very important, you won't stick out.
It can change rapidly in small communities, e.g. you getting everyone in your department together, deciding on $goodAlternative and using that whenever possible (in addition to Zoom, because you'll still have to communicate with the outside world). But at large?
> Your second point I disagree with; I think if people raise objections, encourage people to switch, and volunteer to shepherd others through the technical details -- then people will be agreeable, and we'll see a shift which will gradually become pervasive.
This doesn't square with any experience I've ever had trying to get $alternative_technology adopted because of $principle in favor of $default_thing, and from what I've gleaned talking to others, and reading the experiences of others online, the problem isn't me.
Maybe post Cambridge Analytica the world has changed -- I at least don't get looked at like I have three heads when I tell people I'm not on Facebook anymore -- but if folks are still responding to complaints about privacy issues like this with what amounts to "meh, don't have the energy" then I'm skeptical. If zoom becomes "the standard," I don't think the inertia will be much easier to overcome.
As soon as something goes wrong with your solution - everyone goes, why aren't we using zoom. Literally totally non-techies - that will be their first bit of feedback (I tried to go with google hangouts).
Possibly, though my personal experience is that people differ mostly on their understanding of privacy issues, not their valuation of privacy. Somebody that doesn't fully understand how much you can tell about someone just by looking at their call meta data isn't concerned about meta data. I've found most alter their stance when they get a better understanding of the issue.
> but if you give up your principals when something is difficult, why have them at all?
Your answer sort of reads as if the choice of technology is the only friction people are currently dealing with. The situation isn't easy, even using some easy to use technology like zoom. Adding friction will only make things harder for people doing their best in already hard circumstances. It may well exceed their mental budget for friction.
I wish widely deployed privacy-respecting solutions were already deployed at scale, people trained in their use and a suitable curriculum available. But that's not where we are and putting more load on already well loaded people will not improve the situation.
No, it really doesn't, which is why I prefaced it with talking about being flip.
It asks the question "What is the point of a principle?"
I dont think calling privacy a principle is true if you are willing to give it up for something that "just works" - I believe covid is likely one of the biggest problems in the modern age, but during times of hardship we need to cling ever harder to our principles, or consider that maybe it isn't nearly as important to us as we thought.
> No, it really doesn't, which is why I prefaced it with talking about being flip.
Preface or not, it still reads like that. You're extolling one principle. I entirely agree that privacy is important but should be upheld. But there are other conflicting principles at work here - the list here is in no way complete.
* The right to privacy.
* The right of pupils to receive an education
* The right of teachers to limit the amount of work and energy they need to put into their work.
* The right of teachers and pupils (and the general public) to stay at home and evade infection.
So glorifying one principle at the expense of others is at best problematic. What's the point of upholding one principle and ignore that at the moment, it conflicts with others?
And that's why your absolutism on one principle to me still reads flip - or at least ill considered - even if you preface it with "I don't want to be flip."
By that argument, does anyone have any software principals? I mean, if someon told me "use software product X, or I will horribly kill you and everyone you love", I'm going to use the software.
And that's why my question was calling privacy a principle, it seems like its not. You don't give up your principles because the cost outweighs the benefit - that's literally what principles are about, you do them when they are hard.
> you don't give up your principles because the cost outweighs the benefit
Yes, a rational person does. You're thinking of dogma. People don't give up their dogmas when the costs outweigh its reasonable benefits because holding onto their belief system is practically infinitely valuable.
Dogmas are hard boundaries. Principles are guiding factors. Sacrificing privacy as a principle in the midst of a global pandemic is perfectly fine in most cases. It's still a guiding factor, but it's of lower priority than competing interests.
But are you excluding people for whom the cost vs benefit is the other way? If you're in a position of authority it is up to you to minimise the violation.
The consequences of privacy loss can be severe, up to and including violent death (partner violence, anti-LGBTI attacks, religious persecution). A person with a moral (and likely legal) obligation to protect individual privacy cannot lightly discard someone's fundamental rights to favour the marginal benefit of others.
We haven't seen a Zoom log found in an open S3 bucket yet, or a leak via fb, but experience says that it is only a matter of time.
So if you're going to mandate Zoom, own the risk. Mitigation is possible: provide recorded streams for secured download (if safe/ethical/notified to record other participants!); provide a work laptop with a non-identifying config instead of a BYOD; many other options.
What could possibly happen in an educational setting that is so sensitive that it needs a CIA-level approach to safeguarding privacy?
The consequence of getting on a school bus can be life or death. The consequence of eating a peanut butter sandwich can be life or death.
If you’re a medical professional or psychiatrist, maybe you shouldn’t use zoom due it’s privacy record. But if you’re teaching a lecture on linked lists to your class of 30 kids, death via persecution should probably be very low on your considerations when choosing video conference tech.
Guess (or find a leaked meeting ID) and you can talk / show things pseudo-anonymously to a bunch of kindergartners today.
Or just observe them and find out aout them. That has some potential problems.
Why do they have to record calls? Transcribe the call into text then Store it. Why do they need to take copies of whiteboards and PowerPoint’s it’s does not make sense.
It isn't being used just for comp sci lectures though, it's being used for all sorts of things, e.g. union organising, prayer meetings. (And even for Comp Sci it tells an observer who goes to which university and the class(es) they take.)
Frankly I find your comment dismissive of the real threats faced by women and minorities.
I did not mean to be dismissive of real threats. But I also think an overwhelming majority of calls on zoom could be leaked wholesale and no one would be harmed. And just because they use the Facebook and Google SDKs to measure their marketing does not mean they’re “selling user data” or inadequately protecting the privacy of video conversations. And it’s a very far leap to blame an educator for choosing zoom (a free and easy to use product) as insensitive to the persecution of minorities, when it’s really not a factor for most use-cases.
Let me know where you draw the line for beginning to care, without having asked any of the participants.
I know math lectures don't seem a hot spot, but it's a slippery slope of adoption, and you might be surprised about the depth of harassment problems in the math community.
>The consequences of privacy loss can be severe, up to and including violent death (partner violence, anti-LGBTI attacks, religious persecution)
If you are going that way then likewise, there is always someone somewhere could die because the software doesn't work because they prioritize privacy.
Beside, The reason we have growing acceptance for the LGBT is because of the openness and transparency. That won't happen if we have perfect privacy.
Yes is true that leak is only matter of time, so its even more infeasible to maintain privacy. The solution should be to assume information is public as much as we can and fix the issue that arise from that.
'A privacy breach is inevitable with this this privacy violating software, so no point in having privacy' is quite an unconventional take.
If you could post your real name, address, phone number, email, sexual orientation, religion, employment status, performance review, salary, hobbies, political viewpoints etc we can get started processing your revocation of privacy.
Oh you didn't realise your boss was having meetings with HR over Zoom? Sorry, we can't have different rules for some.
Oh and you'll start seeing ads for '5 step sobreity' now since we see you were in the local AA Zoom. Sorry about not getting that new job -- that company ticked the 'no addicts' flag in the selection matrix, and, well, the job market is kinda competitive now.
> If you could post your real name, address, phone number, email, sexual orientation, religion, employment status, performance review, salary, hobbies, political viewpoints etc we can get started processing your revocation of privacy.
I have actually voluntarily shared pretty much everything on your list publicly at some point. Even then the important part is that it was my choice to do so, and there’s still a number of things I will not freely share.
>If you could post your real name, address, phone number, email, sexual orientation, religion, employment status, performance review, salary, hobbies, political viewpoints etc we can get started processing your revocation of privacy.
Eventually yes, I would prefer that I don't have to keep secret of all of those information but I can't because not everyone is.
>Oh and you'll start seeing ads for '5 step sobreity' now since we see you were in the local AA Zoom. Sorry about not getting that new job -- that company ticked the 'no addicts' flag in the selection matrix, and, well, the job market is kinda competitive now
If a company choose not to hire addict than its their choice, its their lost.
And I should add that I'm trying out MS Teams as an alternative. After six days, and multiple e-mails back and forth with our IT department, I think I've almost got it set up properly.
Many music teachers are doing online lessons now, mostly via Zoom.
It seems that Zoom is the only popular videoconferencing software these days that allows you to disable all the postprocessing on the audio signal (echo cancellation, noise reduction, etc) through advanced settings. This postprocessing is very useful for /conversation/ meetings among many people with bad audio setups, but for two musicians and music signals, the postprocessing is highly detrimental, causing strange audio artifacts and causing instruments to drop out sporadically.
(It seems like there would be a market for videoconferencing software optimized for musicians, where the audio signal is sent at higher quality, given higher priority, and not postprocessed in detrimental ways. And without all the privacy concerns.)
This is an interesting use case. I know these features exist for what would be considered "enterprise" VC platforms. Having administered both Vidyo & Bluejeans previously, at least, I know the admin has pretty discrete control over the codec behavior.
Zoom is the first video conferencing platform that I've used, that works reliably. They are gonna come out of this mess smelling like roses, no matter what carbuncles are exposed.
I've been doing videoconferencing for over 30 years (Yes, they had it back then -we used PictureTel systems, over ISDN).
I regularly participate in Zoom meetings with 20 or more attendees. I know of ones that have over 400.
An amazing thing to me, is that technophobes can pick up on it very easily. Very little of that pre-meeting "Mute your mike!", "Can you hear me?", "Whose dog is that?", tons of texts, asking for help, etc, stuff.
Skype is very bad for more than a small handful of attendees.
WebEx and GoToMeeting are OK, I guess, and I've heard good things about BlueJeans.
But Zoom is what I use, and Zoom is very popular with people that suddenly need to gather, and can't do so, physically.
> WebEx and GoToMeeting are OK, I guess, and I've heard good things about BlueJeans.
GoToMeeting has had a banner up for the past few days asking people not to dial in on time for their meetings, because they can't handle the current load. My company uses GTM for everything, but there have been problems. We'll probably switch to Zoom.
If your concern is privacy, why are you using Skype and MS Teams?
If you don't want a third party getting your contact information, then use a private solution that's actually private. Jitsi and Matrix are open source solutions that both support video conferencing.
Because Teams actually has a decent privacy policy:
"As a customer of Office 365, you own and control your data. Microsoft does not use your data for anything other than providing you with the service that you have subscribed to. As a service provider, we do not scan your email, documents, or teams for advertising or for purposes that are not service-related. Microsoft doesn’t have access to uploaded content. Like OneDrive for Business and SharePoint Online, customer data stays within the tenant. You can check out more about our trust and security related information at the Microsoft Trust Center. Teams follows the same guidance and principles as the Microsoft Trust Center" https://docs.microsoft.com/en-us/microsoftteams/security-com...
I just Ctrl+F'd Google Meet and no one seems to be really talking about it. We've been using it for our meetings for a long time and it works really well. I'm wondering why it doesn't have widespread adoption. You can call-in via phone, can log the minutes of the meeting and seems to "just work" too
Requires a G Suite enterprise account. It also doesn't help that Google Hangouts Meet and Google Hangouts are two similarly named and looking but incompatible products.
My impression is that to use it you'd need to sign up the organization for G Suite. Whereas Zoom you can just start for free and then if they want individual users can upgrade their accounts to paid ones. That helps with grass-roots adoption in companies. It's also a clear "we pay for video conferencing", not "we pay for video conferencing and all this other stuff we don't want to use because we already have solutions for it"
If I'm not mistaken they don't offer Desktop apps and their browser experience has been just plain bad for me. Using Firefox on Linux I wasn't able to get mic and camera to work. While it did detect them just fine, it didn't allow enabling them. I tried that on multiple devices with the same result, so my take is that they consider Firefox as a second-class citizen.
I've had the opposite experience with a Mac - Whereby worked whereas Zoom just won't. Which means I'm forced to use the Zoom iOS app, sadly, because $work just migrated to Zoom because it can handle the (insane) video all-hands we have every Wednesday (with 20+ people).
I think whereby deserve to get more attention from the HN crowd, although the Founder did say they are working hard on the extreme interest for the past few days. So may be give them a few more days before a separate submission on HN.
I've used Skype (for business and normal Skype), FaceTime etc. The Zoom experience is just much better for larger groups (> 10).
I use Teams at work and would say it is comparable to Zoom in terms of AV quality (Microsoft owns both Skype and Teams portfolios, but Teams is built on a modern codebase that runs on different, markedly superior infra than Skype). Unfortunately Teams only works in the enterprise (O365), and it is still fairly new so it doesn't have a lot of the collab functionality like whiteboarding and breakout rooms that Zoom has.
Privacy issues aside, Zoom really is a better product. People are more forgiving of a product's peccadillos when it just works.
> So for now Skype and MS Teams works fine, or at least fine enough that I don't bother with Zoom. Which brings me to a side question: what is the value proposition for Zoom? What does their product do so much better than the others that I'd put up with this shit?
For me, it's one of the few video chat clients that works well in Linux. Skype may or may not work depending on the version and whether or not Microsoft supports the Linux client. And I have no idea whether MS teams works at all in Linux.
I am using it in chromium on linux, and I can tell you it does not just work. The audio is really really shit (constant crackling). I'm basically unable to attend meetings on zoom. Luckily most of them are in google meet which works fine in a browser.
You could just install their native app which is available for Linux as well and just works. It's also a real native app and not the usual Electron-based crapware.
I'm with you. I have no idea what people like about it that isn't already done better in e.g. Google Meet. Having to download a program is also really crappy IMO. Plenty of other video chat applications work in my browser.
> Having to download a program is also really crappy IMO. Plenty of other video chat applications work in my browser.
You know, even two hours ago I'd have agreed with you, but my thinking is evolving.
It's pretty clear from responses in this thread that there is a quality difference between Zoom and Hangouts/Slack/Teams/etc, at least under certain circumstances. In addition, anecdotal reports are that if you do insist on joining Zoom via a web browser (even though their user flow really pushes you not to), Zoom's quality goes down a lot.
So perhaps the reason Zoom is superior is because of its native app. Whereas Slack and Teams's apps are just Electron clients that use WebRTC, Zoom is doing something truly custom. It seems to be paying dividends.
You might not using it that much I'm guessing. It's meant for power users like teachers, academics, government agencies, people who are doing video conference more than once every day and just need to get things done reliably.
Everyone I know has switched to Zoom. It's a clear improvement in a technical sense than all the existing options out there. We're trying to do our jobs, not make a statement and end up embarrassing ourselves professionally.
So no Zoom does not have to clean up its privacy act. Other companies need to improve their software on a technical level to be more reliable and be more optimized. It's ridiculous that companies who supposedly have amazing developers like Google, Slack, Microsoft, Facebook, can't even do teleconferencing well.
PS: You don't have to download a program -- it has an online version.
> PS: You don't have to download a program -- it has an online version.
They push their client so hard it's not at all surprising OP thought it was required. I would have assumed as much if I hadn't read otherwise. They don't even show you the link to join via web until after you've told them that the download isn't working.
And given what I'm reading about the quality of their web client, there may be a reason they're so pushy...
I said this at the beginning of the crisis and first major rush to Zoom by many companies: their start-up friendly business model is going to bite them hard when they have to blitzscale services and there will be growing pains while they find the right non-vc-subsidized pricing model for long-term customers.
I think we can cut them some slack for now as they are under more pressure then many other tech companies. They managed to make a great product - so presumably they'll be able to build the right processes for the company itself soon too.
I am also confused about why zoom is the de-facto conference tool now. I have been working remotely for 6 years and haven't really noticed it being significantly better than other tools like Lifesize or Bluejeans. Also, the inability to draw on the presenter's screen is a big negative in my opinion. Trying to pair lately over Zoom always ends in a bunch of stammering like "erase that dot over there.. no... over there... no, up left..."
> Give them money, while the company is apparently still going to worry about milking advertising dollars out of me?
Does Zoom have ads? I haven't seen any. I believe all of the ad tracking is for the reverse: Zoom wants to see if their own advertising is effective. For example, if they buy an ad on Facebook that you saw and then you install the app, they can attribute the install to that ad and measure ROI.
They can track that from the clickthroughs. The adtech economy is far richer that just showing ads and tracking ads -- the suggestion is that they're feeding data from your use of Zoom to enrich your advertising id(s) to help others provide you the most relevant possible advertising experience / track the living daylights out of you.
> the company is apparently still going to worry about milking advertising dollars out of me
They will never not do that. Paying customer or not, no business is ever going to say "let's give up a huge amount of revenue so we can avoid invading people's privacy and annoying them with ads they don't want to see". To do so would be to miss an opportunity to make even more money.
The fact you're a paying customer also implies you have disposable income and you're willing to spend it. Ironically, paying money to avoid advertising makes your attention even more valuable to advertisers.
The only way they'll stop advertising is if it's not profitable. The only solution is to block all ads and reduce their return on investment as much as possible.
Wrong. Read Microsoft's policy https://docs.microsoft.com/en-us/microsoftteams/security-com... "As a customer of Office 365, you own and control your data. Microsoft does not use your data for anything other than providing you with the service that you have subscribed to. As a service provider, we do not scan your email, documents, or teams for advertising or for purposes that are not service-related. Microsoft doesn’t have access to uploaded content. Like OneDrive for Business and SharePoint Online, customer data stays within the tenant. You can check out more about our trust and security related information at the Microsoft Trust Center. Teams follows the same guidance and principles as the Microsoft Trust Center."
> Paying customer or not, no business is ever going to say "let's give up a huge amount of revenue so we can avoid invading people's privacy and annoying them with ads they don't want to see".
Some companies do this and capitalize on it by advertising it.
I don't get it. I get that you don't like the adalytics-based business model, you don't use the product. But I don't see a rational basis for making that conditional on cash price, which is an independent concern.
It only makes sense if you value the product at somewhere between the cash price and (the cash price - the adalytics cost), and $0 cost is exceedingly unlikely to be the exact boundary.
It only makes sense if you make the unsupported leap in logic that says that the cash price is itself promise to not use analytics. But you are willing to accept $0 adalytics-supported products, and FOSS exists and some has adalytics and some doesnt, showing that $0 is not any kind of meaningful boundary.
It also just works on Linux - video, screen sharing, window sharing, remote control, whiteboard. Moreover: recording, simple way to mute anyone as host, host less rooms. 1-100 peers? no problem. No need to create account for guests to participatie.
My take: Zoom is very approachable outside of enterprise. Skype (although historically has its roots with regular folks), is mostly used in a "Skype for Business" config. MS Teams is much the same way.
How does it fail to handle rooms of people? I ask because I’ve used consumer Skype to host a half dozen folks on two occasions in the past two weeks. Or is your definition of “room” larger than a mere six people?
So many replies here have identified the value of Zoom: it is easy to use and has reasonably good quality. So the questions I have: can we add to this? Are there ways to use Zoom more privately?
Personally I haven't seen many people offer up alternatives that are clear winners. They all have tradeoffs. Since there's tradeoffs I have a hard time moving people to some other direction. If I could says, "Oh Zoom is nice, but Schmooz is the best!" I know people who'd make the move. Even if it's paid.
Energy consumption. Half hour hangouts drains 30% of battery 3 hours zoom is roughly 5-10%. UX and performance the two major factors why we chose Zoom.
I think you hearing a lot about it because (a) everyone is quarantined and wanting to use the tools they use at work to help setup book club meetings, table-top RPG sessions (did this last night and it actually worked great), etc. (b) it's perhaps easier to use than some others, (c) there's likely a huge PR push right now, and (d) I believe its pricing is better for non-enterprise use than others.
My company's virtual meeting solutions are a mess; it's the one really messy area in our tooling. For the longest time we had GoTo, but then the dev team specifically also had hipchat for Slack-like interactions. Then hipchat went away, and for some reason the org took that as a cue to do an org-wide rollout of MS Teams, with no approval for us to use Slack. Somewhere along the way certain people somehow acquired Zoom licenses and started using those. Then just about two weeks ago the whole org was told to switch to Zoom, but now not enough people have licenses and all the old GoTo licenses are kaput.
Anyways, the reason I have heard various people from the business side give for why they like Zoom is "GoTo was too hard to use." I don't really see that, and I also wonder if there's some sort of 'FOMO' going on. A couple big vendors we interact with use Zoom, Zoom is big in the news currently -- "everybody uses Zoom!" I do also think it's maybe a bit cheaper at enterprise scale.
I don't mind Zoom from a UX/call quality perspective. I think Alt-A to unmute is super unintuitive but that's a very minor quibble, and for all I know shortcuts are customizable. I am, however, very discouraged by Zoom's privacy story as we're discussing here.
---
As my own side note, I am generally on board with almost everything MS has been doing lately -- we're mostly a MS shop as they help us with pricing, given we're a nonprofit, while AWS told us 'no chance' -- but Teams has to be the single buggiest MS product I've ever used. Just now, over the past month or so, I've noticed it very slowly improving. But for the first year of our usage, we experienced constant issues. Dropped calls, silent crashes, daily sync failures. My favorite one was, every time I would shut down Teams, it would relaunch itself a few seconds later with a message saying "sorry, Teams has crashed, we're recovering." Apparently every time the program received a shutdown msg it just assumed "oops, another crash."
Compared to the other ten or twenty videoconferencing solutions, it's the only one that has worked reliably and without accessibility issues for technical and non-technical people in my life. The automatic video and audio processing features make it so that a day-one user has as good an experience as a year-two user, and I haven't had to answer any technical support questions about it to my family.
FaceTime is the only serious competitor I can think of that's able to deliver as quality of a call experience in a 1:1 setting with non-technical participants, but it's inaccessible on Windows/Android for starters, and lacks the presentation chops to be used in a business setting.
To answer your last question - it works very well. I've used lots of virtual meeting software over the past 20 years, and zoom is by far the best.
I agree with your sentiment though - it makes me angry that they're selling my personal data. But sadly I don't think that any companies will voluntarily be non-skeezy...we really need laws and regulations in this space. I don't trust capitalism to take care of my privacy. If companies can get more money without breaking the law, they will absolutely do so.
Very very well. I haven't seen any issues with zoom and yet mine and everyone else's usage has gone up 10-100x. It's very user friendly and It Just Works.
Meanwhile, my company's VOIP acting funny. Conference calls not working. My wife was having issues with skype.
Yes, there are alternatives out there, but i'm yet to see one that is easy to use and reliable in the same way.
That, indeed, answers my last question, thank you. I suspected the answer might be along the lines of “it’s not a tech support shit show”, but my one opportunity to use it this week was cancelled. I’ll try again on Saturday for something someone else is hosting, and find out for myself.
> As quarantined millions gather virtually on conferencing platforms, the best of those, Zoom, is doing very well.
Why would Zoom care about their privacy issues if they're doing so well off? Seems like that's a good amount of positive reinforcement that their current approach is the right one to them. Maybe they'll lose a few thousand customers because of it, but given what I'm sure was a huge increase in the past few weeks, why would it be something they're concerned about?
The reason Zoom is doing so well is part of its vulnerability. There is very little vendor lock-in with virtual conferencing platforms. If something new/better comes out next month, there isn't much a company will give up by switching vendors. There is little to no infrastructure to setup/maintain. This is the same reason Slack's popularity has skyrocketed. Because of the lack of history and transient nature of the content shared in them, these areas are quick to gain popularity, but also quick to be replaced when a better product emerges.
Is it common to want to keep all that history? My understanding was it's best practice to delete chats after a certain period to limit the surface area of any potential legal discovery.
For a lot of industries, deleting internal communication is illegal. For any publicly traded company in the US, all internal communication needs to be archived for five years.
And it's equally emphasized, at many of those organizations, that all communication older than 5 years is deleted. Nobody wants to be burned by an ill-considered statement made in a decade-old IM conversation.
Do you have a source for this? I couldn't find anything regarding the 5 year time frame. I did find [0] which references a few different retention periods, especially at 7 years.
It's part of SOX. It actually requires the data be unencrypted, immutable, and available offline. Most corporations (large and small) do not follow this for email, messaging, wikis and many other services.
You are correct that there is history, but my point is that I don't believe the existence of long lived chat history (storing all messages longer than 3-6 months) will be a blocker for a company to switch to a better chat platform. Chat should not be looked at as a durable store of critical, long term information. Slack is trying to create a vendor lock-in that doesn't exist.
We switched from Zoom to Slack as soon as we realised we could use Slack and it’s much easier. But there is a 15 person limit so we’ll switch out for something else in a bigger meeting. It’s too easy to switch.
We have a few thousand conference rooms around the world wired from Zoom. Much of it is probably commodity hardware that could be reconfigured for another platform, but it would still be a massive undertaking.
The unfortunate wisdom in business is "nobody cares about privacy or security," and in my experience it's true. Outside a small number of people nobody even asks these questions.
With our own product ZeroTier we get maybe 1-2 questions a year about privacy and so far only a few enterprise customers have even asked about the security of encryption and authentication. "It's encrypted" is good enough for 99.9% of the market. Encrypted with what? A cereal box cipher? Nobody cares.
What do people care about? In my experience its ease of use, ease of use, ease of use, ease of use, and ease of use, in no particular order. An app that's a privacy and security dumpster fire but is very easy to set up and use will win hands down over a better engineered one that requires even one or two more steps to set up.
My experience is diametrically opposite to that. All of our clients are large enterprises and the security and privacy features are very closely examined during procurement literally every time. We haven't had a single client conversation that is remotely like what you're describing.
Might be because our clients are banks but they really care about this stuff.
Completely agree with this, banks care. They don't always care in the best of ways, usually it's just about ticking a box in a spreadsheet, but at least they ask.
Actually - you'll be surprised at the shadow IT going on at places like this. Users will literally BEG anyone who knows how to get around these systems how to do so.
It's why your banker might use their cell phone for a zoom client when everyone else is on a computer - their work computer is locked down. Govt employees often the same way. You'll notice they are doing the phone call in or phone client vs their computer.
Lot's of companies, zoom included, get in through the user side not the big webex / cisco type sales process.
I worked in a place some time ago where someone was hired with the unofficial (but generally known) job description of defeating IT restrictions and security policies so people could actually get something done.
It's very very hard to lock down a network without drastically impacting productivity, especially if you have any kind of science, design, or development going on.
I worked a job where to get something scanned you had to go the neighborhood mailbox place and FAX it to the fax number this org had so it would show up electronically.
I kid you not - obviously they had a deal on faxing for like 50% off, but it was still SUPER timeconsuming and pretty expensive.
Anyways, I configured one of their state of the art copiers to allow them to securely scan to users local folders. I set permissions dropbox style (upload, list but no read / download / delete). It was like I was a god briefly. Then someone in IT found out and the party ended big time.
Realize this isn't that long ago - we are talking some orgs / IT departments are SERIOUSLY retro. I could tell many funny stories (and some sad ones) about folks working around the IT department.
Another common IT workaround was that if a device was not on approved list (basically everything except some junky low bid stuff and definitely no no macs / no ipads) and you had a need (ie marketing / media department wanted to do something with kids shooting and editing video as a feel good, and ipads were great for that and the offical machines sucked) is they would hire a consultant to help them edit, and then put a procurement for the equipment through the consulting bill. Consultant got to mark it all up, but it didn't have to go through the IT purchasing process where ipad's were banned. Was time consuming but I saw it work.
Anyways, I know EXACTLY the type of org who buys these expensive video conferencing systems that fall over when you need them!
> With our own product ZeroTier we get maybe 1-2 questions a year about privacy and so far only a few enterprise customers have even asked about the security of encryption and authentication.
Why would people ask you that? You already put the answers in the public documentation.
I agree, but Zoom is a publicly traded company. Their incentives aren't necessarily aligned with the public good.
The question is "why should Zoom leadership care about the recent privacy concerns if the vast majority of their customers don't care?"
Their stock is up over 6% today while the market is down 4% (volatility caveats here obviously). So far the privacy concerns don't seem to be impacting the companies short or long term prospects, so I wouldn't expect the company to do the right thing.
Surely, though, there is a way for zoom to do both at the same time. That you and one of your sibling posts gives them some benefit of the doubt (or at least the appearance of it) is... sad.
I'm not sure where I gave the impression of being ok with what zoom is doing, but I'm not. I'm saying this is the expected course given the incentives we as a society have established for companies.
Hoping zoom and other companies prioritize the public good over profits is foolish, and the solution is to align profits with the public good.
It's because your response is the intellectual equivalent of throwing your hands in the air simply because you don't think you can have any contribution towards fixing the problem, and the only course of action forward is to simply describe why things are the way they are. It's complacent, and it's sad.
It's a lot like someone complaining about Trump being elected, and you respond with "Yeah, but we live in a Democracy". It's not a very helpful comment, and it doesn't get us anywhere except to keep us in the exact same place we are today.
>simply describe why things are the way they are. It's complacent, and it's sad.
>It's not a very helpful comment
I would think understanding the problem would be the first step to solving it. I'm not sitting here pretending I have all the answers. I saw an opportunity to shed some light on the situation so I commented. It seems weird to me that your critical of me for not contributing thoughts related directly to a solution, when you haven't contributed any thoughts about a solution either.
To each their own I suppose. But consider me thoroughly uninterested in discussing this further, which, seems to be what you wanted from me anyway.
It changes the culture. In my experience, Silicon Valley companies have more of a culture of growing at all costs. And they're either fanatical about privacy or they'll sell you out to the highest, middle, and lowest bidders all at once, then give it away free through an unpatched security hole too.
I think assholes that want to make money at any cost are everywhere, in every city in every country in the world. Let’s not be naive. Maybe California gives birth to a higher number of big companies that are also famous and so is more visible.
They are, but they aren't that concentrated and networked and their attitude isn't that ingrained in the culture. You'll always have assholes, but if you have few non-assholes, it's a culture issue, not an asshole-issue.
Maybe sf is an asshole magnet rather than an asshole breeder. Without sf they’d go somewhere else after all “if I didn’t then someone else would” is the ethical excuse of the asshole.
- Use the Facebook iOS SDK to measure conversions from app install ads
- Send a list of hashed email addresses to Facebook or other advertisers to do ad re-targeting
- Have Google Analytics on their websites to track where people are visiting their website from, i.e. a click on a Google AdWords ad
While these are all not _ideal_ because _yes_, Google and Facebook use this data for their own purposes as well, it's far from _nefarious_. In fact, it's pretty standard fare. Could Zoom go above and beyond and reject these tools? Yes, they could. Does anyone in practice? No.
If Zoom was selling metadata about their calls, leaking contents of their calls, or themselves served ads – then yes, I'd be concerned. But all indications point to them purchasing ads to further the growth of their business.
I think it is perfectly reasonable to seek guarantees around the usage of the above, more sensitive data (contents of video calls, metadata of video calls, etc.) but on the flip side to imply from their privacy policy that they are sending it to Facebook or that they are "in the advertising business" is jumping the gun a little bit.