As a security researcher that has reported a number of issues to Zoom, I can say without reservation they are one of the most security negligent companies I ever worked with.
It was evident after multiple calls with their team they didn't employ anyone strong technically in their US offices and had no idea how to translate security issues, even obvious ones like DNS takeover, to their (I assume China based) eng teams.
The software was designed without security as even a thought as many researchers have demonstrated. To this day the clients expect administrative access for no reason. I refuse to install them and tolerate the webapp when people insist on Zoom.
A friend and I compiled this list to consider.
It's like a restaurant which has the absolute best food by a mile, so they remain in business despite the cockroaches and unfriendly waitstaff.
Most customers don't really care about privacy and security, they just want to pretend, and as long as they can easily pretend they're happy.
I'd accept Google self-selecting out of the market with their incoherent messaging strategy but that has nothing do with UX other than not needing to tell people to uninstall the old apps and install the current one.
As more and more people use Zoom, the friction of using it decreases as well, since you can more safely assume that people have used it before and are familiar with it - if not, they can still use it without making an account, and without downloading anything (though this has become a bit harder now).
Furthermore, Zoom was also one of the first solutions to let you simply call in with your phone (and put that option front and center), which also does not require accounts or any downloads.
There are probably many other things I'm glossing over here - UX is a holistic phenomenon after all, and requires many small things to feel right. I'm not sure whether you're arguing that Zoom did not have 10x better UX than anything out there when it launched, but if you are, I can't help but think you're being willfully ignorant.
I find your second part interesting because for years Zoom has tried to force you to download their client — you have to learn how to construct the web URL to generate links to use it in a browser since they removed the option from their web UI.
> I'm not sure whether you're arguing that Zoom did not have 10x better UX than anything out there when it launched, but if you are, I can't help but think you're being willfully ignorant.
I'm not sure why you're inclined to take such an uncharitable view but I'm coming at it from the perspective of someone who was relatively late to using Zoom (2020) and found it pretty similar to the competition. I used Skype, WebEx, Teams, Hangouts/Meet, and Chime professionally first and Facetime / Hangouts personally prior to that and the only one I'd say is 10x worse is Skype.
WebEx used to be a nightmare with a Java client. Maybe it's better now but I didn't use it for years on a computer. I had an Android tablet with the WebEx app and I used that. Luckily no customer of mine is using WebEx anymore.
I never used Chime and never heard about it until now.
Skype doesn't have URLs AFAIK. I used it with a small group of friends during lockdowns because it was the intersection of what all of them had. We rejoined the same call every time. It works well once started. Cumbersome to start.
Meet has the least friction: create a call, send a URL, click/tap to join. I don't remember if a Google account is required but everybody has one in this part of the world because of Android. It works well.
Teams has a mandatory download AFAIK, I got a customer that uses it. It works well once started. I have no idea if I can start a call without an Office 365 account. I remember that it asks me to login to that customer's Office.
FaceTime, never used because it's an Apple only thing. I don't have the hardware.
Duo, I think it improved since its launch but despite being in the phones everybody uses here, everybody makes call with WhatsApp. I think Google lost the network effect battle.
WhatsApp is the easiest to start a call with but no URLs, no calls on the desktop. The quality is not very good, maybe because people can have poor connections on their phones (mobile data or crowded WiFi channels.)
Telegram added group calls recently but I never used them. Network effects again and at least 10 times less market penetration. One to one calls where on par with WhatsApp.
I've had to use Teams in an educational environment for around two years, and thankfully it's never forced me into downloading their (frankly dodgy) desktop client.
It's always required a login to O365 for me. They try and manipulate you into using the app with their constant "Get the app" splash screens, though.
Under "Personal account users":
"Anyone who isn’t signed into a Google account can’t join your meetings."
This is a feature, not a bug: https://workspaceupdates.googleblog.com/2020/07/anonymous-us...
Although: "Note, this does not prevent users from dialing in by phone."
E.g. BigBlueButton and Jitsi were doing it for much longer.
Honestly - there's huge, massive room for better UX that would really revolutionize online communication:
- Presence indicator/avatar in your toolbar of close contacts or team
- Push-to-talk to send audio to anyone from toolbar with non-disruptive indicator
- Instant screen/mouse share from there with audio and floating video optional
- Just so many fluidity improvements if you do a more minimal video window that can add/remove people without friction
I really wish someone would build it.
It immediately sends an email and a slack message. An hour later, it asks if you want to send an SMS or call to Alice.
I have no idea why so many folks like Zoom; I find it to be less useful than either. E.g. using external monitor with different resolution is handled very poorly.
FWIW the competition was terrible for a time. I’ve never been on a BlueJeans call that wasn’t painful, Google Meet/Hangouts had terrible quality, GoToMeeting was neglected post-acquisition, slack killed their meeting product for a while, and WebEx was bloated. Join.me was my goto for a while, but now I use Jitsi when I get to choose, but usually end up on Zoom calls.
The “UX” in this case was “fixed” by being less crashy than the competition for long enough to earn a reputation.
As someone with a security background myself, I really hope organizations use it less and less, because the competition by now works just fine. But as a human living in the world, I don’t refuse to use Zoom, I just use it on my iPad and assume the conversation is intercepted somewhere.
You can join a call without signing up
I remember people pleasantly surprised that they just clicked a link and everything worked, instead of minutes of “click that button to enable video”.
I find Zoom’s interface terrible, but I’m not a good reference for average user.
There was definitely much more confusion when using Zoom than teams. How do I share my screen? How do I open the participants/chat when sharing the screen ... The interface especially when sharing a screen is absolutely horrible.
- It's multi-window (like WebEx). Whereas Teams and Meets is a single window interface
- It has a great many options and not all of them are immediately obvious. Like how filters are hidden behind then stop cam button
I'm not saying I'm a fan of MS Teams nor Google Meets either. But they do have a much slicker UI.
I've used the Mac, Linux and Windows client regularly up until 2 months ago (using pretty much the default settings) and since it's just been the Mac client.
When I had to do interviews recently I had to use a wide variety of Video Conference Software, and Zoom was the only one which had some arbitrary user unfix-able not configuration related problems.
Ok, slack also sucks bad if any part has a problematic internet connection, but I only ran into it after I had a new job ;=)
But yes, the UX is better compared to e.g. MS Teams, but MS Teams works way more reliable (for Video Conferences, assuming it's only used for that and no "fancy" business access control features are enabled).
I agree that zoom pushing the desktop app is bad though.
I agree that Zoom has had numerous security and privacy failings. I think it is important to color the characterization of their security teams with a timeline however.
Looking at that gist - the majority of the content predates the conclusion of the "90 day security plan" . The team, and product no doubt, has changed immensely in the past year. That doesn't wallpaper over the history here, but there is completely different security leadership (e.g the current CISO didn't start until late June 2020 ) and staffing in place at this point that means your statements on their team likely aren't reflective of Zoom today.
I have worked with companies with some of the best security people in the world who had no cooperation from engineering to roll out basic risk reductions like code review because it might mean slowing down velocity a bit. To be blunt, security people as often hired with big pairs of golden handcuffs in order to make security marketing more believable, regardless of the reality.
The only way to win back trust of the security minded at this point, is to do what strong competitors like BigBlueButton and Jitsi did: Open source, and invite anyone from the public to audit code and compile binaries as they like.
There is virtually 0 chance they ever do this, but if they did, I would gladly audit it for free out of public interest, and have no problem doing a 180 and actively recommending zoom if it becomes easy to verify it is as good or better than the competition at security and privacy.
For now I maintain my position of strongly urging all my clients to abandon Zoom in favor of historically honest and highly accountable alternatives that work just as well as Zoom without constantly pestering users to grant Zoom with blind sweeping remote code execution privileges on their systems.
I might be pessimistic but I don't think such a culture is something you can correct very easily, because it is anchored at the very top of the company.
To say nothing of the clusterf*ck that happens when two company-specific instances of Microsoft Teams try to communicate with each other and I'm left with a bunch of orphaned chatrooms with outside personnel after the meeting concludes.
Here's a few:
- https://meet.jit.si/ which you can also self host https://github.com/jitsi
- https://bigbluebutton.org/ which you can also self host https://github.com/bigbluebutton
That way you have an experience that's a lot like Slack/Teams, with pretty good support for chat, reactions, file uploads, discussions, making quotes etc., while also being able to start video/audio calls with the press of a single button.
Of course, if that's too many platforms, Rocket.Chat also supports WebRTC, albeit the UX was a bit less stellar when i last tried it.
Alternatively, there is also Nextcloud Talk, which can integrate with your instance of Nextcloud and allow for file sharing, chatting etc., though personally i found Rocket.Chat to be more usable: https://nextcloud.com/talk/
Regardless, those are some very competent options which allow all the data to remain on your own servers.
You then responded to this comment by just matter-of-factly asserting that you had the list of missing alternatives... but, really, you are simply hijacking the thread to point out that alternatives exist "which allows all the data to remain on your own servers"; but, you provide no evidence or argument to address whether these products are actually "comparable" (to the point where it just feels like you didn't even understand the point being made) in a way that, say, Google Hangouts--which is the product Google created WebRTC for!--isn't.
No nag screens trying to get me to install desktop clients or trying to get me to create an account or give up personal information.
It just works.
The experience of not having to login and fuss with accounts was great. However, when everyone had their cameras on + screen sharing, audio quality typically suffered.
These professors since moved on to use Zoom and it’s way more stable. I don’t like Zoom generally (for many of the reasons noted in this thread), but it’s definitely reliable.
The UI is terrible, I'll admit that, but the performance and scalability is better than Zoom.
We use it in our (closed source) online tutoring / whiteboard software, and it is pretty easy to integrate, by taking their videoroom sample code.
What is it you're looking for?
Perhaps I'm overlooking something?
In practice: BBB had server-side mute, so your muted microphone would still send audio to the server. Servers could be compromised through uploaded documents (processed by LibreOffice).
The biggest problems might have been fixed by now. But self hosting half baked software isn't an alternative to most.
People prefer the interface they are used to. I personally find Zoom to be really frustrating from an interface angle but that is probably just familiarity. Of course Zoom could have avoided such issues had they been more conscious of ethics.
I usually try to go with the charitable interpretation, but when the dark patterns start to stack up that high...
I've had some very confusing meetings because I worked at a company that required us to use web, but the presenter wasn't and what she was seeing didn't match us which led to some confusing scenarios. Things like the grid view weren't there last I used it and some of the more advanced presenter features just don't do anything for web iirc
You can even prepare your links this way so you're there to begin with.
So to this end, that "dark" pattern is ultimately to a user's benefit and they are truly better off if they use the native app. If Zoom did not do this, they would pay the cost in terms of support and perceptions that the service is not reliable, in much the same way that Hangouts is unusable.
Having said that, you should be able to acknowledge that you do want to use the browser and don't want to see the pattern again.
FWIW, my work uses Google Meet running through Chrome and it gets the job done for remote collaboration.
I would actually be curious to see some figures on the difference in performance between Browser and Desktop. I imagine that you can do a few tricks for compression and buffering on with a native app that would not be possible on a browser, but I haven't seen a big difference in terms of my ability to have a meeting.
Half the time, I can't join a meet with video, or the video works in the "test" window, but as soon as you join it's broken.
I'm mostly okay with Teems though.
Some anecdata, recently i had to switch from Teams to Zoom, with the same person, and the audio quality was drastically better on Zoom for both of us.
Like what in the actual fuck. How are they unable to do a simple grid properly? It’s just rectangles. The UI is there to copy from Zoom even.
That said, Gotomeeting is the worst of the bunch. They haven't added a useful feature in years, the CPU usage is terrible, their parasitic launcher is very difficult to get rid of, ugh... I'm surprised they're still around.
While Zoom usually only slows the frame rate, but not the resolution.
As the saying goes, never attribute to malice that which can adequately be explained by stupidity.
Never attribute to malice that which can adequately be explained by stupidity, unless it's Microsoft. Then it's definitely malice.
Bonus: it tells you when connectivity issues are on your end or someone else's end, everyone's network stats are visible.
Webex - which I have to use as part of a university course I'm doing on the side - requires you to run it in a browser on my OS, it has really awful options (like allowing the presenter to unmute people), half the claimed features just aren't available (virtual whiteboard, no major loss as everyone uses a shared google doc instead), and if you disconnect for some reason (like sound stops working which happens fairly frequently) you are kicked out of a group and you can't get back in.
You don't need to run it in browser at all, there are desktop (and phone) clients for every major OS out there. This shows that you are really not familiar with it.
Now it is still a crappy system, but for different reasons than you describe. And other solutions have their own problems, as indicated by article and elsewhere.
My university uses it as well, and the normal latest version of Webex is on par with Zoom. However for some courses the lecutrers use e.g. Webex Training which is barely usable garbage (but is the only version that has built-in quiz features).
I don't care about anyone else's OS. I have desktop zoom, desktop slack, and desktop MS Teams, all work fine. Webex has web only (which means no whiteboard -- which I'm told from people who do have supported desktops -- mac users I think -- isn't good), no joining of private rooms, and the awful spyyware ability of remote people to turn on your microphone without your permission.
Now you sound as if you are not familiar with it.
Looks like Webex added Linux(Deb & RHEL) on May 28, 2021.
Before that, you had to use their legacy java applcation which also necessitated you to *manually* figure out, then hunt down & install the missing dependencies. And it was still shit.
Maybe I am not doing a lot of meetings compared to others but I really haven't had more or less problems with Teams, Google products, or GoToMeeting (haven't used webex in a long time) ... compared to Zoom.
It's all a wash for me among those experience wise.
I constantly have various orgs tell me all about how they only use X video conferencing app because of Y experience. Most of those stories conflict ;)
There's also the annotate feature is super useful, which is missing in Teams and Webex. And also offers dial-in phone numbers in more countries then the rest.
Zoom's audio design is nicer too, compared to Webex has some very annoying beeps that are a pain in large meetings.
Regarding Teams, I have a computer with plenty of RAM, SSD disks and a high end work provided smartphone. Teams is super slow in both of them. I haven't been able to use the Exe version for weeks now because it's too slow. There is also no way to quote a chat using the Windows and Web version, so in order to quote chats I have to do it from my phone.
Every once in a while I have buggy Teams or Webex meeting, that ends with a "Hey you know, I'll just send you a Zoom link".
I notice you mentioned Google Hangouts instead of Google Meet, I'm not sure if they are the same now (too hard to keep track of these) but a brief google search seems to suggest they are not the same. If so, my past experience with Google Hangouts with friends would suggest it is indeed terrible. If so, you could give Google Meet a try.
I don't think those other platforms are inherently worse, we're just slightly more familiar with Zoom.
Zoom may be terrible from a security point of view; I dislike the fact that I may well have installed spyware on my machines; and I have absolutely no idea why in the nine hells the Android version complains that my phone is rooted (it should exist in a chroot!) but --- despite all of that --- it works.
Teams, in particular comparison, is like DIY dentistry with kitchen implements as surgical tools. It lags; it doesn't have a native client on any devices and turns them all into heaters; its codecs are nowhere near as good, and it can't display as many people on screen at one point in time -- and there's no private chat. I understand on one level why most organisations seem to want to force their staff to use Teams – it's "free" (if you already pay the microsoft tax) and comes with the corporation (±NSA) being the spying overlord, rather than "E2EE" (+China). However, I completely also understand why most users prefer Zoom. Frankly, I do too!
I know it's not perfect, but it's pretty reliable for me (and full disclosure, I work for a different subsidiary of Cisco - but I also try to be pretty critical of it since I'm close to it)
I don't use Zoom a ton, but I've experienced what feels like a similar amount of sluggishness and AV issues as I have on Webex. At this point I know I'm a bit too close to have a useful anecdote, I'm just surprised that Webex is still put in the same group as Teams / Hangouts / GTM.
Again, not trying to sway you, just understand a bit better.
Beyond that, I couldn't see the presented content in full-screen. There was a lot of junk in the form of perpetual UI elements for the "fullscreen mode".
These seemed like pretty fundamental misses for the platform to make.
I feel about Zoom like Garp felt about the plane that hit the house he was looking at buying. When the real estate agent said he wouldn't want to buy it now, he said The odds of another plane hitting this house are astronomical! and bought the house. I think it's unlikely Zoom will jeopardize their leadership by not taking security and privacy seriously.
* not taking security seriously can jeopardize their leadership (they're the de facto standard and no one cares about security as seen in these comments)
* Zoom is already taking security seriously - I seriously doubt it with all development being in China.
 It will occasionally leave artifacts on the screen if I put my laptop to sleep and wake it up. Just an empty rectangle in the notification area. I had to write a powershell script to cycle teams. And that's just one of the annoyances.
[Edit] Google Meet
If someone has shitty home internet (a COVID-era problem), then they should probably dial in separately and not use the meeting audio, but that's going to hurt you no matter what meeting tool you use.
What i find annoying about Teams, is the ability to use 100% CPU and 90% of the integrated graphics on a laptop.
Thankfully disabling GPU hardware acceleration have helped quite a lot.
- "Offer a comparable alternative then"
See the problem with this approach?
Who are obligated to provide an alternative? And why?
It's not like the police is obligated to give drug abusers something in return for the drugs that they are confiscating.
First, I’ve been working remotely over skype, audio-only, for over a decade.
Yet in 2020 and with the emergence of zoom, it’s suddenly become an expectation that everyone is incessantly and awkwardly staring at each other through screens for the whole workday.
Second, the few times I’ve used Zoom it’s been absolutely garbage, with video and sound dropping or just not there (this was a university paying for Zoom’s services).
Yet I use teams everyday, and while I have plenty of complaints about it, at least I can get the sound and (screen-sharing) video that I actually need for my work.
> Second, the few times I’ve used Zoom it’s been absolutely garbage, with video and sound dropping or just not there (this was a university paying for Zoom’s services).
Yeah that absolutely sounds like bizzaro world. Zoom somehow works a lot better than anything else, IME. (I wish it didn't, there are many things I don't like about it)
But yeah, I fully accept that other people have generally found Zoom to be better than the alternatives. Friends that teach (university in this case) says it’s been a godsend.
- de https://datenschutz-hamburg.de/pressemitteilungen/2021/08/20...
- en (auto) https://translate.google.com/translate?sl=de&tl=en&u=https%3...
With corporate IT, it's either MS Teams because it's installed "by default" on enterprise workstations and managed at the O365 level, or Zoom or Cisco WebEx, all managed centrally by IT.
In our experience with these services, Zoom has been more reliable, and the quality of service for video and audio has been generally better than the rest, specially Teams. At the end of the day, this is all that our enterprise users care about.
When running calls across organisations, it invariably ends up as a zoom meeting since Teams is flaky for someone, or WebEx doesn't allow someone to share their desktop.
Another significant but underrated factor is the non-tech and non-enterprise market. Friends and family in their seventies and eighties default to zoom for their weekly or monthly catch-up sessions and get-togethers because "it just works". My neighbour who's in her late seventies is an editor for a small news magazine for the community, and zoom is her choice to collaborate with others on their articles.
People don't want to bother with security until there's a massive breach somewhere, or it affects their business, or it's mandated by legislation or certification requirements.
Zoom seems to come from the Seminar/Presentation mindset. By default no one can join until the host does, only the host can share their screen and no one except the host can mute other participants. Most of the default ACLs can be relaxed if the organizer changes their default meeting settings but most people won't.
Google Meet seems to assume some level of trust between the participants which matches my use case much more. So by default anyone can share their screen when they need too and if someone forgets to mute themselves when they take a call someone else can help them out (I have seen a Zoom meeting that had to be abandoned because someone took a call thinking they were on mute.)
I'm not saying that the Zoom defaults are "wrong". In fact they are the safer defaults. But for my most common use case of a meeting between people in the same company the Meet defaults work much better. (Although it is nice when a meeting gets "canceled" because the organizer is out sick and no one can join /s)
I'd love to use Google Meet and save some money but the audio and video quality looks like a cheap trick compared to Zoom. My users complain endlessly about this. We discovered Zoom a few years back because we were desperate to get away from Hangouts.
I expect their client does a lot of work around clearing up audio and similar whereas you'd need to do that on the server-side (and accept the lag) for Google Meet unless you can use WebAsm to clean up the audio stream possibly. I don't know if developers have that access.
I guess Google could solve this but it would require some considerable resources. I think this is one of those situations where video calls are a hobby for Google but they're the entire business for Zoom.
(Note that DPA means Deutsche Presse Agentur in German, so we don't use that term over here)
Well, my org uses Teams and I don't know anyone who uses Zoom professionally.
In my experience, Zoom is the standard when you are dealing with the public at large. Teams/Hangouts/WebEx, etc are the go to options when dealing with an internal organization where all of the users are "known" ahead of time.
As a result, a lot of companies bought licenses because Zoom was the cool tech at the time. My company did this, despite there being an official mandate that all official communication/calls must go through Teams the year prior†.
I think the persistence of Zoom is just whatever the tech equivalent of a hangover is. Everyone binged on Zoom in 2020, and now that we're far more comfortable with work from home and have more stable setups, a lot of places are stuck with Zoom licenses. Embarrassingly, our company's periodic all-hand-calls still are on Zoom when every other operation is done on Teams. I think our brand team also decided to host a few presentations on Zoom when we presented in the US for the sole reason of "well, it's cool."
† I have no love for Teams to be clear, it's awful software. I do understand IT's mandate though, since the entire point of the mandate was to get people to stop installing random stuff on their work computers, which turned out to be a great idea when it comes to Zoom.
Zoom has the absolutely BALLS to sell a product called "ZoomGov" they say is more secure or whatever, but who wants to bet it's the same code running on different servers? They're also claiming HIPAA compliance, which I'm also certain is a complete lie.
They don't care. They'll say literally anything, and pay whatever fines happen if they get caught.
I think last year someone from the accounting department suggested cancelling Zoom because we had meetings already included in Teams.
It caused quite a commotion from the Zoom users a few minutes after we learnt about it. The plan was promptly cancelled.
Executives charged with coordinating attacks against citizens outside China, on behalf of the PRC. 
They recently settled a class action for lying about having E2E encryption. 
Teams' codebase is apparently so bad that it's not fixable and they need to rely on others to rewrite the runtime for them.
For good measure it also subscribes to the media keys on the keyboard. To mute your microphone you might think, but no, to play the dial tone twice when pressing play/pause for your music! Very useful, thank you Microsoft.
It is not electron.
Keybase, once a popular favourite on HN, lost a lot of street cred when Zoom bought them out in early 2020.
Zoom and Keybase at the time insisted this was all very good news as it showed Zoom was deeply committed to improving their security posture.
Apparently, not so much.
Other than WebEx, which is more cost-prohibitive and has a clunkier UI/UX to boot, I believe there are no other video conferencing apps that can provide the service I'm looking for (which is 1. E2EE, and 2. support for 50+ attendees).
_Is_ there anything else that can provide this, besides Zoom or WebEx?
(After lying about it for years)
Theranos-level of “fake it til you make it” and they actually did make it…
Correct. But currently, as far as is known, they actually do provide it. Which, practically, is what matters because other than WebEx there are no comparable alternatives that I'm aware of.
I have extensively tested Jitsi and it does not do what I need it to do (support E2EE video conferencing for teams larger than 50 people).
People recommend Jitsi all the time, but I have yet to see any real-world cases of people actually using E2EE Jitsi meetings for large teams.
Plus you can self-host it. So you're only limited by the machine you host it on.
I would like to hear real-world examples of people successfully conducting large-scale E2EE meetings over Jitsi. What setup did you use?
It's also not a video conferencing platform.
Yes, it is: https://telegram.org/blog/group-video-calls.