summaryrefslogtreecommitdiff
path: root/content/entry/exposing-zoom.md
diff options
context:
space:
mode:
Diffstat (limited to 'content/entry/exposing-zoom.md')
-rw-r--r--content/entry/exposing-zoom.md4
1 files changed, 2 insertions, 2 deletions
diff --git a/content/entry/exposing-zoom.md b/content/entry/exposing-zoom.md
index a6d8396..e76d174 100644
--- a/content/entry/exposing-zoom.md
+++ b/content/entry/exposing-zoom.md
@@ -26,7 +26,7 @@ The [privacy policy](https://explore.zoom.us/en/privacy/) is always where it get
The recordings section is explaining that anyone in a Zoom call can record a meeting on their local device and save it and that Zoom acknowledges they have no control over this. Despite this, Zoom Phone makes it easier for customers to record calls. "Zoom Phone allows customers to record phone calls, receive voice mail recordings, and obtain transcripts of voicemail, all which may contain personal information and also be stored in our cloud". Privacy Policy. (2020, March 29). Retrieved May 23, 2020 from Zoom, Zoom privacy policy website, [https://explore.zoom.us/en/privacy/](https://explore.zoom.us/en/privacy/). Creating the transcripts happens automatically which means that the audio data of a call is fed into some automated system which has to listen to the call to create the transcript.
## Attention Tracking
-The section on attention tracking in the Privacy Policy explains that if the host of the meeting is sharing their screen, they can activate a feature called "attention tracking". This means the host can see whether or not the participants have the Zoom window open or are doing something else. This gives whoever the host might be (employers, teachers, etc.) power to invade the participants' computers (employees, students, etc.) to check if they are paying attention or not. Zoom does not give participants any kind of forewarning that what they are doing on their own computers is being monitored and sent to the host other than it being buried in the Privacy Policy which, let's be real, nobody reads. And even if people did read it, they still are not in a position to understand the significance of some of the data collected on them like IP address, MAC address, etc.
+The section on attention tracking in the Privacy Policy explains that if the host of the meeting is sharing their screen, they can activate a feature called "attention tracking". This means the host can see whether the participants have the Zoom window open or are doing something else. This gives whoever the host might be (employers, teachers, etc.) power to invade the participants' computers (employees, students, etc.) to check if they are paying attention or not. Zoom does not give participants any kind of forewarning that what they are doing on their own computers is being monitored and sent to the host other than it being buried in the Privacy Policy which, let's be real, nobody reads. And even if people did read it, they still are not in a position to understand the significance of some of the data collected on them like IP address, MAC address, etc.
It's peculiar how Zoom website obviously tries to give the overwhelming impression that you can trust the software, yet it's against their terms of service to reverse engineer it and their own privacy policy shows they collect enormous amounts of data that isn't strictly necessary or relevant to video conferencing. Do they really need your MAC address or know which OS you're using? But not only does Zoom obtain data when you are using Zoom. They obtain data from you even when you are not using their service.
@@ -72,7 +72,7 @@ The Facebook SDK isn't an isolated case either. Zoom didn't start caring about u
Another absolutely disgusting thing is that Zoom lied to customers again about not selling their data: "...we do not sell our users’ data, we have never sold user data in the past, and have no intention of selling users’ data going forward" Eric S. Yuan. (2020, April 1). Retrieved May 24, 2020 from Zoom, Zoom blog, [https://web.archive.org/web/20200523154804if_/https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/](https://web.archive.org/web/20200523154804if_/https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/). They did permanently removed the attention tracking feature which never should have existed to begin with. There is no mention of removing Google Analytics though.
## 90-Day Plan
-To play devil's advocate, I can go through [Zoom's 90-day plan](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) focusing all their resources on security and privacy to fix their platform. A few things they have done so far: only the host can screen share by default, participants need consent to be unmuted, audio indication for the waiting rooms, removing Giphy, and giving the host more control over the meeting. They also published a [draft crypto design](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) to redo their cryptography. It is apparently available for [peer review on Github](https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf). It's still early to see where all this goes. But given that Zoom hasn't ever owned up to selling user data in exchange for service, I don't have my hopes high.
+To play devil's advocate, I can go through [Zoom's 90-day plan](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) focusing all their resources on security and privacy to fix their platform. A few things they have done so far: only the host can screen share by default, participants need consent to be unmuted, audio indication for the waiting rooms, removing Giphy, and giving the host more control over the meeting. They also published a [draft crypto design](https://web.archive.org/web/20200523035015if_/https://blog.zoom.us/wordpress/2020/05/22/zoom-publishes-draft-design-of-end-to-end-encryption-offering/) to redo their cryptography. It is apparently available for [peer review on GitHub](https://github.com/zoom/zoom-e2e-whitepaper/blob/master/zoom_e2e.pdf). It's still early to see where all this goes. But given that Zoom hasn't ever owned up to selling user data in exchange for service, I don't have my hopes high.
# Use Jitsi Instead
Zoom is a [proprietary](https://www.gnu.org/proprietary/) platform. This means it is essentially a black box. As I mentioned earlier, this means it will always be less trustworthy than free software video conferencing solutions such as [Jitsi](https://jitsi.org/security/). [The Tor Project](https://x.com/torproject/status/1244986986278072322) recommended using Jitsi instead of Zoom. I haven't done much research on Jitsi yet, but if the Tor Project is saying to try Jitsi, I would use it over Zoom any day. It's also cross-platform and features actual end-to-end encryption. Even if Zoom implements end-to-end encryption, how can you trust it if it can't be independently reviewed by anyone and no one outside of Zoom can see the source code? How can you trust the implementation on desktop or mobile platforms? In short, you can't. No platform is perfect, however there are more secure and less secure solutions out there. And in general, you want to avoid proprietary programs because they cause the incentives to be aligned in such a way that Zoom will always have reasons to insert privacy-corroding features into their platform.