To Zoom or not to Zoom

In this month of March many more people are working from home and are
in need of video conferencing software, and while I have been working
from home quite a bit for twenty years, video conferencing is
something I've seldom required.

I've tested a number of programs, but the software I like best and
which works best for me so far is Zoom. It's fast, has a decent UI,
works where I need it, does screen/app sharing the way I think it
should be done, and it comes in a free tier as well as several paid
tiers.

But I keep hearing stories of how horrendous its [1]privacy policy is,
and in the course of a week there have been multiple people swearing
off Zoom.

It started with this tweet thread subtweeted by someone who's opinion
I have valued. At the time of this writing this tweet has 40k likes
and 15k retweets:

[2]tweet from ouren

-- "Whether you have Zoom account or not," the company's privacy page
states, "we may collect Personal Data from or about you when you use
or otherwise interact with our Products."
https://www.inputmag.com/tech/zooms-attention-tracking-is-ripe-for-mis
use-abuse

All's you gotta do is search for "Zoom attention monitoring" and read
their privacy policy. (Their policy is that there is no privacy) Tech
startups can neve be trusted. Ever.

Additional information from the [3]EFF

and the last tweet in the series seems to be the money shot:

I don't have a real soundcloud, but here are various links where you
can buy our games, request keys, hire our services and more:
listography..../poppyworks (we only work on games, not infosec,
sorry!)

Then I get a Unix person telling me

it's about uploading the process list of the system for the focus
detection. it seems it's not simply done client side, but instead they
pull the list, meaning, all your ssh sessions with destinations

aw, come on, do we really believe that? Zoom would be slaughtered if
that were true, right? Why should they do that? The app can simply
check whether it has the active window.

Then there's this piece (link removed 2022-JUL b/c broken and domain
sold) which oozes FUD in my opinion:

Whenever you host a call, you have the option to activate Zoom's
attendee attention tracking feature

Yes, it's hidden in the settings. So what? That means to me that the
host can see whether the Zoom window is active. My Zoom window won't
be active because I'll be taking notes in a separate (active) window.
To me that's not a privacy issue.

that piece goes on to say

This feature only works if someone on the call is sharing their
screen.

Which takes care of a multitude of calls, dunnit. Next.

Of course, just because you are not viewing the Zoom screen does not
mean you are not paying attention or doing work. Furthermore, this
feature cannot always reliably gauge if you have clicked away from the
call. It only works on version 4.0 or later of Zoom apps and is not as
reliable if you attend a Zoom call through your web browser rather
than an app.

Duh.

You should also be aware that if a host decides to record the call so
it can be played later, Zoom saves a TXT file of the chat messages
from the meeting and shares it with your boss

So what? Those are public messages. Anybody who's used IRC knows about
that. Then:

According to its support page on the subject, "the saved chat will
only include messages from the host and panelists to all
participants." However, it does not clarify what will happen to direct
messages between attendees.

It does clarify that; the piece has just said so one sentence earlier:
"the saved chat will only include messages from the host and panelists
to all participants".

According to the company's privacy policy, Zoom collects reams of data
on you, including your name, physical address, ...

Oh really? The [4]privacy policy clearly says may gather the following
categories of Personal Data about you. The key word is "may". And how
they want to gather my physical address is beyond me; I didn't specify
one when signing up, and if you don't sign up you can still
participate in invited calls. How are they going to get your physical
address then?

The piece closes with

Last year, ..

Yes, last year. Today is this year.

Convince me that this is not all FUD. I've yet to see any proof of the
"spying" people are clamoring about.

Further reading:
 * [5]Hilfe...ist "zoom" etwa eine Datenschleuder?
 * [6]Zoom iOS App Sends Data to Facebook
 * [7]Zoom Removes Code That Sends Data to Facebook (a day later)
 * [8]Zoom needs to clean up its privacy act
 * [9]Ever wonder how zoom macOS installer does it's job? It's a bit
shady ...
 * [10]Zoom: a message to our users
 * [11]Trusting Zoom?

The end.

References

  1. https://zoom.us/privacy
  2. https://twitter.com/Ouren/status/1241398181205889024
  3. https://www.eff.org/deeplinks/2020/03/what-you-should-know-about-online-tools-during-covid-19-crisis
  4. https://zoom.us/privacy
  5. https://www.datenschutz-guru.de/zoom-ist-keine-datenschleuder/
  6. https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account
  7. https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook
  8. https://blogs.harvard.edu/doc/2020/03/27/zoom/
  9. https://twitter.com/c1truz_/status/1244737672930824193
 10. https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users/
 11. http://www.circleid.com/posts/20200406-rusting-zoom/

You are viewing proxied material from serf.jpmens.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.