Zoom

Update: 3/31/2020

Over the last few days, several more occurrences of bad practice to downright misleading/false advertising (claiming end-to-end encryption) and contacts/info leaking have cropped up. To clarify, the growing picture that Zoom goofed once with the inclusion (and non-disclosure) of Facebook SDK data sharing — which again, isn’t that heinous — is appearing to be more of a culture of security and privacy being an afterthought and/or growth and cost over everything else. Gross negligence at best to outright deceit at worst.

Because of this, Zoom is quickly gaining a reputation of the facebook of business conference products, and that is a terrible place for them to be in. For now, if you really care about privacy / security, it may just be worth it to hold off on jumping on board the Zoom gravy train (if you hadn’t already).

Original Post

For those relatively new to the working from home and remote tools who may have started zoom recently and/or seen the very recent news about zoom and Facebook data…. multiple truths and things to note here. On the surface, you should care about this. That said, it seems to be getting blown out of proportion to a degree.

TL;DR — If you’re new to working from home and now worried about using Zoom because of the 5-alarm blog posts being dumped online the last few days, pump the brakes and take a second to evaluate the actual issue and why the net change, for most, is likely 0.

1. Yes — in the past, Zoom had a terrible security hole with a hidden web server: https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability

* This was BS and very worthy of concern

2. Public disclosure of what is done with your data is absolutely important and should be required by law

3. Which leads me to this — Most recently / currently, it has been revealed that Zoom sends your data to Facebook even if you don’t have a Facebook account: https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account

To point 3, I say this is largely irrelevant for most people.

* if you have a Facebook account and/or have the app(s) installed on any devices and/or use Facebook to login into other sites, and zoom is sending it there (to Facebook), who the F cares. You don’t really have any moral high ground to stand on here. They already have far more of your data than Zoom is giving them.

* At this very moment, I am using no less than a dozen services which *all* track me and/or send my data elsewhere for free, at least, and at worst, sell it to various 3rd parties.

* Since I am willingly using so many other services that are already selling my data or using it, the all-of-a-sudden (almost fake) outrage for Zoom feels…. off. What Zoom is doing is no different. That is not an excuse that stands by itself. In a perfect world fully isolated from data harvesting, if Zoom was the only one doing this, sure, ratchet up the alarm. But in the current here and now, the biggest thing Zoom is guilty of is lack of disclosure.

• Note: this isn’t meant to discount the lack of disclosure because that’s a pretty big thing. And it’s never a positive story finding out this way.

All that said — you may be asking why should anyone use Zoom or how could they possibly have gotten so popular? It’s simple, really — their product doesn’t suck. In fact, it’s quite good. Actually, it’s better than most other products out there and comes with a free tier that is fine for most people.

Everything from app UI/UX, call quality to featureset is at least as good as or better than a lot of other big hitters out there from the likes of Microsoft (Skype), WebEx (Cisco), Hangouts (whatever name or version Google calls it now), and so on. The excitement and popularity around Zoom is valid.