In this month of March many more people are working from home and are in need of video conferencing software, and while I have been working from home quite a bit for twenty years, video conferencing is something I’ve seldom required.

I’ve tested a number of programs, but the software I like best and which works best for me so far is Zoom. It’s fast, has a decent UI, works where I need it, does screen/app sharing the way I think it should be done, and it comes in a free tier as well as several paid tiers.

But I keep hearing stories of how horrendous its privacy policy is, and in the course of a week there have been multiple people swearing off Zoom.

It started with this tweet thread subtweeted by someone who’s opinion I have valued. At the time of this writing this tweet has 40k likes and 15k retweets:

tweet from ouren

— “Whether you have Zoom account or not,” the company’s privacy page states, “we may collect Personal Data from or about you when you use or otherwise interact with our Products.”

All’s you gotta do is search for “Zoom attention monitoring” and read their privacy policy. (Their policy is that there is no privacy) Tech startups can neve be trusted. Ever.

Additional information from the EFF

and the last tweet in the series seems to be the money shot:

I don’t have a real soundcloud, but here are various links where you can buy our games, request keys, hire our services and more: listography…./poppyworks (we only work on games, not infosec, sorry!)

Then I get a Unix person telling me

it’s about uploading the process list of the system for the focus detection. it seems it’s not simply done client side, but instead they pull the list, meaning, all your ssh sessions with destinations

aw, come on, do we really believe that? Zoom would be slaughtered if that were true, right? Why should they do that? The app can simply check whether it has the active window.

Then there’s this piece (link removed 2022-JUL b/c broken and domain sold) which oozes FUD in my opinion:

Whenever you host a call, you have the option to activate Zoom’s attendee attention tracking feature

Yes, it’s hidden in the settings. So what? That means to me that the host can see whether the Zoom window is active. My Zoom window won’t be active because I’ll be taking notes in a separate (active) window. To me that’s not a privacy issue.

that piece goes on to say

This feature only works if someone on the call is sharing their screen.

Which takes care of a multitude of calls, dunnit. Next.

Of course, just because you are not viewing the Zoom screen does not mean you are not paying attention or doing work. Furthermore, this feature cannot always reliably gauge if you have clicked away from the call. It only works on version 4.0 or later of Zoom apps and is not as reliable if you attend a Zoom call through your web browser rather than an app.


You should also be aware that if a host decides to record the call so it can be played later, Zoom saves a TXT file of the chat messages from the meeting and shares it with your boss

So what? Those are public messages. Anybody who’s used IRC knows about that. Then:

According to its support page on the subject, “the saved chat will only include messages from the host and panelists to all participants.” However, it does not clarify what will happen to direct messages between attendees.

It does clarify that; the piece has just said so one sentence earlier: “the saved chat will only include messages from the host and panelists to all participants”.

According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, …

Oh really? The privacy policy clearly says may gather the following categories of Personal Data about you. The key word is “may”. And how they want to gather my physical address is beyond me; I didn’t specify one when signing up, and if you don’t sign up you can still participate in invited calls. How are they going to get your physical address then?

The piece closes with

Last year, ..

Yes, last year. Today is this year.

Convince me that this is not all FUD. I’ve yet to see any proof of the “spying” people are clamoring about.

Further reading:

The end.

conferencing :: 23 Mar 2020 :: e-mail