[threatofrain]

From https://zoom.us/privacy:

> Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products. We may gather the following categories of Personal Data about you:

> - Information commonly used to identify you, such as your name, user name, physical address, email address, phone numbers, and other similar identifiers

> - Information about your job, such as your title and employer

> - Credit/debit card or other payment information

> - Facebook profile information (when you use Facebook to log-in to our Products or to create an account for our Products)

> - General information about your product and service preferences

> - Information about your device, network, and internet connection, such as your IP address(es), MAC address, other device ID (UDID), device type, operating system type and version, and client version

> - Information about your usage of or other interaction with our Products (“Usage Information”)

> - Other information you upload, provide, or create while using the service ("Customer Content"), as further detailed in the “Customer Content” section below

[kelnos]

So, all this doesn't sound great, but... the specific accusation in the tweet is that they're tracking other applications that are open. Their privacy policy does not say they do that, and the Zoom twitter account says they don't either[0]. Now, it's a matter of trust, of course (and after [1] I wouldn't blame people for a lack of trust), but to state authoritatively that Zoom tracks other open applications seems like completely unsubstantiated fear-mongering.

[0] https://twitter.com/zoom_us/status/1241768006327336963

[1] https://www.schneier.com/blog/archives/2019/07/zoom_vulnerab...

[gsich]

All points are so vague that this behaviour might be in either:

- General information about your product and service preferences

- Information about your device, network, and internet connection ...

- Information about your usage of or other interaction with our Products

- Other information you upload, provide, or create while using the service

[kelnos]

Sure, as I said, the privacy policy isn't great, but the tweet specifically accused Zoom of tracking and recording what other applications people are running. There seems to be no evidence of that.

[blakesterz]

This is the part that is not so reassuring:

Does Zoom sell Personal Data?

No part of that paragraph makes me feel better, and it ends with this...

" If you opt out of “sale” of your info, your Personal Data that may have been used for these activities will no longer be shared with third parties."

[Nextgrid]

> your name, user name, physical address, email address, phone numbers, and other similar identifiers

My problem with this isn't the info they collect, it's how they would collect it, which this privacy policy doesn't seem to clarify.

As it stands, this policy technically gives them the right to crawl through all my personal files or even listen using the microphone to search for and collect this information.

I'm not saying they are doing this, but the policy is not reassuring. I wish there was enforced legislation (so GDPR is excluded, as regulators don't give a fuck) to curb this. There should be a legal requirement describing exactly the information collected, how is it collected, transmitted, sorted and which third-parties it is given to, if any.

[lloeki]

Could it be CYA legalese because there’s a screen sharing feature?

[manigandham]

This is standard language to cover everything in normal use. Billing details is obvious. Profile info is provided when you signup and use the service. The system info is used to run and optimize the calls.

Zoom isn't actively scraping your info, and there's 0 evidence of anything in the Tweet.

[jjoonathan]

Lawyerspeak: "It's just boilerplate."

Translation: "Yeah, that's one of the parts where we really screw you, but you don't have a choice, lol."

[manigandham]

You have a choice to not use Zoom.

[jjoonathan]

Sure! Except it was mandated by your boss. Or you have a choice between a bunch of offerings with the exact same screwball terms. This might not actually be true for videoconferencing now that it's getting somewhat democratized and competitive.

Point is: "just boilerplate" is just rationalization. An honest person would never present it as comforting and a knowledgeable person would never find it comforting. Of course, the world is full of dishonest people, so it gets used all the time. Hence "lawyerspeak."

[blacksmith_tb]

True, though you could dial in from a phone (even a landline), unless you were being asked to not only attend but also share your screen.

[manigandham]

Do you refuse to use any other software mandated by your company? What's the difference?

It's standard policy to cover any potential personal data that they might receive. What is your concern exactly? That they shouldn't spell it out? That would be illegal under current data regulations.

[lostmsu]

The receipt from the top comment about joining from the browser works nicely.

[kachnuv_ocasek]

Not really if your lecturer or boss requires it for lectures, meetings or team communication.

[manigandham]

What information do you not want to share that you think they have but don't need?

[CivBase]

Yet.

There is an incentive to do so and they have taken measures to legally protect themselves if they do. That's grounds enough for alarm, even without evidence of them actually doing it.

[manigandham]

Alarm for what? It's enterprise video conferencing tech. They make their money from subscriptions. Your personal data is rather useless to them and now a liability under data regulations.

Worrying about Zoom here (and I'm not sure the tweet is accurate) seems to ignore all context of the product and business.

[CivBase]

> Alarm for what?

That privacy policy is a clear indication that Zoom is only concerned about protecting themselves at all costs. They may not be acting maliciously, but they clearly aren't dedicated to acting ethically either.

I'm not saying it's an emergency, but a privacy policy like that should at least set off some warning flags for a privacy-concious user.

> They make their money from subscriptions. Your personal data is rather useless to them...

I don't care if the data os valuable to them as long as it's valuable to someone.

> ...and now a liability under data regulations.

The liability is worth it if the price is right.

[manigandham]

Every company will protect themselves. Why is this controversial? Please list the companies that open themselves up to litigation and show me how that's ethical.

"as long as it's valuable to someone"

This is so vague as to be meaningless. What about your browser, ISP, OS, phone, and the million other services that you use? Context matters.

"The liability is worth it if the price is right."

Are you claiming that a company selling enterprise video tech for 100s of millions and operating under all the latest data regulations is somehow trying to squeeze out a few pennies by selling some worthless data while risking massive lawsuits?

[raverbashing]

Yes if you use the app you need to enter some information for example, profile, login to an account, etc

That being said, I don't see anything surprising on the list.

> such as your name, user name, physical address, email address, phone numbers, and other similar identifiers

That sounds like billing information

[aquadrop]

These don't look that bad, but what's describe in a tweet (tracking focus app etc) is much worse, it doesn't seem to be in the privacy policy though (or they masked it?). So where's the information about focused window come from?

[neonate]

Your name, physical address, email address, phone number, employment, credit card, Facebook profile, IP address, MAC address, device ID...is not that bad?

[aquadrop]

These are technical details for normally working with the app. They charge you, so they need you name and credit card. You ask for a support, so they need your ip etc. They list what they may gather, because privacy policy should cover everything, doesn't mean they require all that info at once. I also didn't provide them many of these items.

[manigandham]

That data is either required to run or provided to them by you directly.

[gsich]

MAC address? Unless they have some Layer2 detection shit running they don't need that. And besides, they wouldn't need it on their servers.

[manigandham]

They have to name every possible thing they can potentially receive. Mac addresses are available as part of networking details if you're using their desktop software. Zoom is enterprise video conferencing that only recently gained attention for average consumers.

[gsich]

>They have to name every possible thing they can potentially receive.

Then they are missing a lot.

[neonate]

I haven't provided them with most of that.

[manigandham]

Then they don't have it.

[neonate]

How do you know that? These statements leave other possibilities open:

It covers all Personal Data that you affirmatively provide during your interactions with us, information that we automatically collect when you interact with our Products, and information that we collect about you from third parties

Whether you have Zoom account or not, we may collect Personal Data from or about you when you use or otherwise interact with our Products.

[Turing_Machine]

How are they supposed to charge you for the service without your credit card billing information?

How is it supposed to work at all without your IP address?

[deathhand]

There is a feature for when doing webinars that can track focus:

https://support.zoom.us/hc/en-us/articles/115000538083-Atten...

[vpzom]

That's awful.

[riteshpatel]

It only tracks if the Zoom window has focus, not via facial recognition. How is that bad?

[gsich]

What value is that if I have multiple monitors?

[robin_reala]

The GDPR’s specific, granular and informed clauses for opt-in couldn’t have been more timely. I wonder how long it is before Zoom have to stop providing services to the EU?

[neonate]

That's shocking. How are they able to collect this?

[dahfizz]

Is that a technical question? All of that information is immediately available because you typed it in when you made your account, or because of the nature of the internet.

Seriously, you've given this information to any service you've ever signed up for and / or ran.