Zoom Can Spy on Your Calls and Use the Conversation to Train AI, But Says That It Won’t

This is why we need regulation:

Zoom updated its Terms of Service in March, spelling out that the company reserves the right to train AI on user data with no mention of a way to opt out. On Monday, the company said in a blog post that there’s no need to worry about that. Zoom execs swear the company won’t actually train its AI on your video calls without permission, even though the Terms of Service still say it can.

Of course, these are Terms of Service. They can change at any time. Zoom can renege on its promise at any time. There are no rules, only the whims of the company as it tries to maximize its profits.

It’s a stupid way to run a technological revolution. We should not have to rely on the benevolence of for-profit corporations to protect our rights. It’s not their job, and it shouldn’t be.

Posted on August 15, 2023 at 7:03 AM28 Comments


Petre Peter August 15, 2023 8:23 AM

I did not know I had a right to online privacy until I read Professor Schneier’s book Data and Goliath. Thank you for all your work.

Ted August 15, 2023 8:39 AM

That’s tough with the ZoomIQ feature (which can use AI to summarize chat threads, etc.)

So if an account owner enables it, a participant has two choices at the start of the meeting “Leave Meeting” or “Got It”?

The calculus going through participants’ minds 🙃

Also, would anyone using a Zoom Pro, Business, or Enterprise account be squeamish about this??

Sean August 15, 2023 8:56 AM

Next year:

We will be training our AI on selected recorded videos, unless you opt out per video….

Year later:

We will be training our AI on all recorded videos, unless you opt out per video

Year later:

We will be training our AI on all videos, including deleted and opted out ones.

Clive Robinson August 15, 2023 10:05 AM

@ Bruce, ALL,

Re : stupid way to revolution

“We should not have to rely on the benevolence of for-profit corporations to protect our rights. It’s not their job, and it shouldn’t be.”

But who’s job is it…

In theory us through the elected representatives who become the legislators.

But who are the legislators going to listen to,

1, The electors who might have voted for them.
2, The lobbyists who give them inducements.

Where those inducments are paid out of the profits of those corporations.

About ninety years ago Upton Sinclair in his book about the dirty side of US Politics noted,

“It is difficult to get a man to understand something, when his salary depends on his not understanding it.”

Thus as voters we must never forget that as long as we alow it, we will always play at best second fiddle to the distribution of profit earned by corporates who require legislation for yet more profit.

Break the loop, break the problem.

JC August 15, 2023 12:11 PM

@ Clive

“Break the loop, break the problem.”

This is exactly why we need free speech, and the ability to protect that free speech from tyranny.

AC August 15, 2023 12:43 PM

This continues to show that when entities use the term “End to End Encryption”, they typically fail to mention that they consider themselves “one of the legitimate ends” without telling you about that.

modem phonemes August 15, 2023 4:01 PM

Everything has an appropriate context and size, and to exceed the natural limits is irrational deformed growth. (Aristotle Politics). This seems to describe the quasi-monopolies of Big Tech.

Chesterton, G. K. Unbusinesslike Business, essay collected in Utopia of Usurers (1917)

“The big commercial concerns of to-day are quite exceptionally incompetent. They will be even more incompetent when they are omnipotent. Indeed, that is, and always has been, the whole point of a monopoly; the old and sound argument against a monopoly. It is only because it is incompetent that it has to be omnipotent. When one large shop occupies the whole of one side of a street (or sometimes both sides), it does so in order that men may be unable to get what they want; and may be forced to buy what they don’t want. ”

There would seem to be a market opportunity for businesses that would do things properly. Why don’t we see competition arise ?

lurker August 15, 2023 4:37 PM

“why don’t we see competition?”

Sherman? Clayton? FTC?
See also US Senate,

Clive Robinson August 15, 2023 5:36 PM

@ AC, ALL,

“This continues to show that when entities use the term “End to End Encryption”, they typically fail to mention that they consider themselves “one of the legitimate ends” without telling you about that.”

The problem is technically and mathematically they kind of have to be “one of the legitimate ends”.

The fact that most don’t realise it will mean we will see the problem over and over again superficially different, but fundamentally the same. And each time people will be “hurt” in that “their privacy will be invaded”.

I’ve mentioned it before back towards the begining on the up-tick on the usage of Zoom and Meetings.

When people sit around a table to talk they “broadcast” to all” at the table. But they do not think about it in terms of individual communications paths.

When two people converse two “Shannon Channels” AB and BA are required.

When three people converse six “Shannon Channels” AB, AC, BA, BC, CA and CB are required.

When four people converse twelve “Shannon Channels” are required.

And so on, for N participants you end up needing (N^2 – N) channels.

In effect the total bandwidth rises by N^2 so with a dozen people as all to often happens with certain types of “meetings” you would need 144-12 or 132 Shannon Channels.

This is not managable and most of the time only one channel or two is in use at any one moment.

Thus technically a simple solution where bandwidth only goes up as a simple function of N is to form a central switching point or “star system”.

You have N channels going into the hub and N channels going out. However the outbound channels are effectively all the same being the summation of the N input channels of only which one or two are active at any point.

The key to this solution is,

“The summing of signals at the hub”

It works fine with unencrypted signals but with the likes of “Block Encryption” can not be done[1]. So to alow an N party system to work with only 2N channels of bandwidth carrying N+1 sets of information the summation has to be done in “plaintext” thus those N input channels have to be decrypted at the central hub before they are summed, then the output from the summer re-encrypted before being sebt out of the N output channels.

Worse unless further encryption is used on each output channel they “stand in witness” to who the communicating N parties are simply because they will be by easy inspection the same. Thus act as a “distinguisher” via observable meta-data so almost instant…

If people do not know this effects all “shared channel” systems including the likes of “group texts/messaging” then they will provide easy meta-data to an attacker. Which is what “Traffic Analysis” is all about at the end of the day, and in many ways is considered more important than conventional cryptanalysis…

[1] In theory with stream encryption providing everything is sychronized you can “sum the key streams” as well as “sum the ciphertext streams” and subtract one from the other. But the synchronisation is a nightmare so somebody always ends up using a single key stream for multiple plaintext streams. This is a major “NO NO” as it instantly fails to a “message in depth” attack that is at heart a “Key Reuse Attack”. A similar issue arises with the current asynchronous ciphers.

vas pup August 15, 2023 6:19 PM

@Bruce said “Of course, these are Terms of Service. They can change at any time. Zoom can renege on its promise at any time. There are no rules, only the whims of the company as it tries to maximize its profits.”

That could be resolved by mandatory requirement to provide to the government (or reliable gov contractor) dated and digitally signed by company officials copy of any policy; privacy, information usage and sharing you name it. So, when policy is changed, government should immediately get updated copy which should be available for free access by consumers.

That would be kind of external control and ability to publicized such bad changes to put company image down. But time and again who is going to listen? who really care except two months before next election?

vas pup August 15, 2023 6:23 PM

Grooming cases at record high amid online safety laws delay

Read the whole article – that is extract:
“Encryption roadblock

However, ministers have recently had to defend the Online Safety Bill against a backlash from some tech companies, who argue the law will undermine the use of encryption to keep online communications private.

Some platforms are threatening to leave the UK altogether rather than comply with the new rules.

Kate Robertson, senior research associate at Citizen Lab – an organization where researchers study security on the internet – =>told the BBC that “we shouldn’t be drilling more holes in internet safety”.

=>She said encryption “is an important source of safety for vulnerable individuals and it’s also an important safety net for privacy itself”.

Rani Govender, senior policy officer at the NSPCC, said: “We don’t think there’s a trade-off between safety and privacy, we think it’s about investing in those technical solutions which we know are out there, that !!!!!!can deliver for the privacy and safety of all users on these services.”

!!!But the NSPCC also wants assurances that the legislation will regulate new technologies, such as artificial intelligence (AI).

Chief executive of the Internet Watch Foundation, Susie Hargreaves, echoed this, calling for robust safety features to be brought in.

“Without them, end-to-end encryption will be a smokescreen for abusers, helping them hide what they’re doing, and enabling them to continue to hurt children and destroy young lives,” she said.”

NobodySpecial August 15, 2023 11:00 PM

Didn’t Zoom change course last Friday? Remarkably fast for such a large corporation tabout face. Must have had some “interesting” board meetings…


Zoom has updated our terms of service and the below blog post to make it clear that Zoom does not use any of your audio, video, chat, screen-sharing, attachments or other communications like customer content (such as poll results, whiteboard, and reactions) to train Zoom’s or third-party artificial intelligence models.” Zoom said it also updated in-product notices to reflect the change.

It’s not all good. There’s more in the nitty-gritty. Still need government oversight. But for now, the market has voted with their feet.

Ted August 15, 2023 11:20 PM

@PaulBart @vas pup, NobodySpecial, All

I’ll take written contracts for 200, Alex.


I just saw that the Software Freedom Conservancy (SFC) is inviting FOSS contributors to apply for access to BigBlueButton’s open source video chat software.

SFC refers to an analysis that figured it could take 30 hours just to read Zoom’s Terms of Service. Even then, they said, if someone did not have training in reading contracts it’d be hard to know what anyone’s really agreeing to.

Ted August 16, 2023 7:46 AM

@PaulBart @vas pup, NobodySpecial, All

Re: Terms of Service read time

Relooking at this, perhaps they meant the read time was 30 min rather than 30 hours. I’m sure it feels like 30 hours though. 😉

Even so, the word count for the more current ToS in the original post is now over 14,000 words. At 240 WPM, that’d be an hour of reading.

Another article references Zoom CPO Smita Hashim’s blog post who says:

Different contracts exist for customers that buy directly from us, including enterprises and customers in regulated verticals like education and healthcare, and updates to the online terms of service do not impact these customers.  

Clive Robinson August 16, 2023 7:53 AM

@ NobodySpecial, ALL,

Re : Ask not which way the wid blows, but from whence it comes.

“Didn’t Zoom change course last Friday? Remarkably fast for such a large corporation tabout face. Must have had some “interesting” board meetings…”

The change of tack may not have anything to do with “corporate” intentions but what is happening in the technological playing field.

That is the Corporation has a destination in mind, and they realy don’t care about the journey as long as it’s fast and efficient.

A few months back investors and others appeared to be going nuts over LLM AI as being the “next sure thing” throwing cash at it like it was confetti. Now however a lot of truth, facts and figures about LLM’s and AI in general has come much more publically into play.

Less obvious is the crypto-cash backlash, with lots of suppused Billionaire’s in home arrest or heading to jail and long court cases. With investors asking the question “where’s my money” to find the piggybank is not just empty it was never realy there, as Peter payed Paul but the bank claimed the credit to Paul but not the debit from Peter, thus double booked etc[1].

What dawned on people were the stories of Nvidia becoming the first trillion dollar chip company. They started not just listening but paying attention when told those GPU prices were from people running,

1, Crypto-cash mining rigs.
2, LLM model builders.

And realising in both cases a lot of dollars were going to Nvidia and also to burning fosil fuels and other non replacable resources in vastly increasing quantaties. But the only output was a bunch of numbers or bits on a hard drive that could not answer the “Show me the money?” question.

Worse two other things,

1, Those numbers have no legal protection as they are not property so have no actual value.
2, All of a sudden those playing with the first generation of numbers were heading for what might as well be infinite punishment.

So almost over night people started to realise that this LLM AI was in all probability just another very high risk speculation with all the investment scooting out the back door to “suppliers” but the only real money coming in was only from “investors” with potentially big jail terms and massive fines a short journy down the road. Thus stopping any potential return quicker and deader than the Lyall’s wren to just one “fat cat”[2].

So the corporate board probably decided “Shareholder Value” was not going to get increased by LLM AI any time soon… however the risk to their bonuses by adverse AI publicity was potentiall very immediate.

I’ve previously pointed out three things about LLM AI that will be interesting to watch,

1, If you are going to invest don’t invest in LLM companies but the companies that LLM depends on like Nvidia.
2, The only return from LLM AI curently is by enhancing “Surveillance Capitalism” as evidenced by the Silicon Valley Corps driving it forward.
3, Venture Capitalists having lost Web3 and NFTs / Smart Contracts to creat a highly profitable for them bubble faux-market were starting to pump LLMs to replace it.

The first has sofar been correct if you look at Nvida share performance V Meta/Facebook etc. However unless Nvidia can find a new premium market for their GPU’s or an alternative…

The second is still true, though there does appear to be some LLM value in models with tightly curated input that is both factual and not variant (think the harder ends of science).

The third is kind of what this thread and my post is all about. Because it looks like either the bubble has not got going or has halted. Either way caution appears to be the investment direction currently so wild / rampant speculation has not yet happened and by the looks of it may not.

Let’s come back in a year or two to see which way fortunes winds have blown from 😉

And before anyone asks, no I’ve no skin in this game, other than the price of the popcorn in my kitchen cupboard.

[1] There is a semi legitimate form of this trick which is “churn” where you say each dollar in circulation causes say ten times the economic activity. Unfortunately it can be easily misunderstood with some thinking there must be ten dollars to spend on consumables etc that show no return after purchase.

[2] The story of the Lyall’s wren is about ecological disaster and species extinction in as little as a year due to a pregnant cat and her offspring. For several species that fat cat was the start of an existential pandemic. As a side note, Lyall was an amateur naturalist and recognised the wren as a new species, so claimed the naming rights. However the process short as it was resulted in Lyall’s claim on naming the wren beong accepted and notified to him after the wren was extinct.

If you happen to go to New Zeland and encounter the inbound restrictions on biologicals as I once did, just think of Lyall’s wren. My encounter was to travel to NZ wearing a pair of mud encrusted walking boots that had got that way during the journey. On seeing them i was ordered to remove them and they were taken away and I had to sit there answering numerous officials questions. My boots were returned to me sparklingly clean with new laces, and my ears were ringing with the stern warnings about not doing it again as NZ took protecting it’s native wild life seriously…

Clive Robinson August 16, 2023 9:05 AM

@ vas pup, ALL,

Re : Grooming on the increase

“Grooming cases at record high amid online safety laws delay”

It’s a “dog whistle” / “think of the children” put up piece, not journalism.

The delay in the law is for very good reason, people are starting to understand it’s not only draconian, it is just not going to work to catch competent criminals and it’s going to create significant vulnerabilities that will be exploited by all maner of more competent crooks, including those who hold positions of authority. Also the motives of those behind the push are distinctly questionable.

But first the all important “why it won’t work”. In the article they give a story about a girl being groomed seven or more years ago, there are two important things to note,

Firstly :- “He convinced her to download a different, secure messaging app, and send him explicit images of herself.”

Secondly :- “Aoife said she remembered a primary school lesson about a digital “panic button” run by the Child Exploitation and Online Protection Centre (CEOP) and accessed it.”

The groomer knew back seven years ago that he had to make the communications secure against the authorities and others.

If you pre-encrypt the traffic before it becomes traffic, it won’t get picked up and probably will never become evidence if “key handling” is done correctly.

It’s the equivalent of making a secure channel inside an insecure channel. Edward Snowden demonstrated this could be secure and remain so a decade ago. And Juilan Asange has demonstrated what happens when “Key Handling” goes wrong thanks to a moronic vainglorious book writing journalist with no apparent morals or ethics.

The lesson is that the proposals to stop E2EE not only won’t work, they “can not work”. This is so well known that Apple decided to “try to intercept the plain text” by puting the equivalent of “Spyware in the OS” and were then apparently “shocked and surprised” at the backlash and attacks so promptly dropped it. The resulting publicity has now made it clear that the on device “spyware” option is not going to work either.

The take away that everyone should take on board, was that the “groomer” was not caught by any “automated technology fix”.

Read the second extract from the article I’ve given. She by herself from “education” went to a website and clicked on a link. Effectively,

1, She told someone
2, She was believed
3, The authorities followed through.

(sadly in the UK the last two steps just don’t happen in what some claim is over 8 out of ten cases).

As I’ve said I suspect this is a “put up piece” and the people pushing it are in effect “crooks”. In the case of CEOP the man in charge at the time most certainly did not have clean hands, as I’ve mentioned before, and a look into his past especially during “Operation Ore” and previously “during the troubles” will shock many people.

I could say more about them but they tend to hide out of sunlight and pull strings. They pretend that their motives are pure and for National Security, the reality is anything but… As the likes of Cambridge Analytica –offshoot of SCL Group– “Political Data Scandal” demonstrated the very dirty hands of “buying influance” is “not just a Russian thing”.

But what every one should remember is that banks abd the financial industry have “externalised risk” onto merchants and customers by forcing through “On-Line Accounts” to increase the Banks profits.

As part of that process personal financial security has been weakened to the point that On-Line fraud is considered to now be the major form of fraud.

Any attack on “privacy” by banning E2EE or puting “Spyware” on communications devices will cause On-Line Fraud to rise further. And do many more times harm to children than CSAM currently does. Such is the cost of “On-Line fraud” it destroys thousands of families and kills childrens life chances.

reba r August 16, 2023 9:36 AM


Relooking at this, perhaps they meant the read time was 30 min rather than 30 hours. I’m sure it feels like 30 hours though.

It’s one thing to read the words, but if one hasn’t attended law school, it’s likely to take quite a bit of background reading to understand them. I’m not sure people know what it means when they agree to indemnify a company, for example (if someone says “Bob was mean to me” in a lawsuit, whether or not that actually happened, Bob may now be responsible for paying the entire corporate legal bill). And if someone outside California agrees that the contract shall be interpreted under the laws of California, that could mean a lot of laws to look through—and lawsuit records, to find case law.

Lawyers learn this stuff over several years, and then still have research terms to help them out. One could argue that 30 hours is an underestimate. Although, judging by the way people talk when password managers are referenced, many of them must already have already done quite a bit of background reading. Unless they’re agreeing to things without reading them…

I think it’s actually a big problem. In 5 minutes, I could walk to the grocery store next door, grab a container of peaches, feed 4 dollars into the self-checkout, and walk back. I could send a 10-year-old with no legal training to do that. If I want to use the store’s web site to place a delivery order, though, I’ve suddenly got to hire a legal team. For a hundred years, implicit contracts (like “if you take a product off the shelf, you’ve got to pay before leaving the store”) were enough. Web services are doing this because they can, not because there’s any need.

lurker August 16, 2023 4:22 PM

@reba r
“use the store’s website”

When you walk to the store next door you go on a sidewalk operated by your local town council, paid for with local taxes, subject to local bylaws. When you use their website, unless it’s one of the very rare true Mom ‘n Pop websites, do you know where the server is located, or the warehouse the goods come from? In the US the transaction could likely be subject to laws governing Interstate Commerce and Wire Transfers. That’s before considering the delivery drivers and how many hands the goods pass through before arriving at your doorstep, or the payment arrangements between your bank and the store’s bank.

Even the implicit contract gets stretched at times by people who pick up the goods off the shelf then try to leave without paying. The mind boggles at the mechanics of trying to prevent that on the web.

vas pup August 16, 2023 5:00 PM

Why it matters where your data is stored

“There is a concern in Europe about digital sovereignty, the region’s ability to control its own data and technology.

For example, Europe is heavily dependent on US firms for cloud services – the remote computing and data storage services dominated by US companies including Amazon and Microsoft.

This has been a potential cause of problems, when the data of European customers is stored in a US cloud service, as there can be a conflict between the laws that apply.

The General Data Protection Regulation (GDPR) requires organisations in the EU to protect personal data, and the UK has equivalent data protection laws.

!!!At the same time, US laws give intelligence and law-enforcement services broad powers to access data.

That conflict was underlined In May, when Facebook was fined a record €1.2bn (?1bn) for having inadequate safeguards for data sent from the EU to the US.

However, in July the European Commission decided that the new EU-US Data Privacy Framework, which US firms will be able to join, gives “an adequate level of protection” for personal data transferred to the US.

“The American authorities have the right to go in and see any data that is stored in an American cloud, even if the data centre is in Europe,” Mr Astrom says.

“We don’t want any foreign states to be able to access information stored by European customers or companies.”

Mr Astrom is the founder and chief executive of Evroc, which is headquartered in Stockholm.

The firm believes there’s an opportunity to create what it calls Europe’s first “sovereign hyperscale cloud”.

That means it’s fully under the jurisdiction of European law, and it’s big enough to rival the major US cloud providers: Amazon Web Services (AWS), Microsoft and Google. They have a 65% share of the world cloud market between them, according to Synergy Research Group.

!!!Evroc has secured €15m in seed funding and plans to build eight data centres in Europe in the next five years. The first will be a large pilot data centre in Sweden next year.

Mr Astrom sees technological independence from the US as a critical aspect of digital sovereignty.

“We’ve seen the US restricting certain components from being exported to China,” he says. “Let’s say there is a conflict in China and Taiwan. What do you think will happen if computing is a scarce resource? Do you think the US will look after its own interests or help their European friends?”

Cloud computing firm Ionos already positions itself as the European alternative to US tech giants, out of the reach of the US Cloud Act.

That’s the law that gives US authorities access to data stored by US cloud companies, even if they’re outside the US. The request must meet the legal standards for a judge to issue a warrant.

Ionos develops all its software in Europe, and its European servers are isolated from the US.

“It’s about trust,” says Rainer Straeter, its head of cloud development and digital ecosystems. “Do we really think that the Cloud Act will [hit] a small business around the corner? We don’t know. This ‘don’t know’ makes us a bit nervous.”

“AWS will challenge any law enforcement request for customer data from any governmental bodies where the request conflicts with EU law, is overbroad, or we otherwise have any appropriate grounds to do so.”

None of the European cloud providers can build everything on their own to compete with AWS,” says Mr Straeter. “The resources available are not enough. We have to take the European way, be a bit cleverer than anybody else, and define standards. If all the [European] cloud providers were able to share an ecosystem, we would be much stronger than AWS, Google and Microsoft.”

“The first amendment says as long as you’re not causing direct harm to somebody, you can say whatever you like, and set yourself up in whatever way you like. The UK is [asserting its] digital sovereignty and saying this is harming our citizens, and therefore we want social media companies, while they’re in our jurisdiction, to operate in this way.”

Data laws in the UK and EU apply to citizens, even if their data is processed overseas, he says.

“If you are holding personal data of residents from the UK and the EU on US servers, you’re caught within the UK and the EU legislation,” says Mr Weston.

“Concerns that EU companies and citizens have about their data being exported outside of the EU to countries with different privacy regimes are valid, but it’s important to remember that the EU-US Data Framework that recently came into force does provide safeguards for the use of personal data by US national security agencies.”

reba r August 16, 2023 5:13 PM


When you walk to the store next door you go on a sidewalk operated by your local town council, paid for with local taxes, subject to local bylaws.

No, there’s no public land between me and the store, though I don’t see what difference that would make or how taxes or bylaws are relevant. Having to agree to a bunch of legalese doesn’t protect me; scammers would write it entirely in their own favor, or just copy text from some legitimate site, and I’d have to do a chargeback.

The mind boggles at the mechanics of trying to prevent that on the web.

Trying to prevent people from… picking goods up from a website and walking out without paying? Indeed, the mind does boggle.

I’ve always had to send payment before such sites would send anything. Sure, in theory I could do a fraudulent chargeback later, but that’s illegal whether or not I’ve agreed to a contract forbidding it, and I don’t have the anonymity I’d have in a retail store.

I was just reading a story about product returns: apparently, some online retailers have 40% of their sales returned. That’s gotta be a bigger “problem” than whatever these long-winded “agreements” are trying to solve, but they use the convenience as a selling point and eat the cost.

PaulBart August 18, 2023 7:50 AM

@Vas Pup
“Do you think the US will look after its own interests or help their European friends?”

“Bah bah “, says Bubba, “‘Merica farmers number one, bah.”
“Nein “, says Franz, ” mein farmer iz ze best in Germany. I getz guut nz fat with my penzshon unz shocolate.”

US and EU, dividing up their farms. This was predicted decades ago. But who will own South America and Africa, the elite and corrupt Chinese, Americans, or EUns?

Winter August 18, 2023 9:34 AM

@vas pup

“Concerns that EU companies and citizens have about their data being exported outside of the EU to countries with different privacy regimes are valid, but it’s important to remember that the EU-US Data Framework that recently came into force does provide safeguards for the use of personal data by US national security agencies.”

The UK does not have a constitution and parliament can push and retract any law it wants at any time. But if they play that hand, the economic consequences would be devastating so we will be safe on the short time.

The USA has laws that protect only their own citizens and US courts will not protect anyone’s privacy at all, but most certainly not foreigners. US Congress will not even protect anyone who is not a US voter (cf: Puerto Rico disaster, Guantanamo Bay). There is no one that the USA will honor the GDPR.

Max Schrems has already started work on his third EU court case against this agreement. He got the previous two overturned.

Winter August 18, 2023 9:44 AM


This was predicted decades ago.

Every prediction will come true eventually if you wait long enough.

But who will own South America and Africa,

In a generation, Africa will own us, Europe and the USA. In 2050 the expected population of Africa will be ~4.5B, almost as big as all of Asia. By then, South America will have a population twice that of North America.

lurker August 18, 2023 4:05 PM


Why shouldn’t Africa and South America own themselves? They seem quite capable:
Heart of Darkness
Goiania Incident

Leonard Britvolli August 25, 2023 12:22 PM

Despite Zoom’s denial of spying on calls and using conversations to train AI, there are several factors that have contributed to these concerns:

  1. Data Collection: While Zoom claims not to monitor meetings or collect user data for advertising purposes, it does collect certain types of data for legitimate business purposes. This includes information such as IP addresses, device details, and usage patterns. Although this data collection is primarily aimed at improving service quality and troubleshooting issues, it still raises concerns about privacy.
  2. Third-Party Integrations: Zoom allows users to integrate various third-party applications and services into their meetings. While these integrations can enhance functionality, they also introduce potential vulnerabilities and privacy risks. If a third-party application has access to meeting content, there is a possibility that it could collect and utilize that data for its own purposes.
  3. Security Breaches: Zoom has faced security breaches in the past, which have further fueled concerns about potential unauthorized access to user data. These breaches have highlighted the importance of robust security measures and the need for continuous improvement in protecting user privacy.

Zoom’s Efforts to Address Privacy Concerns:

In response to the privacy concerns raised by users, Zoom has taken several steps to enhance its privacy practices:

  1. Transparency and Communication: Zoom has made efforts to improve transparency by providing detailed information about its privacy practices on its website. The company has also been proactive in communicating updates and improvements related to security and privacy.
  2. Security Enhancements: Zoom has implemented various security enhancements, including the introduction of E2EE, stronger encryption protocols, and improved meeting controls. These measures aim to provide users with greater control over their meetings and protect their privacy.
  3. Independent Audits: To further assure users of its commitment to privacy and security, Zoom engaged third-party firms for independent audits of its security practices. These audits help identify any potential vulnerabilities and ensure compliance with industry standards.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.