back to article Yeah, that Zoom app you're trusting with work chatter? It lives with 'vampires feeding on the blood of human data'

As the global coronavirus pandemic pushes the popularity of videoconferencing app Zoom to new heights, one web veteran has sounded the alarm over its "creepily chummy" relationship with tracking-based advertisers. Doc Searls, co-author of the influential internet marketing book The Cluetrain Manifesto last century, today …

  1. Yet Another Anonymous coward Silver badge

    Ban hammer has begun

    Memo just came down not to discuss any sensitive information on any sharing platform teams/whatsapp/yammer/etc

    Not clear exactly how to work from home without sharing anything

    Followed by a highly confidential all-hands meeting about Q1 financials on webex

    1. Dan 55 Silver badge

      Re: Ban hammer has begun

      Not clear exactly how to work from home without sharing anything

      One of the self-hosted options from this list?

      1. Yet Another Anonymous coward Silver badge

        Re: Ban hammer has begun

        Look at you with your fancy "able to choose the best software for the job" superpowers

        We aren't allowed VPNs because of "security".

        1. Dan 55 Silver badge
          WTF?

          Re: Ban hammer has begun

          Well that's a policy which goes against most current IT practice.

      2. Charlie Clark Silver badge

        Re: Ban hammer has begun

        I found Mattermost remarkably easy to set up and some friends had some fun over the weekend using Jitsi for the multimedia side. But running stuff yourself is not an option for a lot of people.

      3. Cove

        Re: Ban hammer has begun

        Have any one of you tried Troop Messenger for self-hosting? ...anyfeedback will help. I did try their Saas on trial and kind of liked it.

    2. Anonymous Coward
      Anonymous Coward

      Re: Ban hammer has begun

      The best way to work from home without sharing anything is to junk Windows 10, read the privacy statement that it delivers when you install it, Microsoft has access to everything if you are using Windows 10. Sure, you can turn off some of the sharing but they will fix that with the next "undate" (sic).

      1. NetBlackOps Bronze badge

        Re: Ban hammer has begun

        For now, until I ditch Win10, I run O&O Shutup10 after each update.

  2. SW10
    FAIL

    More fool me

    Early adopter of the paid service who evangelised Zoom to others who were on Skype

    Maybe I should move to Google Hangouts...

    1. Anonymous Coward
      Anonymous Coward

      Re: More fool me

      isnt whatsapp end to end encrypted? It is also far more responsive and smooth for me than hangouts

      1. big_D Silver badge

        Re: More fool me

        Except all of your contacts' details are sent to Facebook's servers to be stored. It is not GDPR compliant.

    2. NATTtrash Silver badge

      Re: More fool me

      I agree with you. We too are/ were very happy with the (paid) Zoom service, using its "healthcare" option. Its quality is (much) better than alternatives, due to the many clients the local OS became insignificant, and furthermore the option for participants to call in by phone (as in phone call, not Zoom phone app, think Lync comparable) was extremely helpful. We did see, after taking out the Zoom paid scheme, a sudden daily Zoom bot visits...

      35.185.117.20 [29/Mar/2020:01:52:16 +0100] GET /robots.txt HTTP/1.1 200 3835 - ZoominfoBot (zoominfobot at zoominfo dot com)

      35.185.117.20 [29/Mar/2020:01:52:16 +0100] GET /robots.txt HTTP/1.0 200 739 - ZoominfoBot (zoominfobot at zoominfo dot com)

      35.185.117.20 [29/Mar/2020:01:52:17 +0100] GET / HTTP/1.0 200 3702 - ZoominfoBot (zoominfobot at zoominfo dot com)

      35.185.117.20 [29/Mar/2020:01:54:15 +0100] GET /robots.txt HTTP/1.1 200 3835 - ZoominfoBot (zoominfobot at zoominfo dot com)

      35.185.117.20 [29/Mar/2020:01:54:16 +0100] GET /robots.txt HTTP/1.0 200 739 - ZoominfoBot (zoominfobot at zoominfo dot com)

      35.185.117.20 [29/Mar/2020:01:54:16 +0100] GET / HTTP/1.0 200 3702 - ZoominfoBot (zoominfobot at zoominfo dot com)

      ...thought it was weird and remarkable, showing that TLDs of given email addresses were "probed" actively, the IP with a whois turned out to be Google, but since it seemed to go only after robots.txt left it as a peculiarity. Maybe we should revisit that, especially since we're talking "paid service" and "Zoom for Healthcare" here...

    3. steviebuk Silver badge

      Re: More fool me

      Google Hangouts is fucking awful and the general public version is going away. You'll only be able to use it within gsuite

  3. Anonymous Coward
    Anonymous Coward

    Hmm

    Zoom seems to be the meeting WFH channel of choice all of a sudden. Including school staff. And while good luck to them for most school staff meeting content (if that's an appropriate word) at the moment that virtual staff meeting might be used to share more confidential stuff, like the status of vulnerable kids. So there are real concerns there.

    1. chivo243 Silver badge

      Re: Hmm

      We've been resisting users request for Zoom, as we use GAfE and Google Meet. I forwarded this article to our Data Protection Officer and App Integration Specialist plus my team and I got a fast response from one member of the team with Zoom's response:

      "We sincerely apologize for this oversight, and remain firmly committed to the protection of our users' data," Zoom said in its statement.

      https://appleinsider.com/articles/20/03/27/zoom-ios-update-removes-feature-that-sent-user-data-to-facebook

      So, one hole plugged in iOS, how many others are they still exploiting?

      1. Doctor Syntax Silver badge

        Re: Hmm

        "We sincerely apologize for this oversight, and remain firmly committed to the protection of our users' data,"

        I doubt my reading of statements like that is ever the same as that hoped for by those who make them. What was the oversight? What use are they protecting it for and by whom?

        There should be a very clear test here: can collection and retention of user data (other than that needed to make the serice work) be turned off and if it can does the provision of the service depend on its not being turned off? A "no" to either must surely be a GDPR failure.

        1. Maty

          Re: Hmm

          'We sincerely apologize for this oversight'.

          Oversight: error of omission, lapse

          or

          supervision, surveillance, inspection.

          I wonder which one they are apologizing for?

  4. Cave-Homme

    Back to GTM and Skype then!

    I’ll be removing it tomorrow and back to GoToMeeting and Skype.

    1. Yet Another Anonymous coward Silver badge

      Re: Back to GTM and Skype then!

      The nice thing about Microsoft knowing all your intimate data is that they will just use it to market using Windows to you.

    2. Pascal Monett Silver badge

      Re: Back to GTM and Skype then!

      Why not give Teamspeak a try ?

      At least, with Teamspeak, you can host the server and know exactly who is participating. Every other solution depends on Someone Else's Server, and you have no idea what they're doing.

      1. seven of five Silver badge

        Re: Back to GTM and Skype then!

        Teamspeak is fine. And it is dual use, just like enriched uranium :)

      2. Irongut Silver badge

        Re: Back to GTM and Skype then!

        Because TS still sucks donkey balls. I can't remember when I first used TS but it is well over a decade and it has always been complicated to set up, complicated to use and generally terrible, especially when compared to modern comms software like Discord, Slack or Teams. Any time a gaming group wants me to use TS I go elsewhere.

      3. Captain Scarlet Silver badge

        Re: Back to GTM and Skype then!

        I think because everyone wants the option to dial in.

        Other than that yeah Teamspeak or Ventrillo are more than capable for conference calls and simple to setup, if its to hard there are still companies renting out services.

  5. Chris G Silver badge

    Colour me surprised!

    A FREE video conferencing app that slurps, how unusual is that?

    Does nobody check out the permissions and at least have a quick look at the privacy terms before downloading and using?

    Maybe it is time for legislation that requires all apps to state clearly up front their slurpage requirements from a user whether the app is free or not.

    1. seven of five Silver badge

      Re: Colour me surprised!

      When you may use it without paying for, chance are YOU ARE the product, not the customer.

      1. Terry 6 Silver badge

        Re: Colour me surprised!

        If you pay for Zoom, according to the reports, they still steal your info.

    2. John Brown (no body) Silver badge

      Re: Colour me surprised!

      "Does nobody check out the permissions and at least have a quick look at the privacy terms before downloading and using?"

      What;s the point? Even the paid for ones pretty much cover all the bases in the T&Cs. "We *may* slurp all your data and do what the fuck we like with it". Good luck finding anything that doesn't have something like that in the EULA. And of course your privacy is important to them. The last thing they want is the competition getting your private data as well, at least not without paying for it.

    3. Anonymous Coward
      Anonymous Coward

      Re: Colour me surprised!

      Well I do, and I even read articles like this one. But when you're being asked to use it for work you end up looking at that privacy agreement with a sinking feeling thinking, "how much of a fuss do I want to kick up about this."

      Would be less galling if we didn't already have Teams which everyone has an account on and is already using fine. And of course those aren't the only chat apps the various teams (small t) want to use.

  6. ovation1357

    What are the alternatives?

    Like many others, I have very recently dived into using Zoom on a daily basis - I'm even paying real money to use it. A particular driving factor was that the company's "approved" choice of Microsoft Teams was proving itself to be highly unreliable and extremely buggy. I'm hearing stories from many people about how they or their friends at other companies are abandoning Teams and heading to Zoom because of similar problems and/or a strong dislike of its utterly terrible user interface.

    This seems to really be a game of Teams Vs Zoom so far as I can tell:

    Is there an alternative to Zoom with a better track record and less spooky privacy policy? An alternative that also offers easy access from Windows, Mac, Linux, Android and iOS? An alternative which can display a screenfull of lots of simultaneous video participants as opposed to just 4? (I'm looking at you again Teams!)

    I'm guessing there isn't, which is why zoom has become so hugely popular.

    Zoom is a joy to use and has worked flawlessly for me and my colleagues (and for personal calls to my family) e over the past two weeks so it's disappointing to suddenly hear a load of bad press about its security and privacy today. I hope that Zoom will react to this and quickly improve the worst parts of its policy.

    However my inner cynic does wonder whether Microsoft or some other interested competitor could be behind the new, widely reported and 'strenuously denied', rumour that the MoD has banned the use of Zoom. That's the bit that the major newspapers are running with even though its probably not even true.

    This interest seems to stem from a nasty bug from July last year which only affected the Mac version of the client and was fixed in August. (https://www.cvedetails.com/cve/CVE-2019-13567/). They've only ever had 4 CVEs and nothing since that last one.

    Okay, so their privacy policy is too invasive. But I'd argue that logging into any service using your Facebook account is just asking for your data to be harvested. If it's true that Facebook can slurp your data from Zoom in iOS even if you don't have an account then this is bad, however is there a chance this is genuinely an oversight? It sounds like it's a side effect of an API they're using. I guess the proof will be whether or not they change this to stop it happening.

    The concerns about recording may have some substance but there is also an option to store recordings locally which presumably cannot be accessed by zoom admins. I don't really see how this is much different from other cloud storage.. Teams can record to Azure - it's still someone else's computer - does Microsoft offer a cast iron guarantee that they can't access Teams recordings?

    Is Microsoft's Teams privacy policy so much better? If Windows 10 and its telematics is anything to go by I'd suggest they're likely to be up to similar tricks. After all Teams is 'free' isn't it?

    1. Inkey
      Headmaster

      Re: What are the alternatives?

      How about a home spun solution like riot or riotx.

      It's a pity cause riot has been depreciated and riotx isn't finished. But you could cobble a solution from the matrix sdk.... Check out vector on github.com

    2. GidaBrasti

      Re: What are the alternatives?

      checkout https://www.bluejeans.com/

      Not affiliated in anyway, just a happy use

      1. Is It Me

        Re: What are the alternatives?

        Same here, used it for a few years at work and found it to be reliable and works with our existing Polycom kit, which Teams won't

      2. Captain Scarlet Silver badge

        Re: What are the alternatives?

        Another +1 for BlueJeans, especially for their room solutions (Because users couldn't connect a USB cable and use Skype for Business).

    3. Paul Crawford Silver badge

      Re: What are the alternatives?

      We are going to try Zoho for this. Not sure it is perfect but maybe worth looking at. Main attraction is it appears to work cross-platform and from a web browser (that can be other than chrome).

    4. nematoad Silver badge
      FAIL

      Re: What are the alternatives?

      "...suddenly hear a load of bad press about its security and privacy today. "

      If you are paying for the service then it seems as if Zoom have got you coming and going much like Sky.

      Did you not read the terms and conditions before diving in?

      That's called due diligence and is something everyone should do. I won't use Paypal because I read their t&c's and did not agree with them, but then I am getting a bit rebellious in my old age.

    5. Mage Silver badge

      Re: What are the alternatives?

      Viber? Not sure about groups for video/audio more than 1:1, but text groups work. Unlike Skype which broke, it seems to work on Mac, Windows, Linux, iOS and Android. Japanese company.

      1. ibmalone Silver badge

        Re: What are the alternatives?

        Discovered (for personal use) that Skype appears to be working on Linux again these days. I thought they discontinued it ages ago, but maybe it's been revived.

    6. Gde

      Re: What are the alternatives?

      We're looking into jitsi.org it's open source and can be run in-house.

      1. Anonymous Coward
        Anonymous Coward

        Re: What are the alternatives?

        I've been trying jami.net

  7. choleric

    Comparison to other products

    How does this compare to other products on the market, eg. Hangouts, Meet, Fabecook, Skype, etc? Has El Reg done an exposé?

    To paraphrase the Mutt quote that has adorned their website for the last 20-25 years, "all video conferencing sucks, this one just sucks less." Which video conferencing platform sucks less (private data) than all the rest?

  8. Pascal Monett Silver badge
    WTF?

    "Zoom is in the advertising business, and in the worst end of it"

    Is there any other end of the advertising business ?

    Please point me to a product that lives off advertising without harvesting my personal data.

    1. Dinanziame
      Holmes

      Re: "Zoom is in the advertising business, and in the worst end of it"

      I can only think of DuckDuckGo, because that's the only thing they're known for. I would never bother reading the T&C's of any service to check, though

    2. Anonymous Coward
      Anonymous Coward

      Re: "Zoom is in the advertising business, and in the worst end of it"

      If everyone has that attitude, there's no reason for ad companies to even bother to be more ethical

    3. doublelayer Silver badge

      Re: "Zoom is in the advertising business, and in the worst end of it"

      "Please point me to a product that lives off advertising without harvesting my personal data."

      I hate advertising as well, and it's no less annoying on these, but such products do exist. The simplest are those where individualized tracking isn't possible, such as commercial television or radio which don't go through someone who can know your watching habits. Everyone watching gets the same ads. There are places on the internet where that's similar. For example, if you listen to podcasts, there are very few that have ad-targeting capability--though it should be possible to do some tracking, they can't set a bunch of cookies or collect much else because people are usually using separate podcast-listening apps rather than a browser. Even if they can, there isn't a convenient analytics system that works across podcasts hosted on different sites. Usually, the most information they have on you is a general location where you are, so you might get ads specific to listeners in your metropolitan area. Some sites also do their own advertising, and therefore don't have much in the way of analytics to use when sending ads your way. They are far too few, but they exist.

      All that said, advertising is primarily of the evil kind, at least ad targeting is, and I don't much care if they have an incentive to change if we can be more drastic in our methods of stopping them. I have no more patience for hoping they change voluntarily. I now favor legislative limits to their abilities and healthy fines to back them up. GDPR is a good start; we need to spread it elsewhere, strengthen it, and enforce it thoroughly.

  9. Anonymous Coward
    Anonymous Coward

    Yeah but...

    Zoom is supposedly good (according to some people I know) because Weightwatchers are using it... (the mind boggles)

    As a result, it is how a class that I'm signed up for after easter is going to be delivered.

    I have an Android tablet that has not had a lot of use. I don't even have a google login. I'll be using that for the course via my mobile phone.

    This data slurping in the background and without telling you, really is starting to get out of hand. It is time that these companies AND the people running them were taken outside and shot.

    1. Warm Braw Silver badge

      Re: Yeah but...

      Weightwatchers are using it

      At last - a group of users who will opt for landscape rather than portrait.

    2. Chris G Silver badge

      Re: Yeah but...

      Weight watchers is owned by a Luxembourg holding company Artal, their other interests are consumer staples, pharmaceuticals and pets, so I am sure that harvesting everything you divulge on Zoom at WW is of use to them to sell you other things.

  10. quattroprorocked

    Isn't Zoom what our glorious Government is using?

    ALSO

    Russians buy Zoom data....

    1. Version 1.0 Silver badge

      Re: Isn't Zoom what our glorious Government is using?

      And corporate hackers can buy it too.

    2. Fruit and Nutcase Silver badge

      Re: Isn't Zoom what our glorious Government is using?

      Nah, the Russians probably already have the info

  11. bob, mon!
    Unhappy

    I can only hope that this data slurpage applies to the free version. My school system (consisting of 14 state universities) has chosen zoom as its official standard teleconferencing software. I have zero options to change to any other platform. And even if I could, getting people to use zoom was and is an exercise in on-the-fly training, and anything else would have that problem and no official support.

    Well, maybe the corporate legal team actually did due diligence and checked out the Ts &Cs. Who knows?

    1. Doctor Syntax Silver badge

      "Well, maybe the corporate legal team actually did due diligence and checked out the Ts &Cs. Who knows?"

      You could ask them and find out.

      1. Anonymous Coward
        Anonymous Coward

        If you want to really piss them off, that is.

  12. revenant Silver badge
    Unhappy

    Disappointing

    I commented the other day on a Reg article, to say how impressed I was with the client on Linux. Perhaps I should have paid more attention to the 'Login with Facebook / Google' options.

    It seemed a decent alternative to using Facebook Messenger for family gatherings, but from this article and from my own attempts to find out how to opt out from data selling, I conclude that it is a worse option than using Facebook.

    It seems to be another example of the ad industry or their facilitators buying directly into technology (eg system1 and Startpage) in order to suck our data blood.

  13. Julian Bradfield

    Jitsi?

    Isn't Jitsi fairly safe, especially if you host it? (I tried to get my family to use it, but they prefer the easier interface of zoom..)

    1. jonha

      Re: Jitsi?

      Yep, I think Jitsi is as safe as it gets IF you can self-host (or at least host with someone you trust). Even a non-self hosting session should be SOMEWHAT better than Zoom et al. I'm using it for a few years now, no problems so far.

      1. swm Silver badge

        Re: Jitsi?

        I tried jitsi to use with my non technical family. It just worked. Nothing to install. It did require a compatible browser (I used chrome). All you have to do have everyone go to a url.

        The code is open source (as mentioned above) and you can host your own server.

    2. MuckerDog

      Re: Jitsi?

      I had tried thet but am now using jami, see... jami.net

  14. Version 1.0 Silver badge

    Looks like the BBC reads El Reg too

    https://www.bbc.com/news/technology-52033217 - Coronavirus: Zoom is in everyone's living room - how safe is it? By Jane Wakefield Technology reporter

    1. This post has been deleted by its author

  15. NonSSL-Login
    Coat

    Prime minister and cabinet

    Noticed on the news that Boris is using Zoom to talk with other cabinet members.

    Does the UK government have anyone who advises on software and security matters? I mean they were all using whatsapp well after it was known that backups were sent to the cloud without encryption so...im guessing not.

    Its not as if its a government who could be discussing sensitive info...oh wait, I'll get my coat.

    1. e^iπ+1=0

      Does the UK government have anyone who advises on software and security matters?

      Cummings?

  16. John H Woods Silver badge

    Anyone heard of ...

    Big Blue Button?

    1. solv

      Re: Anyone heard of ...

      Yep, spent a lot of time about 6 or 7 years ago evaluating it as an option for schools to begin using for remote learning.

      It just had some interface issues, and the biggest dealbreaker for us was that the audio recording module was separate to the screencapture one, so stuff that was being drawn or talked about on the whiteboard was out of sync with the presenters speech. This may have been fixed by now...not sure.

      I have G suite and just Google Meet...I'm consistently gobsmacked by how many of my customers on G Suite business ask me about zoom and have no clue they have a perfectly capable solution already in place. One thing meet does that MS Teams and Zoom can't is it allows both the presenter and the viewer to share their screens simultaneously, which really helps with troubleshooting and collab.

      I think there is this misconception that all users must have a G suite account to use it...jus not true, anyone who receives the invite link can join...and it just opens in a web browser...no stupid OS based client needed. I can't speak to if there are privacy issues in Google Meet, I haven't checked.

      Another one for self hosters is nextcloud, they have a video conferencing module. Very simple to use and join a meeting - of course depends on you provisioning enough bandwidth for your users.

  17. Scott 26
    Big Brother

    We are using it at a client's (a govt.nz) site (paid, I think), because it is easier to get going with multiple vendors and the client themselves than say teams (we use teams as well).

    I just looked at my last Zoom invite and it had this stamped on the bottom: "Use Zoom for meetings which are classified up to a level of 'In Confidence' ONLY"

    I assume the client put that in there, it's in a different font to the rest of the invite info.

    Icon, just because.

  18. razorfishsl

    And to think the UK government is using it to hold meetings....

  19. Mike 137 Silver badge
    Alert

    "from contact details to meeting contents"

    Don't discuss confidential business matters then, including industrial secrets.

  20. Anonymous Coward
    Anonymous Coward

    Thanks for the info

    We have now banned Zoom due to their lack of respect for customers and their data,

    Regards,

    A bank's IT dept.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020