Most active commenters
  • chaps(4)
  • api(3)
  • nck4222(3)
  • seanhunter(3)
  • bradly(3)
  • quickthrower2(3)

←back to thread

1597 points seapunk | 42 comments | | HN request time: 0.002s | source | bottom
1. geoffeg ◴[] No.22703171[source]
> As quarantined millions gather virtually on conferencing platforms, the best of those, Zoom, is doing very well.

Why would Zoom care about their privacy issues if they're doing so well off? Seems like that's a good amount of positive reinforcement that their current approach is the right one to them. Maybe they'll lose a few thousand customers because of it, but given what I'm sure was a huge increase in the past few weeks, why would it be something they're concerned about?

replies(5): >>22703202 #>>22703237 #>>22703272 #>>22703610 #>>22703721 #
2. chaps ◴[] No.22703202[source]
Because it's the right thing to do.
replies(2): >>22703231 #>>22703355 #
3. luckylion ◴[] No.22703231[source]
Right, but they are a US corporation in California. The "right thing to do" is pretty much at the end of their priorities list.
replies(1): >>22703247 #
4. bryanrasmussen ◴[] No.22703237[source]
Because the EU is on lockdown, lots of EU citizens now using Zoom, and all of those users are potential liabilities due to GDPR issues.
replies(1): >>22703402 #
5. duxup ◴[] No.22703247{3}[source]
I don't think geography really changes the incentives.
replies(1): >>22703345 #
6. api ◴[] No.22703272[source]
The unfortunate wisdom in business is "nobody cares about privacy or security," and in my experience it's true. Outside a small number of people nobody even asks these questions.

With our own product ZeroTier we get maybe 1-2 questions a year about privacy and so far only a few enterprise customers have even asked about the security of encryption and authentication. "It's encrypted" is good enough for 99.9% of the market. Encrypted with what? A cereal box cipher? Nobody cares.

What do people care about? In my experience its ease of use, ease of use, ease of use, ease of use, and ease of use, in no particular order. An app that's a privacy and security dumpster fire but is very easy to set up and use will win hands down over a better engineered one that requires even one or two more steps to set up.

replies(2): >>22703396 #>>22703790 #
7. TallGuyShort ◴[] No.22703345{4}[source]
It changes the culture. In my experience, Silicon Valley companies have more of a culture of growing at all costs. And they're either fanatical about privacy or they'll sell you out to the highest, middle, and lowest bidders all at once, then give it away free through an unpatched security hole too.
replies(1): >>22706600 #
8. nck4222 ◴[] No.22703355[source]
I agree, but Zoom is a publicly traded company. Their incentives aren't necessarily aligned with the public good.

The question is "why should Zoom leadership care about the recent privacy concerns if the vast majority of their customers don't care?"

Their stock is up over 6% today while the market is down 4% (volatility caveats here obviously). So far the privacy concerns don't seem to be impacting the companies short or long term prospects, so I wouldn't expect the company to do the right thing.

replies(1): >>22704102 #
9. seanhunter ◴[] No.22703396[source]
My experience is diametrically opposite to that. All of our clients are large enterprises and the security and privacy features are very closely examined during procurement literally every time. We haven't had a single client conversation that is remotely like what you're describing.

Might be because our clients are banks but they really care about this stuff.

replies(3): >>22703677 #>>22704261 #>>22706058 #
10. seanhunter ◴[] No.22703402[source]
The UK cabinet has been meeting on Zoom during the crisis. It was in a media shot issued by 10 downing st yesterday.
replies(3): >>22703594 #>>22704401 #>>22704791 #
11. panpanna ◴[] No.22703594{3}[source]
UK cabinet is about to find out what "zoom bombing" means the hard way...
12. randomsearch ◴[] No.22703610[source]
OTOH if you’re making money from your product why trash it yourselves
13. TrickyRick ◴[] No.22703677{3}[source]
Completely agree with this, banks care. They don't always care in the best of ways, usually it's just about ticking a box in a spreadsheet, but at least they ask.
14. bradly ◴[] No.22703721[source]
The reason Zoom is doing so well is part of its vulnerability. There is very little vendor lock-in with virtual conferencing platforms. If something new/better comes out next month, there isn't much a company will give up by switching vendors. There is little to no infrastructure to setup/maintain. This is the same reason Slack's popularity has skyrocketed. Because of the lack of history and transient nature of the content shared in them, these areas are quick to gain popularity, but also quick to be replaced when a better product emerges.
replies(3): >>22703837 #>>22706636 #>>22708662 #
15. yjftsjthsd-h ◴[] No.22703790[source]
> With our own product ZeroTier we get maybe 1-2 questions a year about privacy and so far only a few enterprise customers have even asked about the security of encryption and authentication.

Why would people ask you that? You already put the answers in the public documentation.

16. kardos ◴[] No.22703837[source]
> This is the same reason Slack's popularity has skyrocketed. Because of the lack of history <snip>

Slack's business model [1] is storing all history and charging for access for it. Nothing transient about that.

[1] https://en.wikipedia.org/wiki/Slack_(software)#Business_mode...

replies(2): >>22704009 #>>22704027 #
17. tinalumfoil ◴[] No.22704009{3}[source]
Is it common to want to keep all that history? My understanding was it's best practice to delete chats after a certain period to limit the surface area of any potential legal discovery.
replies(2): >>22704179 #>>22704187 #
18. bradly ◴[] No.22704027{3}[source]
You are correct that there is history, but my point is that I don't believe the existence of long lived chat history (storing all messages longer than 3-6 months) will be a blocker for a company to switch to a better chat platform. Chat should not be looked at as a durable store of critical, long term information. Slack is trying to create a vendor lock-in that doesn't exist.
19. chaps ◴[] No.22704102{3}[source]
Surely, though, there is a way for zoom to do both at the same time. That you and one of your sibling posts gives them some benefit of the doubt (or at least the appearance of it) is... sad.
replies(1): >>22704919 #
20. daxelrod ◴[] No.22704179{4}[source]
Ah, but Slack doesn't delete the history either unless you pay them: https://slack.com/help/articles/203457187-Customize-message-...

On the free tier it's still there, on their servers.

21. selectodude ◴[] No.22704187{4}[source]
For a lot of industries, deleting internal communication is illegal. For any publicly traded company in the US, all internal communication needs to be archived for five years.
replies(2): >>22705397 #>>22707845 #
22. api ◴[] No.22704261{3}[source]
The few customers we've had that ask are large, so yes. I am speaking of the majority of individuals and small businesses.
23. bryanrasmussen ◴[] No.22704401{3}[source]
is GDPR still in effect in UK?
replies(2): >>22704623 #>>22704781 #
24. xiphias2 ◴[] No.22704623{4}[source]
I think yes, EU laws are in effect until end of the year, to have time to create new regulations.
25. seanhunter ◴[] No.22704781{4}[source]
Yes it is, and even after the UK leaves the EU the provisions of GDPR will be part of UK law until some future government enacts law to change that.
26. jeltz ◴[] No.22704791{3}[source]
Sounds like even more reason for Zoom to care. The more high profile they get the more like it is for EU privacy watchdogs to go after them.
27. nck4222 ◴[] No.22704919{4}[source]
I'm not sure where I gave the impression of being ok with what zoom is doing, but I'm not. I'm saying this is the expected course given the incentives we as a society have established for companies.

Hoping zoom and other companies prioritize the public good over profits is foolish, and the solution is to align profits with the public good.

replies(1): >>22705140 #
28. chaps ◴[] No.22705140{5}[source]
It's because your response is the intellectual equivalent of throwing your hands in the air simply because you don't think you can have any contribution towards fixing the problem, and the only course of action forward is to simply describe why things are the way they are. It's complacent, and it's sad.

It's a lot like someone complaining about Trump being elected, and you respond with "Yeah, but we live in a Democracy". It's not a very helpful comment, and it doesn't get us anywhere except to keep us in the exact same place we are today.

replies(1): >>22705398 #
29. quanticle ◴[] No.22705397{5}[source]
And it's equally emphasized, at many of those organizations, that all communication older than 5 years is deleted. Nobody wants to be burned by an ill-considered statement made in a decade-old IM conversation.
30. nck4222 ◴[] No.22705398{6}[source]
>simply describe why things are the way they are. It's complacent, and it's sad.

>It's not a very helpful comment

I would think understanding the problem would be the first step to solving it. I'm not sitting here pretending I have all the answers. I saw an opportunity to shed some light on the situation so I commented. It seems weird to me that your critical of me for not contributing thoughts related directly to a solution, when you haven't contributed any thoughts about a solution either.

To each their own I suppose. But consider me thoroughly uninterested in discussing this further, which, seems to be what you wanted from me anyway.

replies(1): >>22711726 #
31. thoraway1010 ◴[] No.22706058{3}[source]
Actually - you'll be surprised at the shadow IT going on at places like this. Users will literally BEG anyone who knows how to get around these systems how to do so.

It's why your banker might use their cell phone for a zoom client when everyone else is on a computer - their work computer is locked down. Govt employees often the same way. You'll notice they are doing the phone call in or phone client vs their computer.

Lot's of companies, zoom included, get in through the user side not the big webex / cisco type sales process.

replies(1): >>22707692 #
32. quickthrower2 ◴[] No.22706600{5}[source]
I think assholes that want to make money at any cost are everywhere, in every city in every country in the world. Let’s not be naive. Maybe California gives birth to a higher number of big companies that are also famous and so is more visible.
replies(2): >>22709854 #>>22714405 #
33. quickthrower2 ◴[] No.22706636[source]
We switched from Zoom to Slack as soon as we realised we could use Slack and it’s much easier. But there is a 15 person limit so we’ll switch out for something else in a bigger meeting. It’s too easy to switch.
34. api ◴[] No.22707692{4}[source]
I worked in a place some time ago where someone was hired with the unofficial (but generally known) job description of defeating IT restrictions and security policies so people could actually get something done.

It's very very hard to lock down a network without drastically impacting productivity, especially if you have any kind of science, design, or development going on.

replies(1): >>22708106 #
35. rsanek ◴[] No.22707845{5}[source]
Do you have a source for this? I couldn't find anything regarding the 5 year time frame. I did find [0] which references a few different retention periods, especially at 7 years.

[0] https://www.intradyn.com/email-retention-laws/

replies(1): >>22708243 #
36. thoraway1010 ◴[] No.22708106{5}[source]
I worked a job where to get something scanned you had to go the neighborhood mailbox place and FAX it to the fax number this org had so it would show up electronically.

I kid you not - obviously they had a deal on faxing for like 50% off, but it was still SUPER timeconsuming and pretty expensive.

Anyways, I configured one of their state of the art copiers to allow them to securely scan to users local folders. I set permissions dropbox style (upload, list but no read / download / delete). It was like I was a god briefly. Then someone in IT found out and the party ended big time.

Realize this isn't that long ago - we are talking some orgs / IT departments are SERIOUSLY retro. I could tell many funny stories (and some sad ones) about folks working around the IT department.

Another common IT workaround was that if a device was not on approved list (basically everything except some junky low bid stuff and definitely no no macs / no ipads) and you had a need (ie marketing / media department wanted to do something with kids shooting and editing video as a feel good, and ipads were great for that and the offical machines sucked) is they would hire a consultant to help them edit, and then put a procurement for the equipment through the consulting bill. Consultant got to mark it all up, but it didn't have to go through the IT purchasing process where ipad's were banned. Was time consuming but I saw it work.

Anyways, I know EXACTLY the type of org who buys these expensive video conferencing systems that fall over when you need them!

37. bradly ◴[] No.22708243{6}[source]
It's part of SOX. It actually requires the data be unencrypted, immutable, and available offline. Most corporations (large and small) do not follow this for email, messaging, wikis and many other services.
38. closeparen ◴[] No.22708662[source]
We have a few thousand conference rooms around the world wired from Zoom. Much of it is probably commodity hardware that could be reconfigured for another platform, but it would still be a massive undertaking.
39. luckylion ◴[] No.22709854{6}[source]
They are, but they aren't that concentrated and networked and their attitude isn't that ingrained in the culture. You'll always have assholes, but if you have few non-assholes, it's a culture issue, not an asshole-issue.
replies(1): >>22710089 #
40. quickthrower2 ◴[] No.22710089{7}[source]
Maybe sf is an asshole magnet rather than an asshole breeder. Without sf they’d go somewhere else after all “if I didn’t then someone else would” is the ethical excuse of the asshole.
41. chaps ◴[] No.22711726{7}[source]
Welp, I hope you use your understanding of the situation to start fixing it like you propose. Otherwise they're just words in the wind. Peace, friend
42. rhizome ◴[] No.22714405{6}[source]
Let's not be naive, the VCs are in SV so the assholes flock there. 150 years ago they were named "carpetbaggers."