Most active commenters

    ←back to thread

    Zoom needs to clean up its privacy act

    (blogs.harvard.edu)
    1597 points seapunk | 14 comments | 27 Mar 20 14:18 UTC | HN request time: 0.448s | source | bottom
    1. conradev ◴[27 Mar 20 19:21 UTC] No.22705922[source]
    As other people have stated in this thread everything in Zoom's privacy policy seems to indicate they are sending data to advertisers only as necessary to advertise their own products. They likely:

    - Use the Facebook iOS SDK to measure conversions from app install ads

    - Send a list of hashed email addresses to Facebook or other advertisers to do ad re-targeting

    - Have Google Analytics on their websites to track where people are visiting their website from, i.e. a click on a Google AdWords ad

    While these are all not _ideal_ because _yes_, Google and Facebook use this data for their own purposes as well, it's far from _nefarious_. In fact, it's pretty standard fare. Could Zoom go above and beyond and reject these tools? Yes, they could. Does anyone in practice? No.

    If Zoom was selling metadata about their calls, leaking contents of their calls, or themselves served ads – then yes, I'd be concerned. But all indications point to them purchasing ads to further the growth of their business.

    I think it is perfectly reasonable to seek guarantees around the usage of the above, more sensitive data (contents of video calls, metadata of video calls, etc.) but on the flip side to imply from their privacy policy that they are sending it to Facebook or that they are "in the advertising business" is jumping the gun a little bit.

    replies(6): >>22706506 #>>22707234 #>>22707659 #>>22707992 #>>22708747 #>>22726107 #
    2. uoaei ◴[27 Mar 20 20:25 UTC] No.22706506[source]
    > standard fare

    Aka "common sense" aka "anything that will fit within the Overton window"

    Not to be confused with "decent, moral behavior"

    replies(2): >>22708168 #>>22708722 #
    3. zndr ◴[27 Mar 20 21:52 UTC] No.22707234[source]
    The other thing that's important is the privacy policy includes their marketing site You can see a clear list of tools that zoom uses on their Content Management System (CMS) aka Zoom.us here: https://builtwith.com/zoom.us
    4. fapi1974 ◴[27 Mar 20 22:58 UTC] No.22707659[source]
    This is the most levelheaded comment I've see in this thread. Not least because I have literally never seen an ad run on either the Zoom website or the app. Moreover, Zoom is one of the most successful SaaS companies in the world because their unit economics on their basic business model (of selling premium subsriptions) is literally better than almost any other SaaS company out there: https://tomtunguz.com/benchmarking-zoom-s-s-1-how-7-key-metr...
    replies(1): >>22707755 #
    5. xenonite ◴[27 Mar 20 23:16 UTC] No.22707755[source]
    > One key driver of profitability is labor-market arbitrage. Nearly one third of Zoom’s team, and the majority of its engineering team is based in China. The result is the company spends less than 10% of its revenue on R&D, which is less than half the median of the peer set.
    6. phyzome ◴[28 Mar 20 00:03 UTC] No.22707992[source]
    If their Privacy Policy doesn't say they won't sell or distribute call metadata or contents, I have to assume they will. If they want to update their Privacy Policy to make that clearer, I would encourage that.

    (And hashed email addresses? Might as well just send the email addresses. Hashing is kind of useless there.)

    replies(1): >>22708102 #
    7. conradev ◴[28 Mar 20 00:21 UTC] No.22708102[source]
    Yeah, I hope that the outcome of all of this negative attention is that Zoom publishes those guarantees. What’d be even better, though, is if they enforce them with tech – WhatsApp and FaceTime both offer end to end encrypted group calling.

    Hashed contact info is just how Facebook intakes contact information. Makes it harder for them to get the info of non-Facebook users who are patrons of the business. They claim to delete it: https://www.facebook.com/business/help/112061095610075?id=24...

    replies(1): >>22711233 #
    8. Spivak ◴[28 Mar 20 00:36 UTC] No.22708168[source]
    I suppose, but why would you single out Zoom and expect them to act more decent and morally than any other company? Is there any reason you would expect this?
    replies(1): >>22708615 #
    9. paulryanrogers ◴[28 Mar 20 02:09 UTC] No.22708615{3}[source]
    Calling out the biggest players is fine. They have the most resources to roll their own or at least shop around, should they value their users privacy.
    10. m463 ◴[28 Mar 20 02:37 UTC] No.22708722[source]
    The Overton window - fascinating.

    I'm waiting for these conferencing apps to feed into clearview ai.

    11. chance_state ◴[28 Mar 20 02:42 UTC] No.22708747[source]
    Gotta love when HN users go out of their way to apologize for disgusting and immortal behavior by tech companies. I'd expect nothing less.
    12. fctorial ◴[28 Mar 20 14:12 UTC] No.22711233{3}[source]
    > WhatsApp and FaceTime both offer end to end encrypted group calling.

    These are closed source, right? How do you know this feature works?

    replies(1): >>22726115 #
    13. krageon ◴[30 Mar 20 08:06 UTC] No.22726107[source]
    Why would it be jumping the gun? They can, so they will. It's been like this with every US company that has been looked at in this way.
    14. krageon ◴[30 Mar 20 08:06 UTC] No.22726115{4}[source]
    You don't, because you can't.