Is Zoom really that bad?
Some thoughts on the privacy practices of the video conferencing service Zoom.
Published on 2020-04-02
As everyone seems to have noticed, with the current
necessity to work and study from home, video conferencing
services have become very popular. Especially striking is
Zoom, a name that many people in the last two weeks have
heard for the first time. Now, Zoom’s increasing
popularity has been accompanied by some criticism and
skepticism, especially regarding the service’s practices
around privacy. But to what extent really does
Zoom exploit the privacy of its users?
The criticism directed at Zoom can be divided into two categories:
The first category can largely be ignored. It is obvious
that no company wishes that their products have security
vulnerabilities. It is necessary to point these out and to
criticize the company if they don’t fix them, but
accidental flaws are not an evil that can be criticized as
an inherent part of Zoom’s business model.
That leaves Zoom’s intentional privacy practices. Here too, it is relevant to divide the notion of “privacy” into two distinct categories:
There are many complaints directed at Zoom related to specific privacy. For example, conference hosts have the optional ability to be alerted whenever a guest has had the Zoom window inactive for more than 30 seconds. Just like that regarding security flaws, the criticism regarding “specific” privacy is largely irrelevant to the question at hand – namely, that of whether Zoom exploits the privacy of its users. Obviously, I don’t like that the host has this ability, but I dislike the host, who deliberately activates this ability, much more than I dislike Zoom, who merely provides it.
I think that what people should be more worried about is the question of general privacy. Is Zoom just another Facebook, another Google, another Microsoft/Skype, whose business model depends on the collection of my personal information?
The answer is no, for a couple of reasons:
I think the last point is huge. All of the big, privacy-invasive companies – Facebook, Google, Microsoft – without exception require account registration. Facebook even requires your real, full name. Google requires your phone number. But even if Zoom were to use the data it collects about me for advertising purposes, they do not know who I am. I have never given them my name (apart from the alias I choose to be identified by in a meeting), nor my phone number, nor even my e-mail address. I think it’s worth giving Zoom credit here.
Now, there are perhaps some warning bells. Most glaringly, they have advertised their service as end-to-end encrypted, using an – ahem – unconventional definition of end-to-end encryption. And there’s no telling how the company is going to act in the future, especially if it becomes the de-facto video conferencing standard. Additionally, there is the fact that Zoom is non-free, closed-source software, which in an ideal world wouldn’t be the case.
But all in all, I’m currently fairly happy with Zoom. Not only is it not actively hostile to its users’ privacy, but it also is much more accessible than any viable alternative. It supports Windows XP SP3, Mac OS 10.7 and many distributions and versions of Linux. It supports iOS, Android and even BlackBerry. Among browsers, it supports Safari 7, Chrome 30, Firefox 27 and Internet Explorer 11. In other words, even if you haven’t updated your browser in the last six years, or your operating system in the last twenty, you can still use Zoom!
Anyway, I’m just happy that I don’t have to use Skype. Things
could be much worse.