Zoom shares your information with Facebook, lawsuit says

I am concerned that FB will learn anything about me. I have taken great care to keep my private information private. But my school is requiring us to use Zoom to continue online classes, & I’m registered for school under my legal name, with an email address (required for Zoom login) assigned by the school, consisting of my legal name.

However, I seem to understand from this VICE article that the leak happens only when Zoom users login via FB. Which I would not do. Still, I’m pissed.

ETA: Actually it appears Zoom sent info to FB even when users did NOT use FB login. From Vox, updated April 2, 2020:

The login SDK [software development kit provided by FB] enables users to log in to Zoom through their Facebook accounts, and in Zoom’s case, it also sent basic device information back to Facebook, including the device’s model, app version, and cellphone service carrier.

It’s hard to know what Facebook was doing with this data. Cybersecurity company Bitdefender did find it unusual that the SDK sent this data back to Facebook even if the user didn’t log in through Facebook (or have a Facebook account at all). It did not tell Facebook which meetings the user joined or what was said in them. Zoom claimed it didn’t realize this information was being sent to Facebook and removed the SDK after Vice’s report. A class action lawsuit was filed several days later accusing Zoom of collecting and disclosing information about its users without properly notifying them.

Even more pissed.

To get the update that deletes this FB leak, do I have to delete & re-install Zoom?

Our gaming group just decided to use Zoom for online gaming meetups, and ran a test last Saturday. I’m using my backup laptop because it has a camera, but I don’t have any other information on it aside from a link to a MMORPG I play. I wonder how protected I am.

This is the same Zoom that installed an always-on web server as part of the Mac installation; it enabled hackers to take remote control of webcams, remaining even after uninstalling the program, ultimately leading to Apple releasing an OS update to ensure it’s removal.

So yeah, sending data to Facebook isn’t my first concern with this pos company.

It does in the same way that FaceTime interfaces with Skype, which is to say it doesn’t.

So it doesn’t work for those of us who are having to figure out how to connect to a group that insists on using Zoom. Darn.

Thanks for the answer.

I don’t have an iDevice, but I’d think that if you updated it from the App Store to the latest version, you’d get the fix. I don’t know offhand if the Android app or the desktop apps have any Facebookery embedded within. I suppose I could always fire up Wireshark and see where the traffic goes.

I’ve run the Linux desktop version, and everything went into the /opt/zoom folder except for a symlink in /usr/bin. I did notice one minor dark pattern: when you close the window, it keeps on running; I saw a tray icon which I had to right-click to truly close it. Probably not a big deal if you’re using it off and on all day, but it’s something to be aware of.

Thanks for the info. Yeah, I too saw on my desktop that even after I signed out, & closed the window, Zoom kept running until I did a force-quit. Guess I will do as advised & create a separate user for Zoom only.

Can you please post a link to that story? I’d like to know more. Thanks.

Is the basic concept of human privacy too complex for you to grasp?

And if I really was afraid of something becoming known, why the hell do you think I’d tell you, much less FB?

I donate to the EFF for a reason.

I’m not installing software that’s dubious or disrespectful of my privacy for ANY reason. Period. Zoom and others who abuse my privacy can go fuck themselves sideways.

I have already told the family member who scheduled the meeting my concerns and she understands and I am looking for a solution not another way to use something that’s already flawed.

Thus is a good rundown : https://daringfireball.net/2020/03/regarding_zoom

That’s nice if you have the bandwidth, Jitsi’s compression (or lack thereof) might hurt you if you’re in a bandwidth-limited VPN or have users on mobile connections.

I don’t think so, especially since Zoom has a history of ridiculous privacy and security issues so it’s perfectly fine to call them out.

Sure, there’s bonus points for offering an alternative, but people have a browser and are able to do some research.

And we can assume that any alternative that has no known history of privacy breaches is better than Zoom.

Why is that of any relevance?

So, you are going straight to insults? Really?

It’s relevant for the same reason there is a “We heart the Free Ice Cream” thread here at BoingBoing. BoingBoing uses an array trackers, including Facebook, for metrics, advertising and affiliate links.

Screen Shot 2020-03-31 at 1.49.06 PM718×460 31.2 KB

Giving up some privacy has become the currency by which “free” web services can survive. It is a trade off, and it is fair for some to say that privacy is too valuable to give up in exchange for these services, but it is also understandable for the services to say “that’s how we get paid, so take it or leave it”, though I want privacy regulated to curb the largest abuses. I’m not seeing sending info to FB as necessarily abusive, depending on what info is sent.

Anyway, if you are using Zoom on a mac you can use Little Snitch to prevent your mac from connecting to FB servers. I’m sure there are a number of ways to do that on PCs as well.

Thank you for that. In fact, it answered my specific question:

If you must use Zoom or simply want to use it, I highly recommend using it on your iPad and iPhone only.1 The iOS version is sandboxed and reviewed by the App Store. The Mac version of Zoom is not available through the App Store, which makes me trust it not a bit.

That article seems to concentrate mainly on how Zoom plays with the iStuff; has anyone to our knowledge done an analysis of how Zoom does with PCs? Now I have to decide if I want to go forward with Saturday’s event over Zoom

So Zoom does not transfer data to facebook for paid users?

A fair point. At the moment it supposedly has had the code removed for all users, but in general there is a good conversation to have about that.

Regular free gmail vs. paid GSuite email is a good example. The paid service doesn’t read your email to serve up ads, a feature which eventually made its way to the free service but originally was a dividing line between free and paid.

Also, BB briefly experimented with making BB free or paid, where free required you to whitelist ad trackers, or paid, allowing you to keep the ad trackers black listed (but be tracked by Google to charge you per page viewed). So giving up privacy vs paid with no or less tracking is a real thing, but as you pointed out, paid doesn’t always mean better privacy.

OK, so I don’t really have much choice but to use Zoom with those people who are already invested in it. I would like people’s input, though, if they wanted to share personal information via video chat, that they didn’t want going anyplace at all. Does anyone offer PGP encryption for video chat? Or is that too resource-intensive?

Not to get into too much detail, but someone whose privacy I care about, wants to use a video streaming service for cybersex. I want to steer them toward something that doesn’t require a computer science degree to configure, that they won’t have to worry too much about ending up in some stranger’s fap folder.

You honestly expect me to tell you, a random stranger, what (if anything) I’m afraid of Facebook learning about me, when I already don’t trust Facebook?

What planet do you come from?

I didnt insult you then- you don’t seem to care about or understand the concept or value of privacy in the digital age

My business is my own. I don’t trade my privacy for convenience when I have a choice in the matter

This may help others that share my concerns, looking for a free, non-Facebook connected video conferencing solution. Bonus points- it seamlessly integrates with Slack

Its open source, and free. Seems like the best alternative to Zoom or any other number of options at this point- and as far as I can tell, not connected to Facebook, Microsoft, or Apple in any way.

Edit- just saw someone mention it above