As everyone seems to have noticed, with the current
necessity to work and study from home, video conferencing services have
become very popular. Especially striking is Zoom, a name that many
people in the last two weeks have heard for the first time. Now, Zoom’s
increasing popularity has been accompanied by some criticism and
skepticism, especially regarding the service’s practices around
privacy. But to what extent really does Zoom exploit the
privacy of its users?
The criticism directed at Zoom can be divided into two categories:
- that regarding accidental security vulnerabilities,
- that regarding intentional features and practices related to privacy.
The first category can largely be ignored. It is obvious
that no company wishes that their products have security
vulnerabilities. It is necessary to point these out and to criticize
the company if they don’t fix them, but accidental flaws are not an
evil that can be criticized as an inherent part of Zoom’s business
That leaves Zoom’s intentional privacy practices. Here too, it is relevant to divide the notion of “privacy” into two distinct categories:
- “specific” privacy, i.e., that between you and your
- “general” privacy, i.e., that between you, Zoom and other anonymous internet corporations.
There are many complaints directed at Zoom related to specific privacy. For example, conference hosts have the optional ability to be alerted whenever a guest has had the Zoom window inactive for more than 30 seconds. Just like that regarding security flaws, the criticism regarding “specific” privacy is largely irrelevant to the question at hand – namely, that of whether Zoom exploits the privacy of its users. Obviously, I don’t like that the host has this ability, but I dislike the host, who deliberately activates this ability, much more than I dislike Zoom, who merely provides it.
I think that what people should be more worried about is the question of general privacy. Is Zoom just another Facebook, another Google, another Microsoft/Skype, whose business model depends on the collection of my personal information?
The answer is no, for a couple of reasons:
- Their privacy
policy, which I find fairly decent in general, outlines rather
clearly what data they collect and for which purposes.
- They don’t use collected data for advertising. Their
marketing websites, if you visit them, do collect data for advertising
purposes, but the Zoom service as such does not.
- You don’t need to register an account in order to participate in meetings.
I think the last point is huge. All of the big, privacy-invasive companies – Facebook, Google, Microsoft – without exception require account registration. Facebook even requires your real, full name. Google requires your phone number. But even if Zoom were to use the data it collects about me for advertising purposes, they do not know who I am. I have never given them my name (apart from the alias I choose to be identified by in a meeting), nor my phone number, nor even my e-mail address. I think it’s worth giving Zoom credit here.
Now, there are perhaps some warning bells. Most glaringly, they have advertised their service as end-to-end encrypted, using an – ahem – unconventional definition of end-to-end encryption. And there’s no telling how the company is going to act in the future, especially if it becomes the de-facto video conferencing standard. Additionally, there is the fact that Zoom is non-free, closed-source software, which in an ideal world wouldn’t be the case.
But all in all, I’m currently fairly happy with Zoom. Not only is it not actively hostile to its users’ privacy, but it also is much more accessible than any viable alternative. It supports Windows XP SP3, Mac OS 10.7 and many distributions and versions of Linux. It supports iOS, Android and even BlackBerry. Among browsers, it supports Safari 7, Chrome 30, Firefox 27 and Internet Explorer 11. In other words, even if you haven’t updated your browser in the last six years, or your operating system in the last twenty, you can still use Zoom!
Anyway, I’m just happy that I don’t have to use Skype.
Things could be much worse.