[HN Gopher] How Zoom's terms of service and practices apply to A...
___________________________________________________________________
How Zoom's terms of service and practices apply to AI features
Author : chrononaut
Score : 168 points
Date : 2023-08-07 16:59 UTC (6 hours ago)
(HTM) web link (blog.zoom.us)
(TXT) w3m dump (blog.zoom.us)
| littlestymaar wrote:
| > As part of our commitment to transparency and user control
|
| Bold claim for a company that already lost a class action for
| deliberately lying to its users.
| dylan604 wrote:
| It's like a drug addict that only went to rehab to avoid jail
| and is not really wanting to stop. That next relapse is just
| right there waiting for them.
| littlestymaar wrote:
| Except the drug addict has an actual excuse for getting back
| to it: addiction is a medical condition, whereas here it's
| just lack of any kind of decency.
| dylan604 wrote:
| I'm honestly surprised there's not a medically recognized
| condition for being someone that operates like this company
| (and others) of having no moral fiber and is only about
| making the dollars now with shady tactics.
| JohnFen wrote:
| I think it's called sociopathy.
| synaesthesisx wrote:
| I wonder if they allow opting-out. My last company was in the
| healthcare space, and we used Zoom for all internal
| communication. Often this could contain sensitive information
| (PII etc) which would likely be a privacy violation if exposed.
| tagami wrote:
| Put that right in the TOS.
| DueDilligence wrote:
| [dead]
| codexb wrote:
| It was a poor choice on their part. Some large employers were
| already on the fence about dropping zoom in favor of teams, and
| this is just going to push them over the edge.
| karaterobot wrote:
| Ahh, so they're pulling the old "You can leave the meeting if you
| don't like becoming part of our training data" routine, and _that
| 's_ what they mean by consent.
| [deleted]
| graeme wrote:
| What are the equivalent terms for Microsoft Teams?
| bluefishinit wrote:
| > _Section 10.2 covers that there is certain information about
| how our customers in the aggregate use our product -- telemetry,
| diagnostic data, etc. This is commonly known as service generated
| data. We wanted to be transparent that we consider this to be our
| data so that we can use service generated data to make the user
| experience better for everyone on our platform._
|
| Well, I consider that to be _my_ data and actually it is since I
| canceled our company 's Zoom account when they adjusted their
| TOS. I'll take my data elsewhere.
| lolinder wrote:
| Just out of curiosity--did you cancel the account in April when
| they changed the terms, or in August when people finally
| noticed?
| bluefishinit wrote:
| August, when I saw the changes. I have to admit I'm not
| babysitting all of our vendor's TOS so am glad these things
| get surfaced on HN.
| janalsncm wrote:
| It would be great if there was a tool that could compare
| TOS of many services and tell me what changed since the
| last version. Basically diff the two.
|
| There's already tosdr.org but I'm not sure they have that
| feature.
| motoxpro wrote:
| You don't use any service that has analytics or internal
| error reporting? So no AWS, GCP, Cloudflare, MS Office,
| etc?
| bluefishinit wrote:
| I can't help but use AWS but I definitely don't use that
| other stuff. That it's laden with spyware is one of the
| main reasons.
|
| _Especially_ for video communication, I 'm not going to
| let some 3rd party spy on me and my business if I don't
| have to.
| rpgbr wrote:
| I guess you'll have a hard time trying to find a service, video
| calls and else, that doesn't have terms similar to these.
| jwr wrote:
| Whereby? https://whereby.com/
| bluefishinit wrote:
| It's definitely a challenge, but another good thing about HN
| is people link alternatives in threads like this. I'm already
| checking out Jitsi (mentioned up thread) and it looks
| awesome. It's even open source:
|
| https://jitsi.org/
| smrtinsert wrote:
| Jokes on them, I'm already streaming my AI avatar.
| gruez wrote:
| Called it a few days ago:
| https://news.ycombinator.com/item?id=37022827
|
| It's baffling how many people in previous threads thought a
| company that gets most of its money from enterprise/business
| clients, will burn all their reputation by surreptitiously using
| client data to train their AI.
| burkaman wrote:
| Yes, who could imagine such a thing from a company that leaked
| personal data without consent
| (https://www.bbc.com/news/business-58050391) and lied about
| end-to-end encryption for 5 years (https://www.ftc.gov/news-
| events/news/press-releases/2020/11/...).
| ec109685 wrote:
| Always wise to remember Hanlon's razor: "Never ascribe to
| malice that which is adequately explained by incompetence"
|
| Occam's razor also applies here.
| gjsman-1000 wrote:
| I'm sorry, I didn't _maliciously_ stab the guy, I was just
| really, really, really incompetent with handling this axe.
| ec109685 wrote:
| It doesn't apply in all situations, clearly.
| hypeit wrote:
| Let's please not pretend like philosophical razors are
| anything other than rhetorical devices. There's exactly zero
| data to back any of them up and it wouldn't matter if there
| was since each case is unique.
|
| There is however research (that aligns with a lot of people's
| experience) to suggest psychopaths and sociopaths are very
| over represented in leadership:
|
| https://www.sakkyndig.com/psykologi/artvit/babiak2010.pdf
| JohnFen wrote:
| I think Hanlon's razor isn't true often enough to consider it
| a valid rule of thumb.
|
| But, really, does it matter whether the bad thing is caused
| by incompetence or malice outside of a court of law? The bad
| thing happens either way.
| tailspin2019 wrote:
| Given the company's history, it doesn't seem very baffling at
| all...
|
| > Zoom has agreed to pay $85 million to settle claims that it
| lied about offering end-to-end encryption and gave user data to
| Facebook and Google without the consent of users. The
| settlement between Zoom and the filers of a class-action
| lawsuit also covers security problems [0]
|
| > Mac update nukes dangerous webserver installed by Zoom [1]
|
| > The 'S' in Zoom, Stands for Security - uncovering (local)
| security flaws in Zoom's macOS client [2]
|
| [0] https://arstechnica.com/tech-policy/2021/08/zoom-to-
| pay-85m-...
|
| [1] https://arstechnica.com/information-
| technology/2019/07/silen...
|
| [2] https://objective-see.org/blog/blog_0x56.html
| hackernewds wrote:
| That seems an intentional business decision where expected
| value of fine < perceived benefit. $85M is little
| TheRealPomax wrote:
| $85M may be nothing to Apple, Facebook, or Google, but to
| Zoom it's a _substantial_ amount. Their quarterly net
| income for Q1 2023 was only 15.4M.
|
| (Even if revenue was much higher. Revenue doesn't tell you
| anything about how well a company can take a financial hit)
| jackpt wrote:
| Aren't those fines inflated due to the companies having a
| large revenue/to make an example?
| sherlock_h wrote:
| Seems like they are addressing it heads-on
| berbec wrote:
| This is a nice statement, but the TOS is the important part, not
| what this marketing piece says.
|
| > You agree to grant and hereby grant Zoom a perpetual,
| worldwide, non-exclusive, royalty-free, sublicensable, and
| transferable license and all other rights required or necessary
| to redistribute, publish, import, access, use, store, transmit,
| review, disclose, preserve, extract, modify, reproduce, share,
| use, display, copy, distribute, translate, transcribe, create
| derivative works, and process Customer Content and to perform all
| acts with respect to the Customer Content.
|
| > (ii) for the purpose of product and service development,
| marketing, analytics, quality assurance, machine learning,
| artificial intelligence, training, testing, improvement of the
| Services, Software, or Zoom's other products, services, and
| software, or any combination thereof
| gchamonlive wrote:
| > redistribute, publish, import, access, use, store, transmit,
| review, disclose, preserve, extract, modify, reproduce, share,
| use, display, copy, distribute, translate, transcribe, create
|
| This is _very_ Technologic
| PaulDavisThe1st wrote:
| It's missing "pickle" and "ferment", but I guess there's not
| enough culinary influence at Zoom HQ.
| Imnimo wrote:
| Yeah, if the TOS says one thing, and a blogpost pinky-promises
| another, only one of those two actually counts as far as I'm
| concerned.
| reilly3000 wrote:
| I wonder if a deceptive marketing post explaining a privacy
| policy change could be considered material if there was a
| lawsuit.
| Animats wrote:
| The AI part isn't the bad part. It's the "use for marketing",
| like gMail.
|
| One implication is that lawyers can no longer use Zoom for
| anything which is attorney-client privileged.
| jonplackett wrote:
| How does this add up with E2EE?
|
| They claim they can't read anything passing through the
| server. Is there some other way they'll get access?
|
| https://support.zoom.us/hc/en-
| us/articles/360048660871-End-t....
| thesimon wrote:
| E2EE is not the default mode for Zoom.
| 14 wrote:
| I have not had a chance to read up on this yet but does
| zoom not have a paid version or corporate version that
| would not follow under these same TOS? If not it seems
| crazy like a shot in the foot because lots of businesses
| use zoom and I know most want or are required to use
| privacy preserving programs.
| ethbr0 wrote:
| > _You agree to grant and hereby grant Zoom [...] license and
| all other rights required or necessary to [...] create
| derivative works [...]_
|
| > _[...] for the purpose of product and service development,
| marketing, analytics, quality assurance, machine learning,
| artificial intelligence, training, testing, improvement of the
| Services, Software, or Zoom's other products, services, and
| software, or any combination thereof [...]_
|
| Those two clauses, coupled with the current murky state of AI-
| from-copyrighted-material, should make everyone run screaming
| from Zoom as a product that can be entrusted with confidential
| information.
| mplewis wrote:
| The TOS has been updated to state the following:
|
| > Notwithstanding the above, Zoom will not use audio, video or
| chat Customer Content to train our artificial intelligence
| models without your consent.
| [deleted]
| dr_monster wrote:
| Apparently the TOS can be edited at any time to say anything
| without notice.
|
| It's worth mentioning that per this agreement they can still
| do almost anything else with that data. They could put your
| face up on a billboard if they wanted to.
|
| I'm out. I was a paying user. Can't run fast enough from ever
| doing business with them again.
| JohnFen wrote:
| > Apparently the TOS can be edited at any time to say
| anything without notice.
|
| Yes, as with most terms of service. It's one of the things
| that makes terms of service statements unreliable.
| nwoli wrote:
| Per the agreement using the service can probably be
| considered consent. Ie "we won't use your data without your
| consent" translates to legal code "if you accept the TOS
| which you do if you use the app, then you've given consent"
| gnfargbl wrote:
| Which provider will you be moving to, and have you checked
| that their ToS are more acceptable?
| Simorgh wrote:
| This is the question! Is there anything anyone would
| recommend on security grounds?
|
| Enterprise may resonate with something with Signal level
| e2ee.
|
| Has anyone tried Element IO, as an example, in a
| commercial setting?
|
| Asking for a friend.
| fsflover wrote:
| https://news.ycombinator.com/item?id=37021910
| freedude wrote:
| jitsi
|
| https://meet.jit.si/
| aftbit wrote:
| If you don't need the "advanced" zoom features, I can
| highly recommend Jitsi. Free public service and you can
| self-host if you need it. We have been running a fully
| remote company with 90% of meetings via Jitsi since COVID
| with great success. I recommend Chrome over Firefox
| though, as FF's WebRTC support is behind Google's.
| fragmede wrote:
| Unfortunately it's like Gmail. Even if I'm not using them,
| enough other places do that it's not feasible to totally
| avoid them without adding complications to my life. Those
| complications might be worth it to you, but eg my
| therapist's office uses Zoom for the backend of their app.
| You'd never know it unless you're the kind of person to dig
| into that.
| sleepybrett wrote:
| How about analyze all the meetings from company x in order
| to insider trade or perform some other kind of corporate
| sabatoge.
| littlestymaar wrote:
| > without your consent.
|
| _+but we 'll prompt you an overly long privacy policy
| including such consent whose acceptation is just a checkbox
| you tick the first time your join a call without even paying
| attention (nor choice)_
| dghlsakjg wrote:
| This seems to be a pretty big thing. Zoom seems to have
| been adopted by a lot of government processes.
|
| How does this apply for court hearings, council meetings,
| etc...
| StevenXC wrote:
| ZoomGov likely has a different ToS
| singleshot_ wrote:
| A very powerful example of the difference between the words
| "will" and "shall."
|
| Hats off to zoom for the free contract drafting lesson!
|
| [edit: thanks to HN commenter lolinder for the _actual_
| lesson].
| lolinder wrote:
| > You can use "will" to create a promise--a contractual
| obligation. See Bryan A. Garner, A Dictionary of Modern
| Legal Usage 941-942 (2d ed., Oxford U. Press 1995). When
| used in this way, "will" is not merely stating a future
| event, it is creating a promise to perform:
|
| > > Landlord will clean and maintain all common areas.
|
| > In most basic contracts, I recommend using "will" to
| create obligations, as long as you are careful to be sure
| any given usage can't be read as merely describing future
| events. I'm generally against "shall" because it is harder
| to use correctly and it is archaic.
|
| https://law.utexas.edu/faculty/wschiess/legalwriting/2005/0
| 5...
| singleshot_ wrote:
| So, I get that you're downvoting and contradicting, but
| are you sure we don't agree? Let's put it this way: I was
| observing precisely what you copied and pasted: this is a
| perfectly valid way to write a contract if you
| subsequently want to be able to argue either side.
|
| Was zoom careful to be sure any usage can't be read as
| merely describing future events? Will ambiguity exist
| until this agreement is tested ?
| lolinder wrote:
| Given that they use "Zoom will" 21 times in the document
| to clearly refer to their obligations--including 4 times
| in the paragraph entitled "10.5 Our Obligations Over Your
| Customer Content"--I seriously doubt they're counting on
| or will get points for any ambiguity.
|
| Meanwhile not once do they use "Zoom shall". It's pretty
| clearly just a stylistic choice and not anything sneaky.
|
| Edit: They even use "will" in the all-important phrase
| "you will pay Zoom". Surely you don't think they meant to
| be sneaky in that usage, and that is merely meant as a
| prediction of future events?
| singleshot_ wrote:
| I stand corrected. I suppose reading the contract instead
| of snarking might have allowed me to avoid the
| embarrassment. Thank you.
| lolinder wrote:
| Thanks for responding graciously!
| stefan_ wrote:
| That still allows them to broadcast your meeting in a feature
| film of their choice. No, this is insane. The only reasonable
| option here is (1) end-to-end encryption or (2) ephemeral
| storage purely for the provision of the service.
| pseudosavant wrote:
| "...will not use...to _train_... " (emphasis mine)
|
| They'll do inference all day long, but not train without
| consent. Only being slightly paranoid here, but they could
| still analyze all of the audio for nefarious reasons (insider
| trading, identifying monetizable medical information from
| doctor's on Zoom, etc). Think of the marketing data they
| could generate for B2B products because they get to "listen"
| and "watch" every single meeting at a huge swath of
| companies. They'll know whether people gripe more about Jira
| than Asana or Azure Devops, and what they complain about.
| btown wrote:
| This is really important, and I would further emphasize the
| word _our_. Zoom doesn 't need permission to "train" their
| own in-house artificial intelligence model when it can just
| transmit/sublicense that data to someone else who will
| train a model, or to an internal team who will use it
| (perhaps in few-shot prompts at scale, which is not
| technically training a model!) for "consulting services" in
| the broadest sense that that team can imagine.
|
| I generally feel like the general slowdown of capital
| availability in our industry will lead/is leading to
| companies doing a lot more desperate things with data than
| they've ever done before. If a management team doesn't
| think they'll survive a bad couple of quarters (or that
| they won't hit performance cliffs that let them keep their
| jobs or bonuses), all of a sudden there's less weight
| placed on the long-term trust of customers and more on
| "what can we do that is permissible by our contract
| language, even if we lose some customers because of it."
| That's the moment when a slippery ethical slope comes into
| play for previously trustworthy companies. So any expansion
| of a TOS in today's age should be evaluated closely.
| bonestamp2 wrote:
| > If a management team doesn't think they'll survive a
| bad couple of quarters (or that they won't hit
| performance cliffs that let them keep their jobs or
| bonuses)
|
| Agreed, and these kinds of short-term incentives are one
| of the problems with American companies. On the flip
| side...
|
| Japanese companies think about products in decades -- the
| product line has to make money 10 years from now.
|
| Some old European brands think about their brand in
| centuries -- this product made today has to be made with
| a process and materials that will make people in 100
| years think that we made our products at the highest
| quality that was available to us at the time.
| callalex wrote:
| Got any data to back this up or are you just spouting
| racist tropes?
| hobo_in_library wrote:
| Making generalized claims about companies is racist now?
| I must've missed the memo.
|
| I guess it makes sense. Companies are people, after all
| [deleted]
| kornhole wrote:
| Nextcloud Talk has no TOS AFAIK. It is FOSS and self-hosted.
| Nextcloud AI tools run on your instance with the exception of the
| optional OpenAI plugin app. They are developing further FOSS AI
| models to replace those.
| https://www.youtube.com/watch?v=14gSiyAl9Fw
| ddtaylor wrote:
| I love Nextcloud. What will eventually happen is that Zoom (and
| other services in this model) will cause some problem that is
| so catastrophic that companies realize the true risk of being
| so deeply entrenched into these toxic one-sided relationships
| and then will begin to adopt more self-hosted tools.
| sean_hogle wrote:
| Zoom's lawyers are trying to pull a fast one with these revised
| Terms. The new sentence on user consent being required to train
| AIs applies only to "Customer Content," not "Service Generated
| Data."
|
| In sec. 10.4, Zoom says "... Zoom will not use audio, video or
| chat Customer Content to train our artificial intelligence models
| without your consent."
|
| Customer Content is defined in 10.1 and is broadly worded. But
| the first sentence of sec. 10.2 clearly states that "Customer
| Content" does NOT include "Service Generated Data."
|
| Therein lies the rub. "Service Generated Data" = "any telemetry
| data, product usage data, diagnostic data, and similar content or
| data that Zoom collects or generates in connection with your or
| your End Users' use of the Services ...." (sec. 10.2).
|
| Zoom is allowed to use Service Generated Data for any purpose
| (sec. 10.2) because it is not "Customer Content."
|
| This "clarification" does nothing meaningful to assuage the
| serious data privacy concerns posed by Zoom's use of captured
| user video content.
| slt2021 wrote:
| are Embeddings (text-emb, visual-emb, etc) of Customer Content
| service generated data?
|
| This might be a loophole Zoom is trying to use - while they
| technically not using customer data (Zoom client not sending
| video stream to train AI), but zoom client can process data
| locally and send only embeddings (numeric vectors without ties
| to customer PII data) and it still will be customer data
| autoexec wrote:
| Zoom was proved as being dishonest and untrustworthy years ago
| (https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto...)
| but companies never cared about the privacy of the people they
| forced to use the software and all the security problems and
| leaks that followed still didn't discourage people from using it.
| I doubt their mining of personal data for AI will stop people
| from using it either.
|
| Although there are a ton of alternatives out there they are all
| "too hard" or something, so since Zoom mostly works OK most of
| the time and is dead simple to use it will continue to win out
| over everything else.
|
| My position on Zoom hasn't changed since 2020: Anyone using Zoom
| will continue to get exactly what they deserve.
| chefandy wrote:
| > they are all "too hard" or something
|
| Users vote with their feet based on cost and UX. While intertia
| is certainly a thing, there's a reason Zoom got a foothold
| while others didn't. The ability to send out links and having
| people join the meeting without creating accounts or manually
| installing clients first is _huge_ in most real-world
| scenarios. Could you do that with... Teams? Skype? Hangouts if
| they weren 't gmail users? Do those people know anyone with the
| knowledge and gumption to host something?
|
| From the beginning of my involvement in FOSS like 25 years ago,
| developers have griped about non-technical users being
| intimidated, or even just really annoyed by UX resistance that
| we consider trivial. That's the primary reasons open source
| alternatives are alternatives rather than the standard in user-
| facing software.
| ChrisMarshallNY wrote:
| Well, there's a couple of reasons that people use it:
|
| 1) Until recently, Zoom's video/audio quality knocked everyone
| else's into a cocked hat. I don't think that's the case,
| anymore. Looks like a lot of folks got off their butts, and
| improved their quality, but I haven't seen this mentioned
| anywhere, by anyone.
|
| 2) Everyone else is using it.
|
| #2 is a biggie. Monopoly inertia is pretty hard to overcome,
| for people not in the tech industry (we'll change on a whim).
|
| Zoom is not easy to use. Its settings are a mess, but everyone
| is used to dealing with the Zoom pain, and don't want to
| switch.
|
| We can be remarkably cavalier in dismissing non-tech folks, but
| I learned to stop doing that, many years ago. We're not the
| only smart people in the world.
|
| People (in general) don't like getting sidetracked by their
| tools. They want to get a job done, and how they get it done is
| not irrelevant, but not that important to them. They develop
| and refine a workflow, which is usually heavily informed by
| their choice of tools, and that "wears a groove." They don't
| want to switch grooves; even if they are not enjoying their
| tool.
|
| Most tech folks, on the other hand _love_ tools. I had an
| employee that would stop his main project, and design a massive
| subsystem, just to make a simple command-line process a few
| seconds shorter. I had to keep on my toes. He was the best
| engineer I 've ever worked with, but it was a chore to keep him
| focused.
|
| Non-tech types are seldom like that, and we can sometimes miss
| it.
|
| These are the folks that use our products, and we don't
| actually gain anything by disrespecting them, even when they
| really piss us off.
|
| TL;DR: Want people to stop using Zoom? Produce something
| better, and make it something that non-tech folks will love.
|
| That means easy to use, forget-about-it UX, and extremely high
| quality.
___________________________________________________________________
(page generated 2023-08-07 23:00 UTC)