I feel like the good faith presumption for this company has to have shifted by now. Is there any reason not to assume that the Chinese government is surveilling Zoom calls en masse? Documenting participants (face, voice, language, location, etc.), recording content, etc. We're talking about the data of 200M+ users.
I see people on HN defending Zoom all the time.
>The company has acknowledged that much of its product development has been based in China, and that some Zoom calls were accidentally routed through Chinese servers.
>The University of Toronto's Citizen Lab said it found serious concerns over Zoom's security protocols, and said the company's large workforce in China left it "responsive to pressure from Chinese authorities."
>The government of Taiwan banned official use of Zoom due to security concerns, as have New York State schools, the U.S. Senate, and the German ministry of foreign affairs.
>Zoom CEO Eric Yuan said in early June that the company has chosen not to encrypt free calls in order to cooperate with law enforcement.
>The government of Taiwan banned official use of Zoom due to security concerns, as have New York State schools, the U.S. Senate, and the German ministry of foreign affairs.
This is good enough reason to not use it.
Also I stopped using zoom and trying to avoiding it as much as possible after the very first vulnerability scandal[0] came about
The NYC Department of Education (DOE), one of the largest in the nation, banned Zoom in April but "following several weeks of collaboration with the company, [NYC DOE is] now able to offer Zoom as a safe, secure platform for use across the DOE" as per a letter Chancellor Carranza wrote on May 6th, 2020.[1]
Public school teachers tried other video conferencing solutions but, for better or for worse, Zoom's UX was always easier to use or less janky than other paid or opensource offerings at scale -- and that's saying something because Zoom's UX isn't what any of us might call super smooth.
Is there a non-Zoom client that can connect to Zoom meetings? My company implemented RingCentral about a year ago, which appears to just use a rebranded Zoom architecture for the online meeting component. They're not going to get rid of it anytime soon.
Zoom is a company I have loved so far, but a lot of this is starting to really rub me the wrong way and I really don't want to have to go find another solution.
However, without some sort of reversal, this is enough for me to deal with the mess of doing that.
I've tried Google Meet, Jitsi, and some other things, but Zoom is the only service that my 6+ year old laptop can handle for more than 5 min without nosediving into 100% CPU usage and freezing up.
Does anyone have other suggestions? Either for other services or for troubleshooting Jitsi?
After evaluating a number of solutions, we chose uberconference (no relation to uber). I really like it, especially that the conference is just a phone number.
In my workplace and from my perspective, I don't know how Zoom became trustworthy in the first place except through growth hacking and selling iPads with their software on it under the 'Zoom Rooms' name.
Besides that, why defend a company or a corporation in the first place? It's a damn shame that people are more enervated by corporate strife than by the suffering of our fellow beings.
To be fair, Zoom is the best video conference software I've ever used. It's so much better than Skype or anything created by Google, Facebook, etc. When I first started using it at work 5 years ago, I was blown away at how stable it was, and how many people could connect at the same time. It just worked.
Aw man, I didn’t know those iPads were a Zoom product. For some stupid reason I was under the illusion that my company made a home-grown Zoom meeting room solution.
If they have a workforce in China, there are 100% spies working there. Putting it another way, China would be foolish not to have spies working at Zoom, just like it would be foolish to not have spies working at Facebook, Google, Amazon, Microsoft, etc. You should assume all of those companies have been infiltrated by the major countries of the world, or they are working with them. To believe otherwise would be extremely naive.
The first time I read that Zoom is the shell (in the USA) while the majority of work is being done in China, I thought the exact same thing. That China has everyone's face 3D scanned by now (multiple photos from multiple angles), everyone's voiceprint, everyone's IP, transcripts of what was said and by who...
Now they are trying to rebuild their shattered rep, while still handing anything and everything to their patrons.
"That China has everyone's face 3D scanned by now (multiple photos from multiple angles), everyone's voiceprint, everyone's IP, transcripts of what was said and by who"
As a native Chinese, I haven't been scanned by 3D scanner. How do you get this conclusion?
Some comms you want to monitor, some you want to disrupt... And Chinese authorities like big gestures, sending messages, "we know who you are and what you do, we can get you anytime, you are not safe anywhere".
> Is there any reason not to assume that the Chinese government is surveilling Zoom calls en masse?
It makes perfect sense to boycott Zoom based on their security issues, but does the presumption of innocence mean nothing anymore? It shouldn't be difficult to prove that Zoom is actively trying to block Chinese activists.
China banned Zoom during the trade war. Are you going to treat that as evidence that Zoom isn't colluding with the CCP? Why is Zoom not embracing end-to-end encryption to free users evidence that they are beholden to China, but Zoom committing to end-to-end encryption for paid users not evidence of the contrary? This type of circumstantial cherry picking is how conspiracy theories sprout.
does the presumption of innocence mean nothing anymore
In a court of law, yes. In the court of public opinion, it has never been that way.
I don't blame people for being suspicious of Zoom. Why wait until the harm has already been done to move to something else?
Zoom knows it has a credibility problem. If Zoom really cared, it would do something to distance itself from China and the Chinese government. But it doesn't.
Don't want to sound I'm defending Zoom or CCP, but how does en masse surveillance work technically in this case? How practical it is to go over all the voice data (not manually I presume)? Text based mining and censoring is possible but there still is a huge gap and language expertise isn't cheap. I might be missing a few references but it'll be great if someone could point me to these links.
I might be wrong here, since I only have this from hearsay, and I certainly won't touch Zoom. But, wasn't the "end-to-end encryption" a term they used in a blatantly deceptive way? The two ends not being the two users, but the user A and zoom servers, and zoom servers and user B? Please do correct me if I'm misinformed.
I think Zoom is probably best used for hangouts-on-air type things, where you are literally publishing the contents of the call to the world in realtime anyway; for anything else it's off my list.
There is really no excuse for "accidentally" routing through Chinese servers for a service. To me the reasons are as shallow as Google's "error in algorithm".
Just recently YouTube "accidentally" deleted the account of a pro-democracy channel in Hong Kong with more than 600k subscribers [1]. Incidentally, this has never happened to pro-Chinese channels.
I get the vibe with anything China related. Like it takes an over abundance of facts not to be attacked. Zoom fiasco is interesting though. I don’t do anything I don’t mind be monitored on there so sort of careless for now
> Is there any reason not to assume that the Chinese government is surveilling Zoom calls en masse?
Why does this event move the needle one way or another? The group had a paid account so Zoom knows who they are, and this was a publicized event. All the Chinese government needed to know was an event they don't like was happening, with the services of a company they can exercise soft power over.
I totally agree with you, there's a very high probability that the Chinese gov is recording everything.
But is that any better than being 100 % sure that the US gov is doing it?
I mean, what is the point of "the Chinese may be listening this is horrible!" when we know for a fact that the US are listening and most probably multiple european countries.
Nowadays, you must assume that whatever you do online is recorded by multiple states and may be used against you one day.
I am more worried about dictatorships recording everything than other regimes. Does not excuse recording at all, just an appreciation of the level of risk.
You are oversimplifying the issue, in my opinion. Zoom has R&D office in China. If Chinese authorities come to Zoom with a violation of local law, Zoom has two options. First ignore the request and this means that the company is likely to be banned in China or comply with the request and get blowback in US. This issue is not unique to Zoom and each company makes its own decision. For instance, Google and Facebook fail to comply and are banned in China. But Apple does comply with Chinese laws and there are number of apps that are simply not available in China but are available in US. However, I wouldn't make a judgement that Google is good, but Apple is bad. Nor is this issue limited in China. Same thing applies to EU. EU has passed GDPR laws that all US companies have to comply with if they want to do business in EU. Again, some decided to comply with GDPR, others exited the market. Even in US this issue exists. When the government tells Google that they can't offer their services to Iran or sell to Huawei. Google chose to apply. You can try to make an argument that complying with US government orders is good, but complying with other government orders (EU, China, Brazil) is bad. This may work for you if you are an American, but the rest of the world knows about the Patriot Act, Edward Snowden and NSA. You could also make an argument that complying with any government is bad and the way PRISM is enabled by US tech is terrible. But if US companies start ignoring US laws, no matter how terrible they are, the only right thing to do is to shut the company down. It's called a rule of law. I am writing this not to say that Zoom is good or bad, but to prevent oversimplifying the issue or vilifying specific companies, countries or governments.
How on earth could a user "prove" this? Mention some secret on a call and then watch for the Chinese government to act on that secret? Give us a break. It's much safer to assume surveillance and protect oneself accordingly.
> its product development has been based in China, and that some Zoom calls were accidentally routed through Chinese servers.
Curious, did you background check every employee/contractor to make sure they are Chinese race free?
Did you do every byte of your network traffic audit to make sure they are not Chinese IP routable? How often do you update your firewall rules?
Because if you don't do either of these, if you run a successful company, someone will write an article to complain you have employed a Chinese developer and routed traffic to China.
There’s a big difference between routing an encrypted packet through China and decrypting that packet on a server located in China.
Likewise, there’s a big difference between employing a Chinese national in the US and having a large part of you engineering organization operate from within China.
> Curious, did you background check every employee/contractor to make sure they are Chinese race free?
That's immoral, illegal, and silly; effectively nobody is doing this, and if most people found out about that, they would try to put a stop to it. The PRC is a state, that state does not have a monopoly on representing any race.
This is not a Chinese people problem, it's a CCP problem. Chinese people in the ROC don't do this sort of thing.
這不是華人的問題,這是中共的問題啊。中華民國的華人不這樣做。
> Do you audit every every byte of your network traffic to make sure it is not Chinese IP routable? How often do you update your firewall rules?
Yes, I operate servers and routers that simply do not route to or from PRC IP blocks. It's often the right thing to do, given that “reputable” server operators like Baidu seem to be the source of a huge proportion of the impersonation and spam, and often zero legitimate connections. When I get DMARC reports, more than half of the reports are PRC IPs impersonating my mail host, hopefully for reflection rather than full-on impersonation.
> Zoom CEO Eric Yuan said in early June that the company has chosen not to encrypt free calls in order to cooperate with law enforcement.
This is incorrect. They don't offer end-to-end encryption, but it is encrypted between each client and the Zoom servers, and they have promised there's no way for a Zoom employee to spy on a conversation without visibly joining the meeting. https://twitter.com/alexstamos/status/1268061790954385408
> They don't offer end-to-end encryption, but it is encrypted between each client and the Zoom servers,
I think it's absurd that when talking about private messages the bar for privacy would be so low as to say that client-server encryption would be a "feature"-
> they have promised there's no way for a Zoom employee to spy on a conversation without visibly joining the meeting
That's false unless no one at zoom has logins to any of the servers that route the calls or deploy code to them. Let's be clear and specific about the terms. "no way for" and "not allowed under guidelines" have very different technical meanings.
A promise is a promise. The "no way to spy" is likely just compliance. A lot of companies have compliance guarantees in place, like SOC2, which is about processes and documentation/audit trail. So the thing blocking you from reading customer data is another person in the organization having to confirm it's a legitimate action.
Government level surveillance is not the same as an employee listening in on a whim. It's an organized endeavor, which comes with a process, so it may as well be ok from compliance point of view.
> This is incorrect. They don't offer end-to-end encryption
It's all about end-to-end encryption, so it's correct. If they decrypt it anywhere on the way then three letter agencies can always listen to what you say with a proper letter.
IMO that's not "incorrect" so much as it is "ambiguous about the type of encryption being referred to. Even the most spy-happy, malicious service could offer HTTPS encryption, so hearing "they do encrypt some stuff" doesn't address concerns about Zoom willfully monitoring customers
Neither does the second part about promising not to spy on a conversation; surrendering conversation metadata would be almost as bad from a privacy perspective.
Either it is E2E encrypted, or it is unencrypted on zoom servers and the only claim that they can reasonably make is that they haven't provided their employees with the tools to observe a call invisibly.
Encrypted = private to most people. There’s no reason to muddy the waters with the fact that Zoom encrypts some data temporarily at some time with keys that they control, because that isn’t what anyone cares about.
I've been currently using Zoom during the pandemic because as a product it's still the best (and I signed up for a discounted year of pro), but I won't give them any money again.
Tesla canceled Zoom due to these privacy concerns expressed in this article. We use Microsoft Teams now and it's much better. Everyone already used it as an instant messenger before this and since it's part of the Outlook ecosystem i've found that it's much better. It's also saved a ton of useless meetings that run really long because i can just call someone straight through Teams instead of setting a meeting.
As much as I don't like consolidation of tech, I've had really good experiences with Google Meet. No scummy practices like forcing users to pretend that the app installer doesn't download just to connect from the browser either. What are Zoom's advantages?
I haven't personally used Google Meet, but part of what drew me to Zoom:
- General preference for non-ad supported business model.
- Google Meet wasn't an option until very recently.
- I really dislike hangouts and how it leaks chat all over Gmail (among other things), and this has biased me against their other products.
- Similarly, I was a huge fan of Google Voice which was way ahead of its time and which they abandoned for years until many other multi-billion dollar companies rose up and took the space.
- I've anecdotally heard Meet had worse video/audio quality from friends.
- I tend to try and avoid Google chat products since they're usually a mess and often killed.
Of all of these, the first and last are really the only valid reasons.
Google Meet does have its own scummy practices though (adding itself to meetings without asking which confuses participants and is extremely annoying, Benedict Evans tweeted/wrote about this).
Maybe Jitsi works well enough to actually use? I already have a Matrix server, I could try getting friends to use that instead (realistically probably will be difficult).
The main reason I liked Zoom was because it was so easy to install. I've had zooms with non-technical people over 70, and not one of them needed help installing it.
The same cannot be said of Google. Heck, as a technical person I have trouble getting Google Meet to work consistently. That was Zoom's main advantage -- their ease of setup and use, and "it just works". We now know that part of the reason that is the case is because they do some very unorthodox things that are security nightmares.
Security and ease of use are always a tradeoff. Zoom has always been on the very far end towards ease of use and away from security.
My company tried to use Google Meet. With a group of around 16 people, Google Meet had all sorts of connection quality issues—people's voices cut out while talking, sounded garbled, etc.
A week later, we tried Zoom instead. We could hear everyone clearly. We've used Zoom ever since.
I had some say in the decision to continue with Zoom, and I feel kind of bad about choosing it, but it's hard to argue with the results. We had similar issues with Slack video calls (although we still use those for small groups—not my decision!), Microsoft Teams, and a product from LogMeIn called Join.Me. Unlike Zoom but like Google Meet, these products are all based on WebRTC, and I'm starting to conclude that WebRTC is just a crappy technology for large-group video calls.
We admittedly haven't tried Jitsi. Perhaps I'm part of the problem, but I don't want to be the one to suggest a random product no one has heard of. Especially when that product is also based on WebRTC.
Zoom is SO much more seamless than Meet. Its desktop clients exist, are usable, and don't force you to keep trying Chrome whenever something breaks. (I swear Google never tests their prodcuts on FF/Safari...)
Meet also has a very fixed layout. Its mic control bar on the bottom cuts off the names on the bottom row of participants. The UI on "waiting to connect" page is hilarious; it has a line of vertical dots for changing settings, and a line of horizontal dots for monitoring audio. There's a small concept in design called discoverability -- doesn't exist for Google, lol.
No idea. We're on Meet at my company, and I'm very happy with it. Works well in the browser, connects to Google calendar without any fuss, and I haven't had any issues with dropped calls or low quality.
Not being bound to the browser can be a huge advantage. I usually use at least two Zoom windows. One with a panel view of all meeting participants and a second with either a shared screen or the speaker view. In some cases I split the chat out as well. I find it super important to not only see what's being shared, but also be able to watch people's reactions.
Zoom makes it also easy to see who has noise coming from their microphone, what audio and video up and down bandwidth is looking like. Lots of little things like this that matter if you spend most of your day in remote meetings.
Wow, looks like I have been living under the rock for a little bit. The monetization strategy was not clear to me, but I though that eventually having premium accounts would make sense. The launch of Stellar was a little confusing.
You should be able to reset your account to negate all your keys and set things back up if you lost access to all previous devices.
I ended up doing this anyway in the end, after deleting everything I could before I stopped using it.
They do make you wait seven days before you can do it after you make the request.
I still have the account because I don't want to lose access to my username (didn't delete it), but it's otherwise empty and unused with fresh keys that have no history with anything.
I wonder if we'll hear the "they're a private company, they can do what they want, it is only censorship if the government does it" routine.
I remember about a decade ago when certain parties were so concerned with voices being silenced and "erasure." The same people are now cheering when Facebook, Twitter, and the like shut down certain kinds of speech, with great discretion as to how the "rules" are implemented. These parties have been quiet, so much so, over China.
They can do whatever they want as a private company. I can do whatever I want as well. Including leaving zoom. They should have the right to enforce whatever standards they want, and we have the right to disagree and leave.
I really don't understand this. I am not American so may have a different perspective, but if by being private, you are ok with censoring, then you are ok with anyone banning blacks from their businesses, or not hiring gays, or only allowing women to go up the corporate ladder if they sleep around. After all, it is their private company, so why should I care about sexual harassment, blocking people, etc as long I am not the target? Heck, lets have white-men only private schools again, let's leave those blacks/gypsies/whatever out, after all, it is a private school so it should be able to discriminate against anyone.
This is the recipe used by some agencies to avoid scrutiny: have private companies do the job for them.
Your argument’s end point looks like your freedom to only use video conferencing tools that respect your ideals. Would I do that, I’d have to leave my job and stop talking to pretty much anyone.
A counter argument to this would be to acknowledge that in actuality a free market is regulated. It has to be regulated in order to be free. That's because there are bad-actors who lie, manipulate the market, deceit the public, with no discrepancy and with complete impunity.
It's not a violation of the free speech guarantees of the constitution, which is what people are usually discussing when that line comes out. I don't think what Zoom did should be illegal. That said...
There have recently been a whole lot of apologists saying "yes their founder is from China and their developers are in China but that doesn't make them a Chinese company". Fair enough, but when that company further starts intentionally enforcing Chinese law on US customers, I have no problem calling it a Chinese company. And I will not use a Chinese company's communication product unless forced to.
I have to be internally consistent and agree that it's at Zoom's discretion as a private-sector company whether to host specific content or provide services to specific people and viewpoints, just as it is for Facebook/Twitter etc.
Two things are additional considerations that may change how this sort of action ends up for Zoom:
1. Zoom will be judged in the court of public opinion for their decision to align their moderation of access to their service with the CCP. This is likely a different degree of backlash than you'd see with, say, shutting down the accounts of US-based hate groups.
2. Zoom may come under scrutiny—without concrete evidence—for introspecting the content of communications through its platform that would otherwise be presumed to be private. This is different from Facebook/Twitter etc., for which much of the content that drives moderation decisions is public.
Zoom is not abridging anyone's constitutional right to free speech, nor would they be able to. How they are judged for their specific actions, though, is entirely at the discretion of their user base and public opinion.
>I wonder if we'll hear the "they're a private company, they can do what they want, it is only censorship if the government does it" routine.
The implication here is that they did it under pressure from the CCP, presumably because most (all?) of their programmers are from China. Blizzard got raked over the coals as well over a similar incident (search "blizzard blitzchung").
Are Zoom events like the one in the article public, such that any person who logs into Zoom can access as part of their interface, with out looking for it, the event in question?
Does the content of the event persist in a way that makes it easily sharable, with comments?
If the answer to both of these is “no,” I contend that the communications on these platforms is “private” and should be regulated by the US Government against censorship (though I have no hope that it will be). My reasoning is this:
(1) Zoom has no expectation that private communications will harm their business. In the same way Ma Bell never took responsibility for the zillions or drug deals and kidnappings that got coordinated over their system.
(2) Lack of viral potential means the possibility of inciting violence, cyber bullying, and other negative consequences of mass internet communication is diminished.
Both of these points have a correlating contention about censorship on Twitter, Facebook, etc: they (not the government) ought to censor content that has the potential for negative outcomes like those I mentioned. Is it difficult? Absolutely. Will there be disagreements? For sure. But, they can afford to figure it out, and our society can’t afford for them to not to.
NB: We need nuance and reasoning here. Falling back on first principles and calling it a day is not enough; those principles were articulated at a time where speech replication depended on industrial machines and were limited by how fast a pony could run. We’re talking the ability to beam information practically into every child’s brain 24/7 anywhere on the planet using psychological tricks to engage them.
The slippery slope is a logical fallacy. But people aren't logical entities for the most part, and the real world doesn't even vaguely resemble a philosophy classroom.
They want to dump on platforms for taking action against hate speech and instigating violence because "someone else censored political activism". It's a disgusting point of view.
Isn't the base argument is tolerance/inclusivity good, intolerance bad. (Intolerance like inciting violence, suppressing criticism, homophobia, xenophobia, bigotry, the usual.) And simply taking steps that make make the world better according to this base argument is also good?
This of course can become slippery and slope-y eventually, if a propaganda machine takes over as the tolerance authority, but I don't think that's a real problem compared to what the other problems the argument is trying to address.
This xkcd comic didn't age well: https://xkcd.com/1357/. Liberals used to cheerfully link to this whenever a conservative was deplatformed. I don't think they'll trot out this xkcd anymore when their favored people are being censored.
Nope, it's still a great illustrative comic. The people that disagree with the censorship are the ones showing Zoom the door. It's all individual choice, from Zoom and from those who agree / disagree.
I don't agree with Zoom's censorship because I don't agree with China's laws. But I'm not in China, so I have the luxury of expressing my opinion about pretty much anything. Zoom, having operations in China, chose their path. Fine with me, it just means Zoom are lower down my list. That's precisely the scenario depicted in the comic.
This has always been a really stupid comic. I like most of Randal Munroe's work, but this one has always rubbed me the wrong way.
But then again, Americans are always conflating the principe of free speech with your first amendment.
Exluding private companies from free speech discussions has no real use when they have monopolies or oligopolies, and your websites keep getting shit down because people are complaining to your ISP about content, or when payment services such as Visa and Mastercard refuse to do business with you.
Is there an objective way of distinguishing between an activist and a bigot? The CCP can just say that they consider this activist to be a bigot.
Internet platforms should never have been in the business of censorship. Unfortunately, liberals encouraged them to censor their political opponents for short term gain. The result is sad but predictable. Any speech that offends someone powerful is now subject to possible censorship.
Article has been updated with a statement from Zoom:
> Update: A Zoom spokesperson confirmed to Axios that the account had been closed "to comply with local law" and said it had now been re-activated.
> “Just like any global company, we must comply with applicable laws in the jurisdictions where we operate. When a meeting is held across different countries, the participants within those countries are required to comply with their respective local laws. We aim to limit the actions we take to those necessary to comply with local law and continuously review and improve our process on these matters. We have reactivated the US-based account.”
> — Zoom statement
> Between the lines: This suggests Zoom closed the account due to concerns in China, which forbids free discussion of the 1989 Tiananmen pro-democracy movement.
It's time for western companies to stop pretending it's possible to be economically successful in China whilst remaining true to their purported western values.
Speculation: Chinese zoom users were required to switch to Chinese version of Zoom last September. There were probably mainland users using international version + VPN to participate in the event, probably some sort of local regulation that prevents users in CN from interacting with international meets, especially on no-no subjects. From 2nd link below:
>>Intensifying international tensions and the country’s upcoming 70th anniversary are cited as reasons for the block, according to Chinese media.
To be fair, many of the participants on the call were probably in the government's employ, so they got a realtime feed. BLM activists have to watch out for the same thing: lots of FBI and big-city police CIs.
> Between the lines: This suggests Zoom closed the account due to concerns in China, which forbids free discussion of the 1989 Tiananmen pro-democracy movement.
But why close the US rather than close the Chinese accounts?
Yes, it seems like this was ultimately a bit of a nothingburger.
As much as we may not like it (and I certainly personally don't), China has the authority to censor the internet within its borders. Zoom literally has no choice but to follow China's law within China's borders, if it is to provide its product there at all.
Zoom accidentally deactivated a US-based account, and fixed it when they found out.
At worst, in this instance, they seem to simply be guilty of an administrative mistake and slow customer support.
I assume you're getting downvoted because you don't seem to take issue with censorship of free speech ultimately being a problem, and why people take stand against tyrants?
The problem is china's problem is not contained within china. CCP will force Zoom or any other companies to give the data they collect in other countries and due to market forces those companies has to comply legally or otherwise. Now do you see the problem, why china's authority to censor the internet is not an isolated issue ?
It wasn’t an accident. They prob got a stern call from the CCP and they bent over and apologised and said they would block the accounts. Not expecting it to become a news piece.
In any case seems a paid user who’s calls are encrypted are not encrypted if a china based person joins the call. Making zoom a monitoring tool.
The U.S. government has no business telling Zoom what it must or must not host. But it can prohibit federal procurement of Zoom, prohibit contractors from using Zoom in connection with government work, keep a close eye on Zoom and its employees as potential intelligence threats, and prohibit Zoom from accessing federal benefits.
It should require pre-emptive disclosure by of foreign ownership, control and influence; as well as public disclosure of government censorship requests and fulfillments by publicly-traded companies.
I'd just like to see more evidence and information before making judgment here.
There's no response from Zoom whatsoever, which is odd. Could this have been other users maliciously reporting the account as abuse, and it was closed automatically? Or something else similar?
Or if China is putting pressure on Zoom, then how exactly?
If Zoom, an American company, really did intentionally close the account of someone living in the US, because the Chinese government asked them to for political reasons, that does sound outrageous.
But it's so outrageous that I actually have a hard time believing it's true. It feels like business suicide. I want to hear Zoom's side here first -- which I expect we will soon, since this story broke only 2 hours ago.
My guess is that they were under pressure to close all the accounts in the meeting, backpedaled after the article, and reenabled the non-Chinese ones. Honestly, if they just did this to begin with, it'd be understandable? They just fucked up and blocked the non-China accounts too, triggering the China Watchers of which this reporter is a prime member of.
I ultimately see companies adopting the TikTok model, where Chinese users basically get their own sandboxed app and company structure subject to Chinese law that nobody else can communicate with.
And arguably as a society standing up for democracy and free speech should begin to not use any such platforms who sandbox to support these bad actor governments.
>If Zoom, an American company, really did intentionally close the account of someone living in the US, because the Chinese government asked them to for political reasons, that does sound outrageous.
That link (the one in your other comment works) doesn't really say anything the article doesn't already.
All it says is that the account was shut down a week after the event, and that "it seems possible ZOOM acted on pressure from the CCP to shut down our account".
That appears to be pure conjecture however, which is why I want to hear Zoom's side. Nobody's disputing the account was blocked, but there's zero information on why.
How is that outrageous? US companies cow tow to CCP all the time, e.g. the NBA. If you're trying not to get blacklisted by the world's second largest market then it makes plenty of sense.
I don't think this compares directly to the now-commonplace kowtowing that you are referring to. That would be more akin to Zoom, for example, retracting and apologizing for some public statement that it made in recognition of the Tiananmen Square protests.
Instead, this is a US-based communications platform, barring its US-based users from discussing something that is offensive to a foreign regime, and doing so outside of any official rules that they have made public.
Now, of course, you are correct, this has nothing to do with any kind of deeply held values. It is merely about money. I don't think that makes it better.
Is anyone here boycotting use of Zoom? I have a few clients that ask me to use it and I'm trying to think up a good response as to why I don't have it installed. For those of you that have rejected it on principle, what are you all saying?
I will not use it. Have used it once with some friends when it seemed churlish not to, but have refused to and suggested using Jitsi Meet since then with others including at work.
Work insists on Microsoft Teams now. Oh well. At least I am only probably being spied on by the "good guys" now, right?
Not just Zoom; China has effective means to pressure.
> In 2019, LinkedIn blocked Zhou's account from being visible in China, telling him in a message it was because of "specific content on your profile." LinkedIn restored his account after media attention.
But what this means is that someone from Chinese government gives a call to to MS or LinkedIn management and ask for these things, suggesting that any other option would result in less purchases of their office licenses and etc.
Readit News
I see people on HN defending Zoom all the time.
>The company has acknowledged that much of its product development has been based in China, and that some Zoom calls were accidentally routed through Chinese servers.
>The University of Toronto's Citizen Lab said it found serious concerns over Zoom's security protocols, and said the company's large workforce in China left it "responsive to pressure from Chinese authorities."
>The government of Taiwan banned official use of Zoom due to security concerns, as have New York State schools, the U.S. Senate, and the German ministry of foreign affairs.
>Zoom CEO Eric Yuan said in early June that the company has chosen not to encrypt free calls in order to cooperate with law enforcement.
This is good enough reason to not use it.
Also I stopped using zoom and trying to avoiding it as much as possible after the very first vulnerability scandal[0] came about
[0] https://medium.com/bugbountywriteup/zoom-zero-day-4-million-...
The NYC Department of Education (DOE), one of the largest in the nation, banned Zoom in April but "following several weeks of collaboration with the company, [NYC DOE is] now able to offer Zoom as a safe, secure platform for use across the DOE" as per a letter Chancellor Carranza wrote on May 6th, 2020.[1]
Public school teachers tried other video conferencing solutions but, for better or for worse, Zoom's UX was always easier to use or less janky than other paid or opensource offerings at scale -- and that's saying something because Zoom's UX isn't what any of us might call super smooth.
[1] https://connectdocs.blackboard.com/xythoswfs/webui/_xy-13091...
However, without some sort of reversal, this is enough for me to deal with the mess of doing that.
Does anyone have other suggestions? Either for other services or for troubleshooting Jitsi?
Have you tried Jitsi?
Do you love the company, its leadership, its product, or its pricing?
Besides that, why defend a company or a corporation in the first place? It's a damn shame that people are more enervated by corporate strife than by the suffering of our fellow beings.
The first time I read that Zoom is the shell (in the USA) while the majority of work is being done in China, I thought the exact same thing. That China has everyone's face 3D scanned by now (multiple photos from multiple angles), everyone's voiceprint, everyone's IP, transcripts of what was said and by who...
Now they are trying to rebuild their shattered rep, while still handing anything and everything to their patrons.
Always assume your calls on the public internet are being surveilled by all parties, no matter which service you're using.
But beside that... if they were surveilling them... why would they close them? Why would you shut down your intelligence source?
When you place faith in a dictator, like the CCP, this is always the result:
https://en.wikipedia.org/wiki/Useful_idiot
It makes perfect sense to boycott Zoom based on their security issues, but does the presumption of innocence mean nothing anymore? It shouldn't be difficult to prove that Zoom is actively trying to block Chinese activists.
China banned Zoom during the trade war. Are you going to treat that as evidence that Zoom isn't colluding with the CCP? Why is Zoom not embracing end-to-end encryption to free users evidence that they are beholden to China, but Zoom committing to end-to-end encryption for paid users not evidence of the contrary? This type of circumstantial cherry picking is how conspiracy theories sprout.
I can’t think of any major platforms that got banned and reinstated with zero changes. I’m treating that as evidence that they are colluding.
In a court of law, yes. In the court of public opinion, it has never been that way.
I don't blame people for being suspicious of Zoom. Why wait until the harm has already been done to move to something else?
Zoom knows it has a credibility problem. If Zoom really cared, it would do something to distance itself from China and the Chinese government. But it doesn't.
Edit: I checked. They've got you fooled.
Just recently YouTube "accidentally" deleted the account of a pro-democracy channel in Hong Kong with more than 600k subscribers [1]. Incidentally, this has never happened to pro-Chinese channels.
[1] (only sources in Chinese are available) - https://inews.hket.com/article/2664703/%E3%80%90YouTube%E5%B...
I get the vibe with anything China related. Like it takes an over abundance of facts not to be attacked. Zoom fiasco is interesting though. I don’t do anything I don’t mind be monitored on there so sort of careless for now
Why does this event move the needle one way or another? The group had a paid account so Zoom knows who they are, and this was a publicized event. All the Chinese government needed to know was an event they don't like was happening, with the services of a company they can exercise soft power over.
But is that any better than being 100 % sure that the US gov is doing it?
I mean, what is the point of "the Chinese may be listening this is horrible!" when we know for a fact that the US are listening and most probably multiple european countries.
Nowadays, you must assume that whatever you do online is recorded by multiple states and may be used against you one day.
Would it be technically feasible to record everything?
Deleted Comment
Dead Comment
Dead Comment
Dead Comment
The burden of proof lies on you to prove they are.
> its product development has been based in China, and that some Zoom calls were accidentally routed through Chinese servers.
Curious, did you background check every employee/contractor to make sure they are Chinese race free?
Did you do every byte of your network traffic audit to make sure they are not Chinese IP routable? How often do you update your firewall rules?
Because if you don't do either of these, if you run a successful company, someone will write an article to complain you have employed a Chinese developer and routed traffic to China.
Likewise, there’s a big difference between employing a Chinese national in the US and having a large part of you engineering organization operate from within China.
That's immoral, illegal, and silly; effectively nobody is doing this, and if most people found out about that, they would try to put a stop to it. The PRC is a state, that state does not have a monopoly on representing any race.
This is not a Chinese people problem, it's a CCP problem. Chinese people in the ROC don't do this sort of thing. 這不是華人的問題,這是中共的問題啊。中華民國的華人不這樣做。
> Do you audit every every byte of your network traffic to make sure it is not Chinese IP routable? How often do you update your firewall rules?
Yes, I operate servers and routers that simply do not route to or from PRC IP blocks. It's often the right thing to do, given that “reputable” server operators like Baidu seem to be the source of a huge proportion of the impersonation and spam, and often zero legitimate connections. When I get DMARC reports, more than half of the reports are PRC IPs impersonating my mail host, hopefully for reflection rather than full-on impersonation.
This is incorrect. They don't offer end-to-end encryption, but it is encrypted between each client and the Zoom servers, and they have promised there's no way for a Zoom employee to spy on a conversation without visibly joining the meeting. https://twitter.com/alexstamos/status/1268061790954385408
I think it's absurd that when talking about private messages the bar for privacy would be so low as to say that client-server encryption would be a "feature"-
> they have promised there's no way for a Zoom employee to spy on a conversation without visibly joining the meeting
That's false unless no one at zoom has logins to any of the servers that route the calls or deploy code to them. Let's be clear and specific about the terms. "no way for" and "not allowed under guidelines" have very different technical meanings.
Government level surveillance is not the same as an employee listening in on a whim. It's an organized endeavor, which comes with a process, so it may as well be ok from compliance point of view.
It's all about end-to-end encryption, so it's correct. If they decrypt it anywhere on the way then three letter agencies can always listen to what you say with a proper letter.
> and they have promised
Are you serious?
Neither does the second part about promising not to spy on a conversation; surrendering conversation metadata would be almost as bad from a privacy perspective.
I've been currently using Zoom during the pandemic because as a product it's still the best (and I signed up for a discounted year of pro), but I won't give them any money again.
Dead Comment
- General preference for non-ad supported business model.
- Google Meet wasn't an option until very recently.
- I really dislike hangouts and how it leaks chat all over Gmail (among other things), and this has biased me against their other products.
- Similarly, I was a huge fan of Google Voice which was way ahead of its time and which they abandoned for years until many other multi-billion dollar companies rose up and took the space.
- I've anecdotally heard Meet had worse video/audio quality from friends.
- I tend to try and avoid Google chat products since they're usually a mess and often killed.
Of all of these, the first and last are really the only valid reasons.
Google Meet does have its own scummy practices though (adding itself to meetings without asking which confuses participants and is extremely annoying, Benedict Evans tweeted/wrote about this).
Maybe Jitsi works well enough to actually use? I already have a Matrix server, I could try getting friends to use that instead (realistically probably will be difficult).
The same cannot be said of Google. Heck, as a technical person I have trouble getting Google Meet to work consistently. That was Zoom's main advantage -- their ease of setup and use, and "it just works". We now know that part of the reason that is the case is because they do some very unorthodox things that are security nightmares.
Security and ease of use are always a tradeoff. Zoom has always been on the very far end towards ease of use and away from security.
A week later, we tried Zoom instead. We could hear everyone clearly. We've used Zoom ever since.
I had some say in the decision to continue with Zoom, and I feel kind of bad about choosing it, but it's hard to argue with the results. We had similar issues with Slack video calls (although we still use those for small groups—not my decision!), Microsoft Teams, and a product from LogMeIn called Join.Me. Unlike Zoom but like Google Meet, these products are all based on WebRTC, and I'm starting to conclude that WebRTC is just a crappy technology for large-group video calls.
We admittedly haven't tried Jitsi. Perhaps I'm part of the problem, but I don't want to be the one to suggest a random product no one has heard of. Especially when that product is also based on WebRTC.
Meet also has a very fixed layout. Its mic control bar on the bottom cuts off the names on the bottom row of participants. The UI on "waiting to connect" page is hilarious; it has a line of vertical dots for changing settings, and a line of horizontal dots for monitoring audio. There's a small concept in design called discoverability -- doesn't exist for Google, lol.
Zoom makes it also easy to see who has noise coming from their microphone, what audio and video up and down bandwidth is looking like. Lots of little things like this that matter if you spend most of your day in remote meetings.
Google seems like at best lateral step regarding moral computing.
Granted, I haven't used it in a while because they put me in a position where recovering my account is impossible.
I ended up doing this anyway in the end, after deleting everything I could before I stopped using it.
They do make you wait seven days before you can do it after you make the request.
I still have the account because I don't want to lose access to my username (didn't delete it), but it's otherwise empty and unused with fresh keys that have no history with anything.
If by 'recovering' you mean recover after a lost key, then I'd regard that as a feature not a bug!
Am looking for a keybase alternative now.
Deleted Comment
I remember about a decade ago when certain parties were so concerned with voices being silenced and "erasure." The same people are now cheering when Facebook, Twitter, and the like shut down certain kinds of speech, with great discretion as to how the "rules" are implemented. These parties have been quiet, so much so, over China.
Down we slide along the slippery slope!
Your argument’s end point looks like your freedom to only use video conferencing tools that respect your ideals. Would I do that, I’d have to leave my job and stop talking to pretty much anyone.
There have recently been a whole lot of apologists saying "yes their founder is from China and their developers are in China but that doesn't make them a Chinese company". Fair enough, but when that company further starts intentionally enforcing Chinese law on US customers, I have no problem calling it a Chinese company. And I will not use a Chinese company's communication product unless forced to.
Two things are additional considerations that may change how this sort of action ends up for Zoom:
1. Zoom will be judged in the court of public opinion for their decision to align their moderation of access to their service with the CCP. This is likely a different degree of backlash than you'd see with, say, shutting down the accounts of US-based hate groups.
2. Zoom may come under scrutiny—without concrete evidence—for introspecting the content of communications through its platform that would otherwise be presumed to be private. This is different from Facebook/Twitter etc., for which much of the content that drives moderation decisions is public.
Zoom is not abridging anyone's constitutional right to free speech, nor would they be able to. How they are judged for their specific actions, though, is entirely at the discretion of their user base and public opinion.
The implication here is that they did it under pressure from the CCP, presumably because most (all?) of their programmers are from China. Blizzard got raked over the coals as well over a similar incident (search "blizzard blitzchung").
How do you know they are the same people?
Does the content of the event persist in a way that makes it easily sharable, with comments?
If the answer to both of these is “no,” I contend that the communications on these platforms is “private” and should be regulated by the US Government against censorship (though I have no hope that it will be). My reasoning is this:
(1) Zoom has no expectation that private communications will harm their business. In the same way Ma Bell never took responsibility for the zillions or drug deals and kidnappings that got coordinated over their system.
(2) Lack of viral potential means the possibility of inciting violence, cyber bullying, and other negative consequences of mass internet communication is diminished.
Both of these points have a correlating contention about censorship on Twitter, Facebook, etc: they (not the government) ought to censor content that has the potential for negative outcomes like those I mentioned. Is it difficult? Absolutely. Will there be disagreements? For sure. But, they can afford to figure it out, and our society can’t afford for them to not to.
NB: We need nuance and reasoning here. Falling back on first principles and calling it a day is not enough; those principles were articulated at a time where speech replication depended on industrial machines and were limited by how fast a pony could run. We’re talking the ability to beam information practically into every child’s brain 24/7 anywhere on the planet using psychological tricks to engage them.
im not aware of twitter et al banning any reasonable political activism.
Perhaps that applies, perhaps it doesn't. Did they remove the account due to pressure from the CCP?
This of course can become slippery and slope-y eventually, if a propaganda machine takes over as the tolerance authority, but I don't think that's a real problem compared to what the other problems the argument is trying to address.
Or if a government forces a private company to do it.
I don't agree with Zoom's censorship because I don't agree with China's laws. But I'm not in China, so I have the luxury of expressing my opinion about pretty much anything. Zoom, having operations in China, chose their path. Fine with me, it just means Zoom are lower down my list. That's precisely the scenario depicted in the comic.
But then again, Americans are always conflating the principe of free speech with your first amendment.
Exluding private companies from free speech discussions has no real use when they have monopolies or oligopolies, and your websites keep getting shit down because people are complaining to your ISP about content, or when payment services such as Visa and Mastercard refuse to do business with you.
Internet platforms should never have been in the business of censorship. Unfortunately, liberals encouraged them to censor their political opponents for short term gain. The result is sad but predictable. Any speech that offends someone powerful is now subject to possible censorship.
> Update: A Zoom spokesperson confirmed to Axios that the account had been closed "to comply with local law" and said it had now been re-activated.
> “Just like any global company, we must comply with applicable laws in the jurisdictions where we operate. When a meeting is held across different countries, the participants within those countries are required to comply with their respective local laws. We aim to limit the actions we take to those necessary to comply with local law and continuously review and improve our process on these matters. We have reactivated the US-based account.”
> — Zoom statement
> Between the lines: This suggests Zoom closed the account due to concerns in China, which forbids free discussion of the 1989 Tiananmen pro-democracy movement.
The issue is of course that none of the big corporates give a rat's ass about any these "western values".
>>Intensifying international tensions and the country’s upcoming 70th anniversary are cited as reasons for the block, according to Chinese media.
Some old articles:
Zoom suspends Chinese individuals users from hosting meetings due to ‘regulatory demand’ https://technode.com/2020/05/15/zoom-suspends-chinese-indivi...
China’s Zoom users switch to local version after blockage https://technode.com/2019/09/19/chinas-zoom-users-switch-to-...
China blocks US video-conferencing tool Zoom https://technode.com/2019/09/09/china-blocks-us-video-confer...
But why close the US rather than close the Chinese accounts?
As much as we may not like it (and I certainly personally don't), China has the authority to censor the internet within its borders. Zoom literally has no choice but to follow China's law within China's borders, if it is to provide its product there at all.
Zoom accidentally deactivated a US-based account, and fixed it when they found out.
At worst, in this instance, they seem to simply be guilty of an administrative mistake and slow customer support.
In any case seems a paid user who’s calls are encrypted are not encrypted if a china based person joins the call. Making zoom a monitoring tool.
The U.S. government has no business telling Zoom what it must or must not host. But it can prohibit federal procurement of Zoom, prohibit contractors from using Zoom in connection with government work, keep a close eye on Zoom and its employees as potential intelligence threats, and prohibit Zoom from accessing federal benefits.
It should require pre-emptive disclosure by of foreign ownership, control and influence; as well as public disclosure of government censorship requests and fulfillments by publicly-traded companies.
There's no response from Zoom whatsoever, which is odd. Could this have been other users maliciously reporting the account as abuse, and it was closed automatically? Or something else similar?
Or if China is putting pressure on Zoom, then how exactly?
If Zoom, an American company, really did intentionally close the account of someone living in the US, because the Chinese government asked them to for political reasons, that does sound outrageous.
But it's so outrageous that I actually have a hard time believing it's true. It feels like business suicide. I want to hear Zoom's side here first -- which I expect we will soon, since this story broke only 2 hours ago.
My guess is that they were under pressure to close all the accounts in the meeting, backpedaled after the article, and reenabled the non-Chinese ones. Honestly, if they just did this to begin with, it'd be understandable? They just fucked up and blocked the non-China accounts too, triggering the China Watchers of which this reporter is a prime member of.
I ultimately see companies adopting the TikTok model, where Chinese users basically get their own sandboxed app and company structure subject to Chinese law that nobody else can communicate with.
Most of their devs are from china.
https://www.cnbc.com/2019/03/26/zoom-key-profit-driver-ahead...
>Zoom disclosed in its IPO prospectus last week that most of its product development personnel are based in China
Presumably they don't want to lose their pool of cheap programmers.
https://docs.google.com/document/d/12DM3ccTe70yzqCDPu9uXlCD7....
All it says is that the account was shut down a week after the event, and that "it seems possible ZOOM acted on pressure from the CCP to shut down our account".
That appears to be pure conjecture however, which is why I want to hear Zoom's side. Nobody's disputing the account was blocked, but there's zero information on why.
Deleted Comment
Instead, this is a US-based communications platform, barring its US-based users from discussing something that is offensive to a foreign regime, and doing so outside of any official rules that they have made public.
Now, of course, you are correct, this has nothing to do with any kind of deeply held values. It is merely about money. I don't think that makes it better.
Deleted Comment
Work insists on Microsoft Teams now. Oh well. At least I am only probably being spied on by the "good guys" now, right?
If it's a client I have a comfortable relationship with, I'll tell them honestly why I won't use it.
If not, I tell them "I can never get Zoom to work on my computer" or something similar, and provide an alternative.
Zoom banned from New York City schools due to privacy and security flaws https://www.fastcompany.com/90486586/zoom-banned-from-new-yo...
Google Told Its Workers That They Can’t Use Zoom On Their Laptops Anymore https://www.buzzfeednews.com/article/pranavdixit/google-bans...
Elon Musk's SpaceX bans Zoom over privacy concerns https://www.reuters.com/article/us-spacex-zoom-video-commn/e...
Beware of ‘ZoomBombing:’ screensharing filth to video calls https://techcrunch.com/2020/03/17/zoombombing/
Zoom needs to clean up its privacy act https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom security issues: Here's everything that's gone wrong (so far https://www.tomsguide.com/news/zoom-security-privacy-woes
Mass move to work from home in coronavirus crisis creates opening for hackers: cyber experts https://www.reuters.com/article/us-health-coronavirus-cyber/...
Security and Privacy Implications of Zoom https://www.schneier.com/blog/archives/2020/04/security_and_...
‘Zoom is malware’: why experts worry about the video conferencing platform https://www.theguardian.com/technology/2020/apr/02/zoom-tech...
Ex-NSA hacker drops new zero-day doom for Zoom https://finance.yahoo.com/news/ex-nsa-hacker-drops-zero-1400...
Maybe we shouldn’t use Zoom after all https://techcrunch.com/2020/03/31/zoom-at-your-own-risk/
Attackers can use Zoom to steal users’ Windows credentials with no warning https://arstechnica.com/information-technology/2020/04/unpat...
The Zoom Privacy Backlash Is Only Getting Started https://www.wired.com/story/zoom-backlash-zero-days/
Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 https://www.vice.com/en_us/article/qjdqgv/hackers-selling-cr...
Researchers found and bought more than 500,000 Zoom passwords on the dark web for less than a cent each https://www.businessinsider.com/500000-zoom-accounts-sale-da...
https://foundation.mozilla.org/en/privacynotincluded/categor...
> In 2019, LinkedIn blocked Zhou's account from being visible in China, telling him in a message it was because of "specific content on your profile." LinkedIn restored his account after media attention.