zlacker

The TOS has been updated to state the following:

> Notwithstanding the above, Zoom will not use audio, video or chat Customer Content to train our artificial intelligence models without your consent.

>>mplewi+(OP)
Apparently the TOS can be edited at any time to say anything without notice.

It’s worth mentioning that per this agreement they can still do almost anything else with that data. They could put your face up on a billboard if they wanted to.

I’m out. I was a paying user. Can’t run fast enough from ever doing business with them again.

>>mplewi+(OP)
> without your consent.

†but we'll prompt you an overly long privacy policy including such consent whose acceptation is just a checkbox you tick the first time your join a call without even paying attention (nor choice)

>>dr_mon+O5
How about analyze all the meetings from company x in order to insider trade or perform some other kind of corporate sabatoge.

>>mplewi+(OP)
"...will not use...to train..." (emphasis mine)

They'll do inference all day long, but not train without consent. Only being slightly paranoid here, but they could still analyze all of the audio for nefarious reasons (insider trading, identifying monetizable medical information from doctor's on Zoom, etc). Think of the marketing data they could generate for B2B products because they get to "listen" and "watch" every single meeting at a huge swath of companies. They'll know whether people gripe more about Jira than Asana or Azure Devops, and what they complain about.

>>mplewi+(OP)
That still allows them to broadcast your meeting in a feature film of their choice. No, this is insane. The only reasonable option here is (1) end-to-end encryption or (2) ephemeral storage purely for the provision of the service.

>>dr_mon+O5
Which provider will you be moving to, and have you checked that their ToS are more acceptable?

>>gnfarg+sg
This is the question! Is there anything anyone would recommend on security grounds?

Enterprise may resonate with something with Signal level e2ee.

Has anyone tried Element IO, as an example, in a commercial setting?

Asking for a friend.

>>dr_mon+O5
Per the agreement using the service can probably be considered consent. Ie “we won’t use your data without your consent” translates to legal code “if you accept the TOS which you do if you use the app, then you’ve given consent”

>>little+77
This seems to be a pretty big thing. Zoom seems to have been adopted by a lot of government processes.

How does this apply for court hearings, council meetings, etc…

>>dghlsa+ol
ZoomGov likely has a different ToS

>>pseudo+ad
This is really important, and I would further emphasize the word our. Zoom doesn't need permission to "train" their own in-house artificial intelligence model when it can just transmit/sublicense that data to someone else who will train a model, or to an internal team who will use it (perhaps in few-shot prompts at scale, which is not technically training a model!) for "consulting services" in the broadest sense that that team can imagine.

I generally feel like the general slowdown of capital availability in our industry will lead/is leading to companies doing a lot more desperate things with data than they've ever done before. If a management team doesn't think they'll survive a bad couple of quarters (or that they won't hit performance cliffs that let them keep their jobs or bonuses), all of a sudden there's less weight placed on the long-term trust of customers and more on "what can we do that is permissible by our contract language, even if we lose some customers because of it." That's the moment when a slippery ethical slope comes into play for previously trustworthy companies. So any expansion of a TOS in today's age should be evaluated closely.

>>mplewi+(OP)
A very powerful example of the difference between the words “will” and “shall.”

Hats off to zoom for the free contract drafting lesson!

[edit: thanks to HN commenter lolinder for the actual lesson].

>>single+Yr
> You can use "will" to create a promise--a contractual obligation. See Bryan A. Garner, A Dictionary of Modern Legal Usage 941-942 (2d ed., Oxford U. Press 1995). When used in this way, "will" is not merely stating a future event, it is creating a promise to perform:

> > Landlord will clean and maintain all common areas.

> In most basic contracts, I recommend using "will" to create obligations, as long as you are careful to be sure any given usage can't be read as merely describing future events. I'm generally against "shall" because it is harder to use correctly and it is archaic.

https://law.utexas.edu/faculty/wschiess/legalwriting/2005/05...

>>Simorg+3j
>>37021910

>>gnfarg+sg
jitsi

https://meet.jit.si/

>>dr_mon+O5
> Apparently the TOS can be edited at any time to say anything without notice.

Yes, as with most terms of service. It's one of the things that makes terms of service statements unreliable.

>>btown+gq
> If a management team doesn't think they'll survive a bad couple of quarters (or that they won't hit performance cliffs that let them keep their jobs or bonuses)

Agreed, and these kinds of short-term incentives are one of the problems with American companies. On the flip side...

Japanese companies think about products in decades -- the product line has to make money 10 years from now.

Some old European brands think about their brand in centuries -- this product made today has to be made with a process and materials that will make people in 100 years think that we made our products at the highest quality that was available to us at the time.

>>lolind+Wu
So, I get that you’re downvoting and contradicting, but are you sure we don’t agree? Let’s put it this way: I was observing precisely what you copied and pasted: this is a perfectly valid way to write a contract if you subsequently want to be able to argue either side.

Was zoom careful to be sure any usage can’t be read as merely describing future events? Will ambiguity exist until this agreement is tested ?

>>single+Sx
Given that they use "Zoom will" 21 times in the document to clearly refer to their obligations—including 4 times in the paragraph entitled "10.5 Our Obligations Over Your Customer Content"—I seriously doubt they're counting on or will get points for any ambiguity.

Meanwhile not once do they use "Zoom shall". It's pretty clearly just a stylistic choice and not anything sneaky.

Edit: They even use "will" in the all-important phrase "you will pay Zoom". Surely you don't think they meant to be sneaky in that usage, and that is merely meant as a prediction of future events?

>>gnfarg+sg
If you don't need the "advanced" zoom features, I can highly recommend Jitsi. Free public service and you can self-host if you need it. We have been running a fully remote company with 90% of meetings via Jitsi since COVID with great success. I recommend Chrome over Firefox though, as FF's WebRTC support is behind Google's.

>>dr_mon+O5
Unfortunately it's like Gmail. Even if I'm not using them, enough other places do that it's not feasible to totally avoid them without adding complications to my life. Those complications might be worth it to you, but eg my therapist's office uses Zoom for the backend of their app. You'd never know it unless you're the kind of person to dig into that.

>>bonest+wx
Got any data to back this up or are you just spouting racist tropes?

>>lolind+lA
I stand corrected. I suppose reading the contract instead of snarking might have allowed me to avoid the embarrassment. Thank you.

>>single+uG
Thanks for responding graciously!

>>callal+mD
Making generalized claims about companies is racist now? I must've missed the memo.

I guess it makes sense. Companies are people, after all

>>sleepy+39
> or perform some other kind of corporate sabatoge.

Webex seems to be the "corporate" video conference service, when secrets are a concern, from my experience.

>>lolind+WH
When in Rome; you as well.

>>pseudo+ad
But don’t overlook how easy it is for them to bury obtaining consent in a 40 page agreement. It almost makes the things you highlighted moot.

>>mplewi+(OP)
Does that mean they could sell the data and let someone else train their AI model without consent?

>>bonest+wx
This is overly broad generalization that does not hold up to scrutiny.

Konami vs Kojima and any of the DieselGate companies come to mind.

>>JohnFe+Bw
This is not true. At least in the US you are required to notify customers when you change the terms of service, and as far as I know in the EU as well.

>>aftbit+RA
Doesn’t using a Google product taint the solution, if privacy is a major concern? Also, WebRTC leaks ip addresses when using a VPN.

What is the secure way to video conference? Webex? FaceTime offers end to end encryption, but can not easily share non-mac os screens.

Articles like this sure make me like Apple sometimes

https://9to5mac.com/2023/07/20/apple-imessage-facetime-remov...

>>hobo_i+zL
They're not making claims about companies, they're making claims about cultures (American, European, Japanese).

>>nwoli+lk
That argument wouldn't fly in a court of law in the EU/UK, but many many companies try it on anyway.

>>gnfarg+sg
Most "free markets" in the US -- certainly all that matter -- are dominated by 2 or 3 players, and when they all agree to do the same sorts of anti-consumer things, there's nowhere to go. Even if Teams or some other small player has better ToS now, who's to say they won't do the same thing tomorrow? Or do it anyway, without telling anyone?

>>mplewi+(OP)
Interesting that they limited the clause to only audio, video and chat. Looking at their definition of Customer Content it means that they can use, for example, documents you shared, transcripts, a very nebulous ‘outputs’ and visual displays.

So they can create a transcript of the conversation and train with it. Or train on any document you may have shared during a Zoom meeting.

I woukd have preferred the exception - if that was the intent - to enumerate the components of the Customer Content that they want to use for training.

10.1 Customer Content. You or your End Users may provide, upload, or originate data, content, files, documents, or other materials (collectively, “Customer Input”) in accessing or using the Services or Software, and Zoom may provide, create, or make available to you, in its sole discretion or as part of the Services, certain derivatives, transcripts, analytics, outputs, visual displays, or data sets resulting from the Customer Input (together with Customer Input, “Customer Content”);

>>aftbit+RA
Jitsi but using Chrome doesn't fix anything privacy-wise.

>>mplewi+(OP)
It's gone. They removed this part.

https://www.diffchecker.com/RLiqgAaA/

>>dr_mon+O5
Edit: they added the line back again -_-

They just made another edit and removed the line.

Here's the edit history going all the way back to March:

- 4/1 https://www.diffchecker.com/dCuVSMnp/

- 7/1 https://www.diffchecker.com/Zny4Rjqw/

- 8/7 https://www.diffchecker.com/ER0RHSdb/

- 8/8 https://www.diffchecker.com/RLiqgAaA/

>>espere+cB1
I'm well aware of the US court ruling in the early 2000s that declared the users must be notified of ToS changes. And yet, companies frequently change ToS without providing such notification in a way that customers will actually notice anyway, so it doesn't seem to matter much.

>>nabaki+IH2
Aaaand now it's back

>>tremon+oW1
No.

> American companies.

> Japanese companies

> Some old European brands

Unless the parent comment was edited, of course.

>>dolmen+XD2
Well for me it does, at least to some extent, as I use Chromium built by Arch Linux and run a new clean profile for each call. I highly doubt Google is collecting my actual data (not metadata), like AV streams or even web history, in this configuration.

>>cudgy+5G1
Yeah, though I don't really understand your privacy/security model. If you are worried about being targeted directly by Google or some three letter agency, you certainly should not use any of this technology. Instead, you need to go back to the basics, to something running on a physically segregated network, with a much smaller attack surface area. If you are just worried about being dragnet tracked, you are way better off with Jitsi than Zoom even if you end up using Chromium to connect to the session.