Good luck to all those that have been trying to convince people to get off Zoom at $WORK (it's not that simple...). This should add some fuel to the fire.
Does Jitsi (or other) have all the group working features ? Separate a group into many smaller group still under the same call, split and join them at leisure, share screen back and forth, ... ?
Jitsi's free SaaS is a great resource to have available but it's not really viable for many many (most?) use-cases. Apart from general stability issues (which is in fairness are always improving) the biggest blocker is the "Video turned off to save bandwidth" message that you will inevitably receive on any call with more than 2 members. This doesn't seem in my experience to just be something that occurs occasionally due to load - it's very consistent. Nor is there any option to override it (e.g. a call with 5 participants where 4 have turned off video will still experience this on the 5th participant - video can't be re-enabled once you see this).
If this were a limitation of a free plan, with a paid option offering higher bandwidth, that would be cool, but the only paid options they offer are app integrations starting at $100/mo for 300 users.
> the biggest blocker is the "Video turned off to save bandwidth" message that you will inevitably receive on any call with more than 2 members.
It's not inevitable. I use Jitsi every week for a 3+ hour meeting and I haven't seen that error in more than a year.
I don't remember if I ever tracked down what was causing it, but it may have been high latency or low bandwidth on my end (which I resolved about a year ago).
With the maturing of WebRTC and related technologies, shouldn't it be dead simple by now to create an online video conferencing application that runs completely in the browser?
With more than two participants, real-time peer to peer video needs a lot more bandwidth on your local internet connection, compared with a hub. That's because you need to send your AV stream to all the other participants in separate streams, instead of one stream to the hub. Same for what you receive, as the hub sends you a composite of the current speaker and thumbnail videos of everyone else.
Most people don't have a network at home that can handle, say, sending 50 copies of your AV stream when you're speaking to 50 other participants. With that many, even audio-only is a challenge.
There are some clever p2p relay mechanisms you could use in theory to bring the bandwidth down to not grow as much with number of participants (but still a constant factor more than the hub method), but they would add significant latency. For example your AV is sent to one peer, they send it to the next peer, and so on in a chain or tree. This works well for non-real-time AV like p2p distribution of movies, but not real-time meetings.
If multicast IP worked over the internet at large that would help but it doesn't work. Even if it did it wouldn't be enough for the full-vs-thumbnails continuous renegotiation needed to keep download bandwidth steady, nor could it do per-user quality-vs-rate adaptation.
I'm using both and they are very similar. The free jitsi service shouldn't be really used in a comparison as self hosted works miles better (at least in my experience).
Make no mistake, zoom will prevail in court or any legal proceedings that may come up around this for at least a few years if not indefinitely.
It would take an act of literally Congress or a court ruling that they can’t do this.
So, the only way to get into court and win on this is to have zoom “injure” someone (hard to prove), then that injured person has to have enough money to pay a law firm for lengthy trials with zoom including, to be sure, multiple higher court appeals.
Bottom line, for zoom to be prevented from doing any of this it’s going to cost probably in the millions of dollars of legal fees and fairly significant numbers of people who were injured by this before anything could start to happen to make something like this not possible.
It seems that Zoom expects you not to use IP material on Zoom and if you do, you are the one to blame. Now that Zoom is harvesting everyone's content, video and transcripts, things will get very, very interesting.
So if you discuss/use company IP on a zoom call, Zoom's future AI can reproduce it freely.
The question I have is, what if my use during the call could be considered Fair Use in the context and with whatever intention I used it, but what if Zoom then uses it for some other purpose and in some other context that is not Fair Use, have I now taken on the burden of being responsible for however Zoom has chosen to use the content?
So, perhaps, I would have been fine using it under the previous terms, but under the new terms, I need to be aware the Zoom may, at any point in the future, utilize it for some other, undisclosed, purpose there's no way that I can use it.
How can anyone use Zoom at this point, considering the liability they are foisting onto their customers?
Ah OK, that facet of it makes total sense to me. I should be responsible for copyrighted material I show during my call, Zoom should be responsible if they take data from that call and make some machine learning thing that later infringes copyright.
When you post on social media, you’re posting information publicly (or semi-publicly). When you say, or show, something on a zoom call, there’s an expectation of privacy between the participants of the call. Zoom is now saying no, there isn’t, because they’re going to use the content of your calls to train their AI.
there's a comma between "artificial intelligence" and "training" so I could read that as permission to use your data in any sort of training (e.g. training customer support staff) though I guess it doesn't rule out using it to train an artificial intelligence.
The concern I’m seeing is more about IP that the members of the call have legal access to, but which zoom does not. Things for which one must sign an NDA, or copyrighted material owned by the company. This is pretty different than someone using copyrighted material in a slideshow, which would be infringing material whether or not zoom is involved.
I’m curious if there is a distinction between consumer and business accounts, although based on the responses here, I’m guessing there isn’t one.
The indemnification for IP is a standard term that exists in all SaaS terms. What it's saying is "if you upload copyrighted/infringing material to our service and someone sues us because of it, you have to pay our legal costs since we had nothing to do with it".
This is a pretty reasonable thing, you're the one who uploaded the material, you're responsible for it, especially since zoom isn't checking/filtering what you upload/share.
I don't think it's reasonable that a SaaS should be able to train their AI on anything that is uploaded (if you're paying for the service). In fact, I don't think it's reasonable that they should even have access to view what you're uploading and sharing in private meetings. If neither of those were true, then they wouldn't have to worry about IP infringement.
> In fact, I don't think it's reasonable that they should even have access to view what you're uploading and sharing in private meetings.
There may be a setting you can set in the application to disable this. I don't know, I don't use Zoom.
But in any case, I think you hit the nail on the head. Just from a plain English perspective:
10.1 says that content you (as host or participant) upload to Zoom, may be used by Zoom to provide derivative information. An example listed is transcripts. Both the information you upload, and the information Zoom provides, is "Customer Content". Customer Content is your responsibility.
10.3 and 10.4 covers a wide variety of purposes for which Zoom can use the Customer Content.
10.5 says that Zoom will reasonably protect Customer Content from unauthorized disclosure, etc., but that it has no other obligations with respect to Customer Content. In particular, it can share the Customer Content with their "consultants,contractors, service providers, subprocessors, and other Zoom-authorized third parties accessing, using, collecting, maintaining, processing, storing, and transmitting Customer Content on Zoom’s or your (or your End Users’) behalf in connection with the Services or Software".
17.1, the confidentiality clause, says that Customer Content is not confidential information. That suggest the obligations of confidentiality, such as disclosing to third parties only with a confidentiality agreement in place, do not apply.
So if I'm reading this right, Zoom can disclose your meeting transcripts [edit: I meant audio of your meeting] to a third party, without an obligation of confidence between Zoom and that third party, so long as it is for the purposes of providing you the transcript feature.
Which is really strange, to say the least. At minimum I would expect Zoom to treat Customer Content as confidential.
Wish a lawyer could read this and give us (free) insight.
There was a big controversy around Zoom calling it E2E with their server being one of the ends. Not sure what their new narrative is but I do not trust Zoom to do the right thing regardless.
I'll go out on a limb and propose that end-to-end encryption and many-to-many real-time multimedia communication are two things that aren't often combined in a single product.
> This is a pretty reasonable thing, you're the one who uploaded the material, you're responsible for it
Absolute BS, this isn't youtube, call it what it is... eavesdropping on two way communication for personal gain. They are misusing IP law to cover their arses for stealing information that is legal to share between the people in the call but not legal for them to steal.
Every business should be fleeing from Zoom right now. All your internal comms are going to be exposed to their LLM... if you have trade secrets discussed over zoom calls, you should assume they can be extracted by others with access to the LLM.
It totally stops being a reasonable thing when the content is used to train AI. I don't think you can discuss/use company's IP anymore on a Zoom call. Or at least if you do, zoom's AI will be able to reproduce it and it will be YOUR fault.
It might be a standard term, but this is still a big reason not to use Zoom if you expect that any copyrighted or NDA'ed material will be shared.
Zoom says they might use this data to train their AI. If the AI produces a close-enough copy of copyrighted material or if it spews out company secrets, someone _will_ sue Zoom for this.
Yep, and also terms are necessary that in so many words allow the SaaS provider to read, process, copy, share, store, redistribute, etc. all your content. This is so they can provide their services, which are basically sharing video, audio, and content amongst the meeting participants, providing meeting recordings, transcriptions, etc.
Hi there, I'm the COO of Zoom. We currently do not use audio, video or chat content to train AI models and we would not do so without customer consent. Please see our blog https://blog.zoom.us/zooms-term-service-ai/
> We do not use audio, video or chat content to train AI models
<Edit: the word “currently” was edited in to the parent comment after I originally quoted it>
What your linked article says:
> When you choose to enable Zoom IQ … you will also be presented with a transparent consent process for training our AI models using your customer content.
Consent or not, these two statements seem to be at odds with each other?
There isn’t room for such ambiguity in this discussion. Details really matter here.
This community has a long memory about previous Zoom security issues and misleading statements (eg about encryption) - so it’s worth understanding that the level of scrutiny being given to this latest topic is likely elevated as a result. (In other words, I think Zoom has some extra work to do to rebuild trust among many of us here).
Hi there, I don't believe you, especially since you've misrepresented that blog post. It actually says: "we do not use audio, video, or chat content for training our models without customer consent." It explicitly says that you do use customer content to train your models.
From the screenshot: "You are directing Zoom to access, process, and use your participants' inputs and AI-generated content for the purpose of Zoom IQ product improvement, including model training."
Are you claiming that agreeing to these terms of service doesn't count as consent? I think your lawyers would disagree.
As the others have been saying, you need to absolutely spell this out in the ToS. The language in the ToS is far too broad and no matter how trustworthy your company may be now, people are cluing into the fact that that trustworthiness is one heartbeat away from a change in leadership that decides to push the boundary up to the legal limits in the law or ToS.
They explicitly said “we do not”, not “we will not.” The ToS and their statements allow them to change their mind at any time without notifying anyone.
We’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent. https://blog.zoom.us/zooms-term-service-ai/
I do not think that blog posts have any legal value whatsoever. The current terms of service are too risky for most companies who would otherwise have loved to continue to be users of your product.
I still remember when they promised E2E encryption when they had at least a MITM on their end. They have since deleted their (whole!) blog where the whole bullshit non-apology was posted. Zoom’s comments or promises are completely worthless.
“Customer consent” as in, accepting the TOS by continuing to use the product? Have some respect for the intelligence of your users. If you’re playing dirty lawyerball in HN comments you can’t be trusted to act in good faith.
Say more things. Are you suggesting that by “customer consent”, they mean the consent of someone other than those of us paying for zoom? That makes no sense, and is not supported by the use of “customer” in their TOS.
No. I'm saying "you" are the person in the Zoom call and who agreed to the Terms of Service when you installed the software, but the "customer" is the Zoom account owner, and these are usually not the same person.
Most people in Zoom calls at any moment are in calls where they are not the customer for that call. I would guess most Zoom users have never been customers in that sense, as in they never initiate calls and may not have an account.
Sure, and I think all-party consent should be required if a call has any guests. My point was much shallower—just that OP/Zoom is using language that suggests “customer consent” is some separate thing they would ask for, when in fact using the software (accepting the TOS) is that consent.
Thank you for your feedback. We’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent. https://blog.zoom.us/zooms-term-service-ai/
It's especially annoying because I can count on both hands situations where the blogging / social media team and the engineering / legal teams weren't on the same page. The blogging team sends out a message saying "we don't," while engineering is already working on something that does and legal has signed off because it doesn't violate the Terms.
She's lying, if you click on the blog post you can see that if an account owner opts in, they use audio, video, and chat content of all participants to train their models. As a user you are notified of this but not given a way to opt out, other than just leaving the meeting.
Based on feedback, we’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent.https://blog.zoom.us/zooms-term-service-ai/
That's nice, but your comment still says "We currently do not use audio, video or chat content to train AI models". You do, currently. If you don't think there's anything wrong with that, why come here to lie about it?
"without your consent" is also very misleading - you get the account owner's consent, but if I join another company's Zoom meeting and they have this turned on, I am not meaningfully asked for consent. I am informed, but the only way to "opt out" is to leave the meeting immediately (but you already have my face?) and uninstall Zoom. This is obvious coercion, Zoom has majority market share and most people do not have the freedom to decline when somebody sends them a meeting link.
"We don't use your data to train AI models"
(but we can pass it to another entity to do so)
"we would not do so without customer consent"
(...and everyone who uses our service has consented to anything we want them to in our convoluted ToS.
What you should have said is: "Zoom doesn't use audio, video or chat content to do anything but transmit it to the parties that are logged in to the meeting."
I frequently have to use Zoom for communications that are privileged by law. I wonder when the class action will happen?
Based on feedback from you all, we’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent. https://blog.zoom.us/zooms-term-service-ai/
There's definitely more that can be done in terms of setting trust with your users, partners, employers, and suppliers - I posted a comment elsewhere on whether or not you have a posted and shared Trustworthy AI policy, and something that is used to guide internal AI development. Happy to email that to you as well.
Even if you don't, the language of the agreement allows you to. The very same clause contains the consent language, so now that you have the materials, you can start making fake versions of us at your leisure.
Hi COO, of zoom, when people leave or join our zoom meetings the CHIME does not work when the host has left audio. this makes our business really hard to operate. as we rely on your awesome product. HALP
I feel like we are dangerously close to the situation where companies don't even put this in the ToS.
"Better to ask for forgiveness than for permission."
See also Uber, who broke the rules and got away with it, and in fact built their empire on top of breaking the law.
We should not let companies get away with this. In fact, CEOs of such companies should face prison time. Otherwise it would be too easy to steal your user's data, let your company go bankrupt and start a new company based on the stolen data.
I think it is worse than that. I think it is already happening.
At the very least, it is happening internally in R&D projects and there will be a raft a roll-outs. How many of those will be floated quietly for "testing" purposes before being rolled out in a public way? Will ToS be updated to reflect it?
We have already seen with Microsoft, that they are more than willing to implement and train these kinds of systems and roll them out without any kind of opt-in or up-front disclosure. And if you don't like it, you can just stop using O365, GitHub, Azure, etc. Good luck with that. You've got to convince the higher-ups that this is a real issue that they should absolutely care about. For many organizations, you just aren't going to get traction there because they likely own a bunch of MS stock and are happy to see the value extracted from their own company if it boosts their net worth in other ways.
> "Better to ask for forgiveness than for permission."
Thankfully we're starting to see legislation being rolled out in a lot of areas with reasonably large penalties for this approach (e.g. 4% of the company's global revenue for the EU).
Like I mentioned, I don't think that fees are sufficient because you just steal your users' data, pay the fees, and if you go bankrupt you just use the data to start a new company.
I understand that people are (rightfully) upset by these terms. This is the first post I've seen saying they're rejecting Zoom calls, but I've seen plenty of comments on HN over the last few days on this topic saying roughly the same.
My question is: what are you doing for work where you can just decline any invitation that comes from a specific service? That's not realistic at all for most people. Is there a solution for those people?
We get this all the time with our customers. We often lead our calls with an invite to use Zoom, and many of our customers will respond that their IT department requires them to setup any conference calls or video calls using their internal system.
Despite the language, I have a very hard time believing that Zoom is actually trying to train a generative AI on private video calls. If I had to guess this is there so that they can train adjacent services such as malware scanners for shared files or possibly their captioning service using small snippets of audio.
I'd still prefer it if they had far tighter language and clarity on how they use user data, but the tech crowd feels like it's off in conspiracy land.
If there is any actual evidence that they are using large amounts of private call data to train a generative AI then I'd really like to see that.
It's a strange mixture, and it's anticipating future needs as well as current things like malware scanning. Probably Zoom and all the other mainstream meeting services will have to use AIs on audio and video streams in due course, in an arms race against other AIs being used to generate audio and video spam, fake job interview candidates, scam calls from people that look and sound like your own family, and such things. On the other hand, who wants their daily standups scrutinised by facial sentiment analysis and posted to monthly management reports, which is the sort of thing it seems Microsoft might do.
I don't think Zoom is at fault for wanting or needing to use AIs or plan to, on the streams. They might even be ahead of the game. But their communication about it is rather weasely at the moment, and their COO and CISO comments on here don't help with that.
I see 4 competitors in this space (consumer video-conferencing SaaS):
- Zoom
- Google Meet
- MS Teams
- Jitsi (free)
I try and avoid Google products where I can but it seems like the least worst option here (I use Jitsi when I can but it's limited). Is there a 5th option out there?
I have tried Discord, it's reasonable, but the UX is kinda crazy for anyone not used to it - very hard to convince non-gamers to use it.
Jitsi's free service disables video to "save bandwidth" if you have any reasonable amount of participants (3+ in my experience), and doesn't allow you to re-enable it.
Their paid service allows you to tweak this but it starts at $100/mo.
Have never tried BBB & I'm starting to see a lot of folk recommending it here now as I read through the comments... is it available as a service or is it purely a self-host option (website appears to imply the latter at first but I haven't dug into it yet).
The free version of Jitsi does, yes. I'm self-hosting my own Jitsi instance and was able to configure the quality settings way beyond anything you can get from Zoom or Google Meet. I can have ten people with 30Mbps 4K video streams on the call at once. The video is responsive, lifelike, and beautiful like you're watching a pre-recorded YouTube video.
Ah. In that case, not really the "space" I'm referring to. Was really asking if there's any other non-self-hosted competitors to these services out there?
Jitsi is limited in that any organization big enough to have an IT security policy almost certainly prohibits standing up your own online meeting service for business use. You'll have to use the company-approved service, which is most likely Zoom or maybe Teams or Google. I haven't looked but I'd bet that Microsoft's and Google's terms of use are broadly similar to Zoom's for similar services.
It's not the IT admins, it's the CISO or equivalent. At their level they will be concerned with approving anything that's not widely popular and may be perceived as an "unsafe" choice. An extension of the age-old "nobody ever got fired for choosing IBM" line of thinking.
I don't know which companies/CISOs you've worked with but in my experience it's the opposite: CISOs tend to be wary of transferring corp data to 3rd-parties, for both legal/compliance and security reasons. It's generally engineering/IT management that tend to be more wary of self-hosting maintenance.
If they have a competent IT security policy, it will also forbid you to use Zoom, assuming even half the things people are saying in Zoom's terms are actually in there.
There's also slack huddles, however I suppose this really only works for internal company calls. Apart from that I've found that to be the best option, especially when using slack already.
Between this and the "RTO or GTFO" story going around on Blind, my new conspiracy theory is there is some kind of power struggle going on at zoom leadership and the senior leadership team is intent on burning zoom to the ground.
As a hint on how to self host I can suggest galene. Now there is a caveat in that It turns out that seeing someone while talking to them does not actually provide any value add(actually it is a net negative) to me and my normal non video chat go-to's(cough mumble) have proved good enough. so I don't really use it. But it was very easy to build on openbsd, which is a plus in my book, and the documentation is pretty good at explaining various scaling setups. from one idiot who likes to run servers(me) to full on video chat as a service(zoomish).
My problem as a coach is, everything else is bad. Google Meet video quality feels like the 90s, they optimize for traffic costs. MS Teams is not easily usable from a meeting URL, but quality is higher than Google Meet. Other offers are often unreliable or low quality.
When working with a trainer for my language/pronunciation I also found out that many solutions have abysmal sound quality, Zoom is best by far.
Yep - we've tried most (and have teams and meet FREE).
Jitsi - core functionality issues with video quality tied to network setups perhaps make it a no go.
If you work with a lot of folks for short bits of time everyone knows how to get on and work a zoom call.
Teams has weird permissions issues, consumer vs business teams, and is forced on so many people that they auto close it (reminds me a bit of the IE pushiness which can be a turn off).
Google Meet started auto-adding links to meetings - so most folks ignore a google meet link because they don't think it's a real meeting (and 90% of time it isn't).
The problem is a fair number don't do this. It's super annoying - why not do an opt-in or even a prompted opt-in to keep this to folks actually using meet maybe based on actual meet usage?
Oh sure, I don't intend to defend the default of enabling it, just trying to suggest a mitigation that might at least help internally within a single company.
> MS Teams is not easily usable from a meeting URL
Why not? You click on the link and if Teams is installed it opens the local copy. If not then you can do the call in a browser. What is the difficulty?
Last time I've tried it wants you to register and/or login, it sometimes loses the meeting in the process, you then are left with an application that tries to be Slack and you try to find the meeting in the app again, if you logged in to a different account than the invite to the meeting it gets lost etc.
But it might be different today, for those problems I try to not use Teams for some time.
Also if you use Teams all the time the experience might be different.
No. I have Teams installed, but if I click on a Teams link in the Teams app, it opens the meeting in the web browser. There was a decent stretch of time where it would go through a fail-loop in the browser before finally suggesting trying the meeting in the app instead, which wasn't actually possible because of the above. I'm really struggling to comprehend how messed up the development team can be to have a product as awful as that.
>Be indemnified by me if it turns out someone else owns the IP or has their rights infringed (for example to confidential materials everyone on the call is entitled to review).
IANAL but that's not quite what the terms say.
>25. INDEMNIFICATION
>To the extent not prohibited by applicable Law, you agree to indemnify, defend, and hold Zoom and its affiliates and each of our licensors and suppliers (“Indemnified Parties”) harmless, including any officers, directors, employees, shareholders, members, consultants, and agents of the Indemnified Parties, from any third party allegation, claim, proceeding, liability, damage, or cost (including reasonable attorneys’ fees) arising out of or related to (i) your or your End User’s use of the Services or Software, (ii) your or your End User’s breach of this Agreement or violation of applicable Law, (iii) your or your End User’s infringement or violation of any Proprietary Rights or other right of any person or entity, (iv) your relationship with your End User or any dispute between you and your End User, or (v) a personal injury or property damage to a third party relating to your or your End User’s acts or omissions
(emphasis mine)
You'd really have to stretch the definition of "your or your End User’s use of the Services or Software" to include zoom running their AI training (unbeknownst to the user) for it to be included. What this clause is intended to cover is cases like you using zoom to commit some sort of crime (eg. streaming movies/sports matches), and zoom gets used along with you.
If you're authorized to access the data, it's not infringement. Again, this is if you're using zoom to stream Disney movies or whatever, and Disney decides to sue you and zoom. If you're screensharing confidential company documents you're authorized to view, this will certainly not apply to you. If for whatever reason your company is getting you to screenshare third party documents that you're not authorized to view (eg. confidential documents from a competitor), you should really reconsider who you're working for.
If zoom is the platform that your company picked, the company is going to have a hard time suing you or zoom for infringement or whatever. If zoom isn't the platform your company picked, the company is either too small to worry about stuff like this, or you really shouldn't be transferring data to a company that doesn't have a data processing agreement with you. It's the equivalent of using gmail (the personal version, not gsuite) for work emails.
If no one answers I'll ask internally (I'm in Microsoft but just an engineer and not in teams), I can tell you that in our org we don't have access to customer data, actual customer data is encrypted anyway and every access to a production machine is recorded, audited and has to be justified legally (and is very rare to the point I haven't _actually_ seen it done except to literally learn how to go through the process on a machine with no dat).
I'm also curious what the ToS says about teams, if it allows it I'd be pretty disgusted and I was very surprised Zoom does this..
I get it from Zoom's perspective: it's a core differentiator and strategic future advantage for them.
I think it's going to lose them more customers than make them money... but we'll see.
MS is a more interesting case, because they have a tradition of understanding enterprise concerns, and don't really need the data from Teams given their product portfolio.
But, common strategic sense often doesn't stop tactical, myopic product manager blunders, so I am curious.
> I think it's going to lose them more customers than make them money... but we'll see.
We will indeed. Given the vast, vast majority of users' reading of TOS in the first place, much less understanding them, this to me seems very unlikely.
This sounds like a joke, how can anyone write such ToS with a straight face? It's like "1.1 We value our customers and treat them with respect, unless we say we don't. 1.2 We don't."
At work, there is a whole process and checklists for "approved" software. Zoom is one of them. Most Microsoft software are in this approved list. Our work laptops are locked down and you can't install anything. Our development laptops are a bit more open, but they are monitored as well. However this is not the issue.
How do you get a whole organization of several thousand people to move from zoom to another platform? In my experience, this has only happened because the provider simply could not meet the QoS/ToS, or they were priced out.
Also, most people just don't care. They just want something working well. We've got Cisco webex and Microsoft teams, but guess what most people prefer? Zoom. Because "it just works better".
I recommend Jitsi over Zoom for lots of reasons, but "AI" isn't some magical new danger point.
* Most of the legal terms are standard for internet services.
* Any and all unencrypted internet communication will be monitored by the services hosting that communication.
* If we replace "AI" with "automation tools", then this is a nothing burger.
Or to put it another way, Does anyone really think Zoom (or other internet services) aren't running automated tools to catch/ block/ report child porn? How do folks think those automation tools are trained?
If you don't want service providers monitoring your communication, ENCRYPT IT. Otherwise, it doesn't matter if they're using the "AI" boogeyman or older automation tools.
Ironically, my company can't use Jitsi because it isn't a certified "secure" platform per FedRAMP[1]. If Jitsi were ever granted FedRAMP certification, I'd be charging full steam ahead to get my company to switch.
This is Michael Adams, Zoom’s CISO. I want to reiterate our thanks for your feedback and emphasize our continuing commitment to protecting our customers’ data as we make exciting improvements to Zoom products.
At Zoom, we do not use customer audio, video, and chat to train our generative AI models without customer consent.
>At Zoom, we do not use customer audio, video, and chat to train our generative AI models without customer consent.
What is the mechanism you use for "customer consent"?
IIUC, you have a pop-up at call initiation for which you either provide "consent," or drop the call, with no option to deny consent and continue.
If that's correct, then your definition of "customer consent" doesn't comport with the broadly understood idea of consent. Rather, it's closer to "if you enter my store, you consent to spending at least USD$20. If you don't actually spend that much on our offerings, we will charge the balance as a fee," than to true consent.
That's not to say that Zoom shouldn't have the right to require such consent to use their service, but based on my understanding, the mechanism for obtaining such consent is coercive and exploitative.
Most importantly - we’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent.
I think a large number of people here will still find these terms lacking. Specifically, we will reject the idea that one account admin can make a consent for all users.
I would much prefer to see users empowered to not just be "notified" of an account admin's decision but to have per-user consent. Regardless of what my employer (or a collaborator's employer) might think, I do not consent to feeding my voice, video, or screenshare content into AI training.
And I think there should be a middle ground between "tolerate the admin's decision" and "don't participate". I understand certain scenarios require this, such as recording of all contributions to an important meeting. But, I don't think you should apply this heavy-handed approach to other derivative use. A user should be able to communicate with peers without being coerced into consent for all other usage an account admin might be interested in...
> At Zoom, we do not use customer audio, video, and chat to train our generative AI models without customer consent.
I think it is misleading to use the word "customer" here without drawing attention to the fact that is not the meeting participant.
It that intentional? Different people have a different idea of what "customer" means, in the context of a discussion about an online meetings product, when they are not paying attention. As a CISO who is surely aware of social engineering's role in data security, I'm sure you know this.
And in a context where people individiully agree the terms of service by clicking "I agree", often on their own computer, people mostly think of the customer as themselves.
So who is meant by "customers" in your comment, and your COO's comment, who consent (or not) to AI training on their data? All the people attending the meeting, or the entity who owns the Zoom account only?
Does each person attending a Zoom meeting have to give consent for their likeness and personal data to be used?
The people who actually care about their personal data being used in this way are the people attending the meeting. Everyone knows this intuitively, and that's why wordings around whose consent is involved need to be clear and unambiguous, and sound like weasel-wording if they are not, or if they imply it is delegated to one party in the meeting that the others may not entirely trust with that kind of data.
Scratch that. I read your link. It says quite clearly that "Zoom account owners and administrators control whether to enable these AI features for their accounts."
In other words, people attending the meeting are not in control of whether their personal likeness and data is used to train AI models.
Indeed that's the case. There is a reply to your COO's comment on here, saying that when a person joins a meeting they are given no option to consent or decline, except to leave the meeting.
In real life, that means things like a person attends a job interview online, and suddenly faces the surprise realisation at the moment they are about to start that they have no realistic choice but to continue with an AI being trained on how they talk and smile at their job interview, for example. Or they start a job, and discover that's what's happening with their team standups. Not everyone will mind, but it sure feels like Zoom may be facilitating something more invasive than before, where you could normally assume a meeting was private to the participants and ephemeral, if it's not explicitly recorded.
I expect you're aware that people would not take that interpretation from the comment you posted here on a casual reading.
Please don't do that. If you must explain under what conditions Zoom uses user data, please don't use the kind of flexible wording, like "customer", that will cause many people to think each person installing Zoom and clicking "I agree" is in control. Please be more consistent in public statements by saying something more like:
The Zoom account owner and administrators control when the meeting participants' personal likeness and data is used for AI training.
Your COO's comment on here says Zoom "currently do not use audio, video or chat content to train AI models [and we would not do so without customer consent]". But your statement imply that Zoom does currently use audio, video and chat to train AI models under some circumstances.
That has led one commenter to say that your COO is straight up lying, but I would be inclined to say the wording urgently needs clarification, in plain English using words that people are not likely to misinterpret, or feel like they are being tricked by.
All this is not a good look if you care to maintain a trustworthy reputation. That people using Zoom can have confidence in. As someone correctly pointed out, Zoom already has a tainted reputation around user data. I think your product is great and I use it often in large meetings. I prefer it over all alternatives I've tried because it works well. I also think Zoom has managed to mostly recover from previous reputation hits. But other products are catching up, and I'll end up advocating against Zoom myself if I think the C-suite is a tag team of weasel-worders who'd like to keep the door of ambiguity open ajar on something as central to meetings as this. People's ability to feel safe when talking to each other is sacrosanct.
It probably does STUN but not TURN and relies on the actual data going through P2P, that's what most services that are free do and for a lot of orgs/cases it works pretty well.
I don't think you understand my question. STUN is only for setting up the connection. With Trickle ICE etc. But after that, who actually proxies the video that is being sent between the WebRTC endpoints? You need TURN servers for that! Without them, people behind a firewall wouldn't be able to actually receive any audio/video streams from Jitsi. So how would it work without TURN?
> people behind a firewall wouldn't be able to actually receive any audio/video streams from Jitsi.
That part isn't really correct? Most firewalls block incoming connections not outgoing ones so both parties agree on a port, hole punching happens and then there is a connection is formed.
As important as drawing the casus belli is laying out alternatives. What are the alternatives to Zoom, supporting Linux, OSX, mobile and Windows, with decent terms of use?
The page suggests using Jitsi instead (https://meet.jit.si/), which is apparently open source and can be self-hosted. I've never used it, just pointing at what the page suggests.
It's easy enough to host as a small set of containers behind a reverse proxy. Bandwidth is the main bottleneck in my experience, but there is peer to peer to some degree.
Jitsi is amazing. I tried out the desktop client version maybe 10 years ago and it sucked hard. More recently, using their webRTC version has been the smoothest voip experience I've ever had, and it's gratis, and it's open source, and I don't even need to register. It has high quality audio, video, and screen sharing. Honestly, I have no reason to use anything else.
We use Whereby for quite a while, and it works very well. It runs in the browser and does not require any installation (I think they are based on Jitsi).
Jitsi is great but has limitations. I use Nextcloud Talk. Nextcloud is self hosted and includes many apps that can be easily activated. Talk is full featured and includes mobile apps that allow people to call each other directly along with everything you would expect from a messenger. Federation with the 400K+ NC installations is WIP.
Tangentially related: does anybody know which of the teleconferencing solution has the best audio quality? I'm looking into live music streaming and Zoom/Google Meet seem to offer subpar sound quality, optimizing for latency and using other aspects like noise reduction.
It is worth mentioning that these terms of service (specifically subsection 10.2) are completely illegal under EU's GDPR. It is a matter of time before someone takes them to court.
Zoom already has multiple offerings with different privacy policies. For example Zoom.us (Zoom for US Government) vs Regular Zoom. Wouldn't be surprised if this comes later in different tiers of pricing and data privacy.
Hi there, this is Aparna, COO of Zoom. We’ve updated our terms of service (in section 10.4) to further confirm that we will not use audio, video, or chat customer content to train our artificial intelligence models without your consent. Please take a look. https://blog.zoom.us/zooms-term-service-ai/
I tried once to connect to teams on firefox mobile in a private tab just to send a simple message (not a video call) and tell my coworkers I had a medical emergency and was heading to an hospital.
After passing my company's azure SSO login prompts all I got was an error message I had to use Chrome or Mirosoft Edge
This was a message fron the app, not a failure on firefox mobile's part and I didn't expect any videocall to work, just to be able to send a message in a chat.
