If it’s priceless how much should they pay?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Zoom to Pay $85 Million to Users for Misleading Encryption Claims
- Thread starter MacRumors
- Start date
- Sort by reaction score
So when the people that receive a settlement claim it, they will have to provide more information than their email address.
And I have no doubts whatsoever that this information will find its way to Zoom. Heck, Zoom may even need it to make the payments (unless a third party doles out the money), but regardless, more user data for Zoom.
It was far worse than that if anyone cared to look. They were caught routing business video calls between U.S. users from the U.S. through China then back to the U.S. early on. Their developer team is in China (presumably so they'd be really cheap). Their CEO danced through this and the above and other things - and made a ton of money with their IPO.
Because of the timing of the shutin the world just ran to them regardless. I was stunned when my company started using them, if they'd researched them at all, they never would have...
THIS article is misleading. I’m surprised I’m the first to say this in the comments, but TLS encryption IS INDEED end-to-end encryption.
The reason Zoom is being sued is that they functioned as “a man in the middle” vulnerability. Your Zoom call was TLS end-to-end to Zoom’s servers, then Zoom’s services decrypted the data and re-encrypted with TLS end-to-end encrypted to the other person on the Zoom call.
under this system, we are trusting Zoom to not surveil our calls or mine then mmm for information.
So they weren’t technically lying, but they were certainly misleading.
But on the topic of end-to-end encryption, since the companies that distribute the signed TLS certificates hold the encryption keys (Apple itself is one such company) of the secure connections, we do indeed succumb to trusting them to not exploit those keys. Only unsigned end-to-end encryption schemes are *TRULY* end-to-end.
The reason Zoom is being sued is that they functioned as “a man in the middle” vulnerability. Your Zoom call was TLS end-to-end to Zoom’s servers, then Zoom’s services decrypted the data and re-encrypted with TLS end-to-end encrypted to the other person on the Zoom call.
under this system, we are trusting Zoom to not surveil our calls or mine then mmm for information.
So they weren’t technically lying, but they were certainly misleading.
But on the topic of end-to-end encryption, since the companies that distribute the signed TLS certificates hold the encryption keys (Apple itself is one such company) of the secure connections, we do indeed succumb to trusting them to not exploit those keys. Only unsigned end-to-end encryption schemes are *TRULY* end-to-end.
At that point businesses had few choices and just said ‘F it… the risk is worth it.’
People who bought their pro, business and enterprise plans likely
Edit: I just read the whole thing, free users will get paid some too, I’m surprised
Given they offer recording and audio transcription, it was obvious to users that the video was in an unencrypted state in the backend. They used “end to end” to mean it was impossible for anyone to sniff packets and decrypt the video stream.
is there some other marketing terminology they could’ve used?
is there some other marketing terminology they could’ve used?
‘Please share that info
The lawyers, that's who gets paid. The lawyers.
I have been using Zoom since 2017 for international communications. I’m an active daily Zoom Pro user so I expect at lest a free month or two of Pro 😁
Zoom was far and away the best thing out there in terms of user experience in 2019. I worked for a company spread on both sides of the Atlantic and Zoom was amazing. The app itself, but also their "Zoom Rooms" which are conference rooms they setup and maintain at your site with their hardware. The whole thing was hassle free, and that's across all levels of users. We were biologists, not IT people.
I never saw the unexplainable problems of Skype - Teams is definitely better, but you still get unexplained connectivity issues. My current company is Teams-centric, but I'll periodically switch a meeting over to Zoom in real-time when screen sharing or some other function isn't working properly. I know Zoom will work every time.
Interestingly, the most trouble-free Teams client is in iOS. Consistent hardware makes the software a lot more robust. Shocking.
They'll just go through all your old Zoom conversations until they hear you giving your address or bank details to someone.
Even more precious informations about scientific knowledge at the beginning of the pandemic, when it was used in Universities 😟
No. Damages which impact company profits punish the management in terms of salary, bonuses and options. Damages which destroy a company punish every employee, every contractor and every shareholder.
Originally, I thought Zoom had interpreted "end to end" encrypted as between users, not from node-to-node within the Zoom network. In other words, communications were encrypted to-and-from Zoom only, not between end users. Do I still have this correct?
If so, I'm not overly concerned because I was only using it as part of my job/work, we were required to use it during the pandemic. Unless someone was provably damaged by the lack of encryption and/or plausible malfeasance on Zoom's end, there's little or no damages to be had outside of misrepresenting their encryption strategy.
Anecdotally, given the alternatives we had during the first wave of the pandemic, Zoom worked pretty well most of the time. Google Meet was a mess.
If so, I'm not overly concerned because I was only using it as part of my job/work, we were required to use it during the pandemic. Unless someone was provably damaged by the lack of encryption and/or plausible malfeasance on Zoom's end, there's little or no damages to be had outside of misrepresenting their encryption strategy.
Anecdotally, given the alternatives we had during the first wave of the pandemic, Zoom worked pretty well most of the time. Google Meet was a mess.
Last edited:
That was the problem for many of us in K-12 and higher Ed: There was not much time in Spring 20 to transition from in-person to online and in reality, there were not “many better alternatives”. A shame it took Apple until the not even yet released iOS 15 update to expand the functionality of facetime in the direction of a true social video conferencing app.
I would prefer not to use Zoom but some of our vendors / business partners require it for their conference calls. In fact, our largest software vendor is switching from WebEx to Zoom in a couple of months ☹️
To be honest, it's blatantly clear people finding love or having an app conveniently help them find a hook-up/soulmate is worth such apps having such information to analyze as they see fit. Depending on their age, I almost kinda don't blame them (I don't use dating apps because I haven't had the need to in order to get my physical & belonging needs met).
People know why they're on such apps and what typical messages, pics, & arcs of conversations will go. To them, they probably think it's no surprise what goes down in the DMs in such sites, so the collateral damage is eh to them.
Women are disproportionately exploited & taken advantage of in such apps of course; why most educated woman will keep things superficial on such apps pivoting intimate conversations/intention off such apps as quickly as possible.
That is actually a highly inaccurate representation of the reality on these apps, which almost entirely favour women on multiple levels and it is the Men that are exploited both emotionally and financially on these apps.
Almost all the algorithms favour female selection and choice over male choice. Men generally outnumber females on dating apps at a rate of 5:1 or more depending on the website, which gives female members the ability to be highly picky with their selections, or indulge easily in the plethora of opportunity, along with the freedom to utilise that abundance of men for their own entertainment.
Some apps like bumble give females special privileges such as them having to message first in order for a conversation to be initiated. If you put together this algorithmic bias, the ratio of the genders and a females natural inclination towards hypergamy, the result is a huge disappointed and exploited group of male users.
Males who are then subject to coercive marketing campaigns convincing them that their success will only improve once they purchase that $60-$100 Gold membership in order to stand out amongst all those other guys, which may result in more available features and even interactions, but not necessarily any more success in their dating possibilities.
it’s a heavily slanted industry highly in favour of women and the data mining and lack of encryption that allows these companies to determine trends and patterns in dating success/failure only strengthens the power given to women in these apps.
Dating apps in the current day are a self-esteem trap for young men and I highly discourage any male from ever using it, even if they have received some occasional success at times in the past. It’s largely a zero sum game and we lose more than many would gain.
Last edited:
When the term ”end-to-end encryption” is used, it means “sender to recipient” not “sender-to-middleman, then middleman-to-recipient.”
By your logic, *all* encryption is “end-to-end.”
Security aside, was there anything functionally better than Zoom that could be used universally (i.e., not including Apple-only apps?). Zoom is certainly far better than Skype and Teams. Teams is great for chatting, and convenient for one-on-one video calls if you and your group just leave Teams open, but doesn't work well for group videos calls. We tried Teams for that and switched back to Zoom.
Class-action suits like this are all a bit ridiculous. They're purely a vehicle for certain types of lawyers to use the system to line their pockets. Out of an $85M settlement, they get a big chunk. Yet the compensation to those that were mistreated by the company is trivial, and there is little deterrent effect against future bad corporate behavior. The only way the latter happens is if the corporate executives that made the decision to treat their customers badly are held personally responsible, either through hefty personal fines or jail time. But, except in extraordinary cases (e.g., https://www.nytimes.com/2017/01/13/business/takata-airbag-criminal-charges.html), that doesn't happen, because that's not the way the game is played.
The reason corporate execs are willing to engage in bad behavior that increases coroporate profits is because they know they're shielded from the consequences if they get caught.
The other way these class-action suits can be ridiculous is that lawyers that make a business of pursing these suits can, on a technicality, recover (shake down would be a better term) money from a company that hasn't done anything wrong. I was contacted by the settlement officer for one of these suits and refused to pursue compensation.
The whole system of rewards and punishments is twisted to incentivize behavior that's contrary to the common good. Which is what often happens when lots of money is involved.
The reason corporate execs are willing to engage in bad behavior that increases coroporate profits is because they know they're shielded from the consequences if they get caught.
The other way these class-action suits can be ridiculous is that lawyers that make a business of pursing these suits can, on a technicality, recover (shake down would be a better term) money from a company that hasn't done anything wrong. I was contacted by the settlement officer for one of these suits and refused to pursue compensation.
The whole system of rewards and punishments is twisted to incentivize behavior that's contrary to the common good. Which is what often happens when lots of money is involved.
Last edited:
I understand the contradiction you've pointed out, but that's due to my hasty/careless explanation.
What concerns me is that this article implies that TLS, used by the entire internet, isn't an end-to-end scheme. But it is end-to-end, and people should be using it on their web servers. I don't want people to get the wrong idea about TLS.
The problem is that Zoom misrepresented their encryption based on technicalities, and as you so aptly described "the term 'end-to-end encryption' is used, it means 'sender to recipient' not 'sender-to-middleman, then middleman-to-recipient.' ". I assume this was obvious to the courts which is why Zoom lost the court case.
Not all encryption is end-to-end. Only public-key-exchange
Having said that, re-iterating what I concluded with earlier, any signed encryption scheme is vulnerable to a man-in-the-middle attack if the certificate provider is compromised and the private keys are leaked... so with that in mind, it's conceivable that any signed encryption scheme is not technically end-to-end.
Last edited: