Zoom terms of use updated to allow AI training on user-generated data, no opt-out
Zoom terms of use updated to allow AI training on user-generated data, no opt-out
Relevant text:
10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: (i) as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3. If you have any Proprietary Rights in or to Service Generated Data or Aggregated Anonymous Data, you hereby grant Zoom a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to enable Zoom to exercise its rights pertaining to Service Generated Data and Aggregated Anonymous Data, as the case may be, in accordance with this Agreement.
Zoom is used by a lot of institutions for official, sometimes sensitive work (ex. Healthcare, education, etc.)
How are those plans affected by this change?
Zoom has a healthcare specific license for healthcare. Don't think they could add that in and stay HIPAA compliant, but I can't any exceptions in the ToS so maybe US healthcare is actually trash and this is "fine"
It's definitely not fine, but they may be stupid enough to try and train a model on healthcare zoom meetings. I think I'm gonna let my healthcare company security team know. We do a lot of cross collaborative meetings with the university and I'm not sure their license is the healthcare one. Typically that's all just resolved through a business agreement, but if it's a part of the ToS now they may be violating HIPAA without knowing it even while having business agreements not to. Might be worth filling a complaint to give the hhs a heads up that they're potentially noncompliant.
My synagogue uses zoom and I’m afraid of the potential risk this might place them with now
for meeting and other video conferencing needs: https://jitsi.org/jitsi-meet/ , not hard to set up and get going.
and of course just video chat with no back end there is always https://vdo.ninja/ though I strongly recommend rolling up a jitsi-meet server
for streaming https://obsproject.com/
Zoom could easily be replaced at little cost other than someone's time and a donated fairly modern computer (note: businesses can often deduct the full value of the computer if it is two years or less old and is donated to a qualifying organization, such as a Synagogue).
Happy to say I've never used Zoom because it was a privacy threat even before all this. Not happy that people always treated me like I'm some kind of space alien for not using Zoom. Also not happy that those same people won't care about any of this, and will keep right on using Zoom.
zoom is a privacy and security nightmare.
The irony of zoom buying keybase...
This is not good. Thanks for highlighting this. I flagged this for my company’s enterprise risk management committee to consider and act upon.
Went to look at the TOS. The service generated data (10.2) isn't actually the bad part. However, 10.4 is.
10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: (i) as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3. If you have any Proprietary Rights in or to Service Generated Data or Aggregated Anonymous Data, you hereby grant Zoom a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to enable Zoom to exercise its rights pertaining to Service Generated Data and Aggregated Anonymous Data, as the case may be, in accordance with this Agreement.
Full Text
https://explore.zoom.us/en/terms/You're correct, I mistakenly copied the wrong section. (Posted this from my phone)
Fixed!
A free, libre, opensource, and privacy focused alternative to Zoom is Jitsi, which can be used without an account.
If you want even more privacy, you could host your own video conferencing service. Some options are below.
How many of those support captions?
I'm not sure which use case you're referring to specifically, but I have not used any caption functionality in any of the services listed. However, I was able to find the below documentation. At a quick glance, it looks like Jitsi and BigBlueButton support captions better than Jami does.
- Jitsi
- BigBlueButton
- Jami
which can be used without an account.
Not anymore. You need to login via a Google/Facebook/Github (Microsoft) account to create a meeting room starting from end of August 2023.
Permanently Deleted
I had to get security clearance for my job. I hope this finally convinces them to not use zoom anymore. Otherwise the security clearance thing is a joke.
Ahh yes they're going to harvest the infinite wisdom from our weekly conference calls. "Bob you're on mute". "Can you hear me now?" I hear echoes " " Bill is that a bong on your desk?"
Dare you not forget, "You sound like a robot!"
"What the frick, I thought it was an Xbox controller!"
They will be able to replicate your likeness digitally. Only a matter of time.
Entire industries are bound by the terms of a single company. Time for some anti-trust enforcement.
Some privacy protection laws would also be good.
Some politicians who are capable of understanding any of this would also be good. (What a mess we're in.)
Can’t wait for the impending data breach and all of the sensitive AI training conversation data is leaked
and when that data ends up going a lot farther back than the date of this policy change... that is, that they've been collecting it all this time.
So I guess Zoom will be banned in Europe?
User-generated data like recordings of all video and audio from meetings? Is that legal? And wouldn’t that be a lot of video to store?
of course it's legal. You clicked "I agree" once 8 years ago when your aunt sent you a zoom link, that means they can watch everything you ever do ever again for any purpose, and that's completely fair. /s
We need to ban the TOS model. There is no way artists uploading to DeviantArt 15 years ago could have known that their art was going to be trained on, there's no way that should be legal. We shouldn't be forced to sign away all rights for our content so it can be used in ways that don't even exist yet so we can join a video call. When we had landlines we had laws about this, but we've never seen anything like that for the internet.
I'm confused also. Does it really encompass this?
This sucks. A lot of people like me only use zoom because classes/webinars/meetings/interviews are hosted there and we can't really complain about something we have to attend for our own good, especially if everyone else is doing it. It sucks so bad, I hate how it's like this. I wish people in my country would care enough to find this AI shit a red flag, but sadly I don't think so.
It still might help if you point it out to the orginsator... Especially if you makebit clear to them that their copyrighted slides, etc. will be part of that aswell
Does that imply Zoom is not end to end encrypted?
It never is by default. In fact, they got in a bit of a fiasco early on (before their current E2EE implementation) for using the term "end to end encrypted" after it was revealed they were simply referring to TLS.
huh. It’s not even misleading it’s just plain false. TLS doesn’t operate at the application layer, it operates at the Transport Layer. End to end means Application Level encryption.
Interesting. I wonder if anyone has a document comparison between the two versions.
Apparently they've gone back on this now: https://www.theregister.com/2023/08/08/zoom_ai_legalese_update/
Definition of Customer Content, from the terms:
10.1 Customer Content. You or your End Users may provide, upload, or originate data, content, files, documents, or other materials (collectively, “Customer Input”) in accessing or using the Services or Software, and Zoom may provide, create, or make available to you, in its sole discretion or as part of the Services, certain derivatives, transcripts, analytics, outputs, visual displays, or data sets resulting from the Customer Input (together with Customer Input, “Customer Content”); provided, however, that no Customer Content provided, created, or made available by Zoom results in any conveyance, assignment, or other transfer of Zoom’s Proprietary Rights contained or embodied in the Services, Software, or other technology used to provide, create, or make available any Customer Content in any way and Zoom retains all Proprietary Rights therein. You further acknowledge that any Customer Content provided, created, or made available to you by Zoom is for your or your End Users’ use solely in connection with use of the Services, and that you are solely responsible for Customer Content.
tl;dr: Customer Content encompasses all data originating from your machine sent to Zoom servers.
Oh no. I'm gonna have to switch to something else from the plethora of video call options for my yearly Christmas call with family. The horroooorrrrre