Zoom Changes TOS to Say It Won’t Train AI on Your Calls ‘Without Your Consent’ After Backlash::Zoom added a line to its terms of use on Monday, after concerns that the company was using calls to train artificial intelligence algorithms went viral.

  • phx@lemmy.ca
    link
    fedilink
    English
    arrow-up
    45
    ·
    edit-2
    1 year ago

    So if they actually implemented E2E encryption like they said (last time they were called out on lying about it), how exactly would they even collect this information?

    You’d need to MITM the calls for it to even be possible, which raises other issues…

    • jsveiga@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Technically they can collect whatever they need, before encrypting to send from E to the other E, and send, with or without encryption, to their servers. The "E"s are the devices on each end, not necessarily the users mouths and ears.

      You can send your typed credit card to that site using SSL encryption, but the number can be captured by a keylogger or a screen capture before being encrypted.

      • outdated_belated@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        11
        ·
        edit-2
        1 year ago

        So it’s basically “some stuff is E2EE, other stuff is not” which, absent knowing which is which, boils down to no E2EE at all.

        • jsveiga@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 year ago

          Basically this. I don’t assume that just because it’s E2EE (or says it’s E2EE) it’s privacy safe.

          Unless maybe if it’s my own system on both sides, running Linux, connected through some FOSS VPN I’ve set up myself, chatting through nc tunneled through ssh with a 100% silent wired keyboard, no monitor, no network, and everything powered off. Inside an underground lead bunker.

          That doesn’t mean I don’t use Teams, Whatsapp, Gmail, etc. I just don’t assume it’s private.

      • phx@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        True, but in that case you don’t actually have real E2E encryption anymore, as it would need to be sending copies the data to a tertiary destination for processing by AI. The application itself would be the malware (which, TBF is kinda accurate for Zoom anyhow)

        • jsveiga@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          2
          ·
          1 year ago

          E2E just means it’s encrypted from end to end, iow, it’s not decrypted in the middle of the way.

          If I was using an E2E communication application, I, for one wouldn’t automatically assume that meant it was not eavesdropping.

      • frozen@lemmy.frozeninferno.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Yeah, Zoom could encrypt the data twice with different keys, send one packet to their data collection servers and the other to the other people on the call. It’s still technically E2E encrypted, there’s just two sets of “ends” (origin to data collection and origin to meeting).

      • phx@lemmy.ca
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Well, not really a surprise. Hell,I wouldn’t be surprised to have it come out and Zoom say “well we didn’t say which end the encryption terminates on”

    • KIM_JONG_JUICEBOX
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Lol is it really E2E if you purposely put an MITM in there wtf? What I guess they hand out the private keys?

  • Metal Zealot
    link
    fedilink
    English
    arrow-up
    36
    ·
    1 year ago

    Are we really letting companies get away with “better to ask for forgiveness, than permission”?

  • ShittyBeatlesFCPres@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    ·
    1 year ago

    The added line to their TOS doesn’t block anything anyone was concerned about. It says they won’t train their own models without consent (which you give by using any A.I. feature or joining a meeting where the presenter uses A.I. features).

    But what people are worried about is them licensing conversations to others for A.I. training. Many Zoom calls are one to many presentations but a lot more are private conversations with insider info, trade secrets, PII, legally protected data (like a healthcare record in the US), etc. Zoom is reserving the right to do whatever the fuck they want with recorded meetings.

    Section 10.4 of the TOS is the issue. Most people don’t care if they use data internally to build features. Lots of people care if they share private meetings with third parties.

    • KIM_JONG_JUICEBOX
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      It seems like collecting a lot of the data you mention would be illegal. Even if they add it to their TOS, that still doesn’t make it legal.

      Like I can’t make a TOS that says I can kill you, and then I can legally get away with murder.

  • Kansses@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    I think soon they will have systems in place to cillect data by concent. And then secretly will train their ai anyway. Whose going to punish them. Nobody.

    • treefrog@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 year ago

      They might get sued. But they’ll make more off this then they’ll lose in a suit.

      Such is capitalism.

    • justastranger@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      All they need to do is slip in a sentence somewhere about how using the product means you consent to the data collection and AI training

  • rustyricotta
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    What’s the point of talking about consent in a TOS that you have to “Accept and Agree” to in order to use the service. Odds are that that’s enough consent for them.

  • Chemical Wonka@discuss.tchncs.de
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Zoom is proprietary software unless you can check its source code this is just empty words.I don’t trust ANY proprietary software.