Bonum Certa Men Certa

Terms of Service (TOS) Under Scrutiny - Part XIV - Zoom the Beast

posted by Roy Schestowitz on Sep 07, 2024,
updated Sep 07, 2024

Traditional christian church in Litomysl - Czech Republic

Confess your sins to the FBI?

In part 13 we looked at the RealVNC TOC or bits of it that stood out as exceptionally unreasonable. We promised we'd dig deeper and, as assured right from the start of this series, we're now embarking on a more in-depth part of the series. We're going to take a deeper look at a TOS that many people agree to without bothering to read or without really understanding what they're digitally 'signing'.

"This was a beast," the person who examined the Zoom TOS told us. "At first, Zoom ToS seem better than I thought. However, I think we must consider there are "recommended features" like generating a voiceprint. Considering Zoom's past history of security issues and misleading information about end to end encryption, trust in this product must be approached with caution."

"Having said this, I personally like Jitsi and Big Blue Button. Keep communications more private and secure."

"Here is a little breakdown of the Zoom TOS and corresponding privacy statement. Warning... it's a LONG one..."

"Seriously. I can't look at it anymore this week!"

ZOOM TERMS OF SERVICE

Effective Date: August 11, 2023
13695 words
Average time to read based off 240 wpm - approximately 57 minutes
https://explore.zoom.us/en/terms/

Owns service generated data
Past security issues
Past programming practices
Past censorship actions toward activists
No responsibility clause
No lawsuits clause

At the center of past controversy about using service generated content for training and AI/ML is section 10.2.

However, since a lot of the information is in the privacy statement (a separate document), some or many users may overlook what is in the privacy statement (a 8127-word additional read).

10.2 Permitted Uses and Customer License Grant. Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses”):

(i) consistent with this Agreement and as required to perform our obligations and provide the Services;
(ii) in accordance with our Privacy Statement;
(iii) as authorized or instructed by you;
(iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines.

You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Uses.

Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom or third-party artificial intelligence models.

Zoom, with its history of censorship and security issues (claiming end to end encryption) as well as implementing background processes on Mac running even after uninstall, have settled lawsuits for as much as 86 million dollars without admitting any wrongdoing. In the past, Zoom has censored speech by activists and activist groups which apparently led to stopping sales in China in 2020 as Zoom abides by local law and was directed to close activist accounts in China.

Zoom claims to not use Customer Content without authorization or to comply with law enforcement and laws. However, Zoom does collect "service generated data" and "owns all rights" to this.

There was some news reports in August 2023 regarding training AI with customer data.

Customer Content is content a customer creates when using Zoom.

Service Generated Data according to section 10.5: You or Your End Users' use of the Services or Software are referred to Service Generated Data. Zoom owns all rights, title, and interest in and to Service Generated Data.

Ownership in section 16.2:

Ownership of Zoom Property. Zoom, its affiliates, its licensors, and suppliers (as applicable) own and shall retain ownership of (i) all Service Generated Data (as provided in Section 10.5),

This includes: - telemetry data
- product usage data
- diagnostic data

10.5 Service Generated Data. Telemetry data, product usage data, diagnostic data, and similar data that Zoom collects or generates in connection with your or your End Users’ use of the Services or Software are referred to as Service Generated Data. Zoom owns all rights, title, and interest in and to Service Generated Data.

This is a longer terms of service with additional docs to also read.

The terms of service begins with a statement to please read these terms carefully. Then, the a statement to "READ THIS AGREEMENT CAREFULLY" states information about the user or agreement party not taking any court or class-action claims.

Currently, there is a bill in the United States - FAIR to prevent terms of service from restricting lawsuits.

https://www.congress.gov/bill/117th-congress/house-bill/963/text

This bill aims to protect against disputes

SEC. 2. PURPOSES.

The purposes of this Act are to—

(1) prohibit predispute arbitration agreements that force arbitration of future employment, consumer, antitrust, or civil rights disputes; and

(2) prohibit agreements and practices that interfere with the right of individuals, workers, and small businesses to participate in a joint, class, or collective action related to an employment, consumer, antitrust, or civil rights dispute.

This bill passed the House already, has the purpose to prohibit agreements and practices that interfere with the rights of individuals to participate in a joint or class action. Like this TOS for example.

There is some content in the ToS restricting sharing your account, billing payments, using documentation, ownership and goes into responsibilities of users.

These responsibilities include abiding with the terms and conditions for you and your users.

Zoom assumes no responsibility for violation of this Agreement.

4.2 Violations by End Users or Third Parties. Zoom assumes no responsibility or liability for violations of this Agreement by End Users or any other third party that you allow, direct, or enable to access the Services or Software. If you become aware of any violation of this Agreement in connection with use of the Services or Software by any person, you must contact Zoom at trust@zoom.us.

Zoom can investigate complaints and how the process may include issue warnings, suspension, removing content, terminating accounts or other "reasonable" actions in its sole discretion.

The ToS goes into system requirements, beta services, recordings, prohibited users, and how they use your content.

10.2 Permitted Uses and Customer License Grant. Zoom will only access, process or use Customer Content for the following reasons (the “Permitted Uses”): (i) consistent with this Agreement and as required to perform our obligations and provide the Services; (ii) in accordance with our Privacy Statement; (iii) as authorized or instructed by you; (iv) as required by Law; or (v) for legal, safety or security purposes, including enforcing our Acceptable Use Guidelines. You grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary for the Permitted Uses.

Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom or third-party artificial intelligence models.

Section 11 covers restrictions of use by children.

Section 12 covers payments.

Section 13 covers taxes.

Section 14 covers termination and suspension

Section 15 covers agreement modification

Then next few sections cover proprietary rights, confidentiality, third party proprietary rights, APPLE iOS TERMS OF USE, medical devices, integrations, export restrictions, safe use. no warranties, indemnification, limitations on liability.

Again, the arbitration notice is in the limitations clause. "Dispute will also include termination of this Agreement". Exceptions to arbitration include claims pertaining to copyright, trademark, domain name, trade secrets and patents.

ANONYMIZED AND AGGREGATED DATA
You agree that Zoom may obtain and aggregate technical and other data about your and your End Users use of the Services and Software on a de-identified or anonymized basis (“Aggregated Anonymous Data”), and Zoom may use the Aggregated Anonymous Data in accordance with applicable Law, including to analyze, develop, improve, support, and operate the Services and Software provided to you or other unrelated customers, during and after the term of this Agreement, including to generate industry benchmarks or best practices guidance, recommendations, or similar reports.

Other sections include: US STATE LAW PRIVACY ADDENDUM, U.S. FEDERAL GOVERNMENT AND OTHER GOVERNMENT USERS, POLICIES; DATA PROCESSING ADDENDUM.

In section 31, you agree to the privacy statement. This is another document with a word count of over 8000 words. So, in addition to the almost hour of reading the terms of service, an additional 33 minutes at 240 wpm bringing the total to about 1 hour and half of reading time.

31.1 Privacy Statement. You consent to and agree to our Privacy Statement, and you are on notice of and acknowledge that our collection, sharing, and processing (which may include organizing, structuring, storing, using, or disclosing) of your personal data will be subject to our Privacy Statement and, if applicable, our Global Data Processing Addendum and US State Law Privacy Addendum.

Zoom Privacy Statement
Last updated: March 17, 2024
Word Count: 8127
URL: https://explore.zoom.us/en/privacy/

The Privacy Statement describes the personal data they collect and/or process (which may include collecting, organizing, structuring, storing, using, or disclosing) to provide products and services offered directly by Zoom Video Communications, Inc. (“Zoom”).

The takeaway here is to always check your settings and what you agree to allow for features, enhancements, and third party integrations.

Could a user hosting a Zoom call inadvertent ally have these settings enabled?

Curious? I know I was. I went to settings.

I searched for voiceprint.

Not found. The settings for recordings was defaulted to record.

If the setting is not easily found, how can you know whether you have something set by default?

AI was NOT set by default.

There are several other features for data collection but one other takeaway would be for Zoom to clearly link to or indicate exactly where the data collections are located in the Settings. This is not required by law, but would be a good faith effort. If you find an app or system where the data collection settings are not easily found to ensure you have not enhanced features to collect and use data, we, as a community could develop a data collect guide or some simple guidance to ensure telemetry or data collection enhancements/features are disabled.

Below is a summary of data collected by Zoom and how it is used.

Account Information: Information associated with an account that licenses Zoom products and services, which may include administrator name, contact information, account ID, billing and transaction information, and account plan information.

Profile and Participant Information: Information associated with the Zoom profile of a user who uses Zoom products and services under a licensed account or that is provided by an unlicensed participant joining a meeting, which may include name, display name, picture, email address, phone number, job information, stated locale, user ID, or other information provided by the user and/or their account owner.

Contact Information: Contact information added by accounts and/or their licensed end users to create contact lists on Zoom products and services, which may include contact information a user integrates from a third-party app, or provided by users to process referral invitations.

Settings: Information associated with the preferences and settings on a Zoom account or user profile, which may include audio and video settings, recording file location, screen sharing settings, and other settings and configuration information.

Registration Information: Information provided when registering for a Zoom meeting, webinar, Zoom Room, or recording, which may include name and contact information, responses to registration questions, and other registration information requested by the host.

Personal Data:

Account information - name, contact info, account ID, billing, transaction and plan info. Profile and participant - user info both licensed account and unlicensed participant joining a meeting including name, display name, picture, email address, phone number, job info, locale stated, user ID and more. Contact info - contact lists on zoom including contact info integrates from a third party app or provided to process referral invites. Settings - preference and settings on Zoom account or profile including audio and video settings, recording file location, screen sharing settings and other configurations.

Device info - Info about computers, phone or other devices used when using zoom including info about speakers, mic, camera, OS version, hard disk ID, pc name, MAC address, IP, device attributes (os version and battery level), wifi info, and other info like Bluetooth signals. The IP address is used to infer general location at a city or country.

Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features Content generated in meetings, webinars, or messages that are hosted on Zoom products and services (“Customer Content”), which may include audio, video, in-meeting messages, in-meeting and out-of-meeting whiteboards, chat messaging content, transcriptions, transcript edits and recommendations, responses to account owner / host-sponsored post-meeting or webinar feedback requests, responses to polls and Q&A, and files, as well as related context, such as invitation details, meeting or chat name, or meeting agenda.

Customer Content may contain your voice and image, depending on the account owner’s settings, what you choose to share, your settings, and what you do on Zoom products and services. As referenced below, Zoom employees do not access or use Customer Content without the authorization of the hosting account owner, or as required for legal, safety, or security reasons.

So, basically, Zoom states your content is collected but is not accessed or used without authorization of the hosting account owner or as required for legal, safety or security reasons.

Zoom does state employees do not access content unless authorized by the account owner or for legal/safety/security reasons.

Zoom employees do not access or use Customer Content including meeting, webinar, messaging, or email content (specifically, audio, video, files, in-meeting whiteboards, messaging, or email contents), or any content generated or shared as part of other collaborative features (such as out-of-meeting whiteboards), unless authorized by the account owner hosting the Zoom product or service where the Customer Content was generated, or as required for legal, safety, or security reasons. Zoom does not use any of your audio, video, chat, screen sharing, attachments or other communications-like Customer Content (such as poll results, whiteboard and reactions) to train Zoom’s or third-party artificial intelligence models.

Zoom does use personal data:

- To provide products and services to account owners, users and invitees

- To customize Zoom products and recommendations for accounts

- Determine what products/services may be available in their location

- Route messages, invitations and emails

- Customer support - access audio, video, files, messages,

- Manage relationships with account owners and others - including billing, compliance with contracts, facilitation payment to third party developers for purchased in the marketplace

If you enable enhanced audio, Zoom will generate a voiceprint either from a recording you upload for that purpose or from meetings you participate in.

This data is retained but you can disable features and delete data any time in Settings. The retention time is until you delete it or up to 3 years after you last interact with Zoom.

If you enable certain video features, data does not leave your device and is not retained, cannot identify you and is only used to generate effects.

If you enable Intelligent features such as Zoom AI Customer Content is only used for the features.

If you authorize Zoom and/or 3rd party marketing, information about your visit, invitations, how and when you visit the websites and interactions are used to provide ads to you.

Additionally, Zoom uses your data for Authentication, Integrity, Security and Safety which basically, it uses your data to "prevent" violations of their terms and any illegal or harmful activity. This includes automatic scanning of content such as:

- virtual backgrounds

- profile images

- incoming emails to Zoom’s native email service from someone who is not a Zoom Email user

- files uploaded or exchanged through chat

Zoom uses your data to communicate with you about Zoom.

Legal Reasons - Zoom uses your data to comply with applicable law or respond to valid legal process.

This includes:

- law enforcement

- government agencies

- investigate or participate in civil discovery,

- litigation, or other adversarial legal proceedings,

- to protect you, Zoom, and others from fraudulent, malicious, deceptive, abusive, or unlawful activities, and

- to enforce or investigate potential violations of our Terms of Service or policies.

Information about how people and their devices interact with Zoom products and services, if authorized by account owner such as:

- when participants join and leave a meeting

- whether participants sent messages and who they message with

- performance data

- mouse movements

- clicks

- keystrokes

- actions (such as mute/unmute or video on/off), edits to transcript text

From the privacy statement:

Who Can See, Share, and Process My Personal Data When I Join Meetings and Use Other Zoom Products and Services?

When you send messages or join meetings and webinars on Zoom, other people and organizations, including third parties outside the meeting, webinar, or message, may be able to see content and information that you share.

Other sections in the terms of service include marketing having the right to identify you and you grant Zoom the right to develop content around your experience. A miscellaneous section with information about successors, governing laws, language, email, interpretation, and waiver.

There is a section for DEFINITIONS of terms.

This ToS included terms of service and accompanying files. One thing to note is while a privacy statement or policy may outline a lot of data collection and uses, this privacy statement is not a terms of service. The terms of services agreement often includes additional documents you agree with. In this case, the length of these documents combined was over 20,000 words taking approximately 1.5 hours to read.

Imagine if you were invited to a half hour meeting or needed to set up a short 15 minute session and you decided to use Zoom.

Again, the default setting for AI was not enabled by default using the web interface. The instructions for voiceprint was not quick to find, for the sample I setup, audio and voiceprint was not found in system settings where Zoom documentation stated it would be so quick information to even check if a feature they use for data collection was enabled or not could not be verified.

There was also a follow-up regarding voiceprints.

"I was attempting to edit when I realized I left out the final step in finding the voiceprint section or - "allowing" certain data," the assessor told us. "AI was not enabled in the browser based Zoom. I installed Zoom on [Linux] Mint. There I found the audio setting for voiceprint. So, that not finding options was due to my using the browser interface rather than an app."

"Still, it shouldn't be so difficult to find options in one or the other when I want to make sure I am not sharing data or enabled features. AI was turned off by default. Still, good to check other settings are disabled by default too."

Many people consent to this stuff only because peers/colleagues pressure if not force them to. Is that really consent? If your boss tells you to do something illegal, must you comply?

Other Recent Techrights' Posts

Daniel Pocock's ClueCon 2024 Presentation Was Also Streamed Live in YouTube and Later Removed by Google, Citing "Copyrights". Now It's Back.
The talk covers social control media, Debian, politics, and more
Improving Daily Links by Culling Spam, Chaff, and LLM Slop
the Web is getting worse
[Meme] EPO Targets
Targets mean nothing if or when you measure the wrong thing
The EPO is Nowadays Trying to Trick Staff Into Settling Instead of Solving the Underlying Problems of Corruption and Injustice
This seems like a classic case of "divide-and-rule" or using misled/weak people to harm the whole group (or "the village")
Richard Stallman 'Unveils' His January 20 Talk in Montpellier, France
It's free (gratis)
 
Links 20/01/2025: Conflict, Climate, and More
Links for the day
Gemini Links 20/01/2025: Conflicted Feelings and Politics
Links for the day
Google 'Cancels' RMS
Is the talk happening?
Microsoft Revisionism Debunked by Microsoft's Own Words About “the Failure of OS/2”
The Register on “the failure of OS/2”
Links 20/01/2025: Indonesia to Prevents Kids' Access to Social Control Media (Addiction and Worse), Climate News Catchuo
Links for the day
EPO Union Says Monopoly-Granting Targets at EPO "Difficult to Achieve Without Compromising [Staff] Health, Personal Time or the Quality of the Final Products" (Products as in Monopolies, Not Real Products)
To those of us (over 99.999% of people impacted by this) who do not work at the EPO the misuse of words like "products" (monopolies are not products) should be disturbing
Links 20/01/2025: More PR Stunts by ByteDance and MLK’s Legacy Disrespected
Links for the day
Gemini Links 20/01/2025: Magnetic Fields, NixOS, and Pleroma
Links for the day
BetaNews Spreads Donald Trump Propaganda, Promotes Scams, and Publishes Fake 'Articles' About "Linux"
This is typical BetaNews
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, January 19, 2025
IRC logs for Sunday, January 19, 2025
Links 19/01/2025: Gaza Ceasefire and PR Stunt by Fentanylware (TikTok), Faking It by "Going Dark" to Incite American Addicts (Users)
Links for the day
[Meme] Hardware RAID and Hardware Raid
We're expecting attacks on the press in Trump's second term (no need to impress anyone for another election cycle) to be far worse than the first
What's Running on the Laptops
12 months have passed
They Won't Buy Vista 11 PCs or "Hey Hi" Copilot+++++++ PCs of Microsoft (With TPM)
Windows at 8%
No Time Left for President Biden to Pardon Julian Assange
At least they tried
[Meme] 404, Not Found
Kuhn: I'd like to interject for a moment, we made an alliance with the Microsoft-dominated LF to outsource projects to Microsoft GitHub and rich people gave us money to do this
Total Lock-down Ambitions - Part IV - The Latest Examples and the Perils (in Summary)
For further reading take a look at Musial's nice outline
FOSDEM is Called "FOSDEM" Because of Richard Stallman (RMS)
The overlap there seems timely; yesterday RMS spoke in French-speaking (in part) Switzerland where questions in French were accepted
Links 19/01/2025: TikTok (Fentanylware) Now Banned in the US, Convicted Felon Talks to Fentanylware CEO and Pooh-Tin About Undoing the Ban Despite the Supreme Court Unanimously Upholding It
Links for the day
FTC Realises Microsoft Buying Fake 'Clients' to Fake "Revenue" (Microsoft 'Buying' Services and Products From Itself!)
Ponzi scheme
Total Lock-down Ambitions - Part III - The Web Browser as DRM Pusher
A lot of "streaming" stuff is DRM
Video: University in Peru Honours Richard Stallman
Tomorrow, January 20, Richard Stallman speaks in France
IBM Termination Story and Information From Microsoft About Mass Layoffs
In 2 weeks of 2025 Microsoft already had 2 waves of layoffs
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, January 18, 2025
IRC logs for Saturday, January 18, 2025
Links 18/01/2025: Restoring the Great Wall of China and Economic Expansion in China
Links for the day
Guardian Digital (linuxsecurity.com) is Spamming the Web With Microsoft's Promotional LLM Slop About UEFI 'Secure' Boot (Which is Against Real Security)
This is an attack on honest journalism
Links 18/01/2025: TikTok's Endgame, "Car Freedom", and Spying in Cars 'Fines' GM (Settlement)
Links for the day
January 20: Richard Stallman Talk in Europe
evening time in Europe, around midday in the United States and Canada
Links 18/01/2025: Apple Getting Out of Hey Hi (AI) Slop (Too Much Misinformation), Chaffbots/Chatbots Try to Settle Copyright Infringement Lawsuits
Links for the day
What Fake News Sites Are Doing to GNU/Linux
The LLM slop about Linux serves two purposes
Links 18/01/2025: Microsofters Upset at Microsoft's Ridiculous Rebrands (Excuse for Massive Price Hikes), Chaffbot Company ('Open'AI) Faces More Lawsuits
Links for the day
Gemini Links 18/01/2025: Surge in Illnesses, ctags, and Gemsync
Links for the day
Slopwatch: Too Lazy to Write Real Articles, Offloading to Chatbots Instead (LLM Slop About "Linux")
The Web was already full of garbage before the LLM frenzy. Now it's even worse.
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, January 17, 2025
IRC logs for Friday, January 17, 2025