Relevant text:

10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: (i) as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3. If you have any Proprietary Rights in or to Service Generated Data or Aggregated Anonymous Data, you hereby grant Zoom a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to enable Zoom to exercise its rights pertaining to Service Generated Data and Aggregated Anonymous Data, as the case may be, in accordance with this Agreement.

  • Otter@lemmy.ca
    link
    fedilink
    English
    arrow-up
    89
    ·
    1 year ago

    Zoom is used by a lot of institutions for official, sometimes sensitive work (ex. Healthcare, education, etc.)

    How are those plans affected by this change?

    • Vodulas [they/them]@beehaw.org
      link
      fedilink
      English
      arrow-up
      34
      ·
      1 year ago

      Zoom has a healthcare specific license for healthcare. Don’t think they could add that in and stay HIPAA compliant, but I can’t any exceptions in the ToS so maybe US healthcare is actually trash and this is “fine”

      • Gaywallet (they/it)@beehaw.org
        link
        fedilink
        English
        arrow-up
        15
        ·
        1 year ago

        It’s definitely not fine, but they may be stupid enough to try and train a model on healthcare zoom meetings. I think I’m gonna let my healthcare company security team know. We do a lot of cross collaborative meetings with the university and I’m not sure their license is the healthcare one. Typically that’s all just resolved through a business agreement, but if it’s a part of the ToS now they may be violating HIPAA without knowing it even while having business agreements not to. Might be worth filling a complaint to give the hhs a heads up that they’re potentially noncompliant.

      • TigrisMorte@kbin.social
        link
        fedilink
        arrow-up
        31
        ·
        1 year ago

        for meeting and other video conferencing needs: https://jitsi.org/jitsi-meet/ , not hard to set up and get going.

        and of course just video chat with no back end there is always https://vdo.ninja/ though I strongly recommend rolling up a jitsi-meet server

        for streaming https://obsproject.com/

        Zoom could easily be replaced at little cost other than someone’s time and a donated fairly modern computer (note: businesses can often deduct the full value of the computer if it is two years or less old and is donated to a qualifying organization, such as a Synagogue).

  • nhgeek@beehaw.org
    link
    fedilink
    arrow-up
    41
    ·
    1 year ago

    This is not good. Thanks for highlighting this. I flagged this for my company’s enterprise risk management committee to consider and act upon.

  • Sebbie@kbin.social
    link
    fedilink
    arrow-up
    36
    ·
    1 year ago

    Went to look at the TOS. The service generated data (10.2) isn’t actually the bad part. However, 10.4 is.

    10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: (i) as may be necessary for Zoom to provide the Services to you, including to support the Services; (ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof; and (iii) for any other purpose relating to any use or other act permitted in accordance with Section 10.3. If you have any Proprietary Rights in or to Service Generated Data or Aggregated Anonymous Data, you hereby grant Zoom a perpetual, irrevocable, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to enable Zoom to exercise its rights pertaining to Service Generated Data and Aggregated Anonymous Data, as the case may be, in accordance with this Agreement.

    Full Text
    https://explore.zoom.us/en/terms/

    • aranym@lemmy.nameOP
      link
      fedilink
      arrow-up
      10
      ·
      edit-2
      1 year ago

      You’re correct, I mistakenly copied the wrong section. (Posted this from my phone)

      Fixed!

  • rhymepurple@lemmy.ml
    link
    fedilink
    English
    arrow-up
    34
    ·
    edit-2
    1 year ago

    A free, libre, opensource, and privacy focused alternative to Zoom is Jitsi, which can be used without an account.

    If you want even more privacy, you could host your own video conferencing service. Some options are below.

  • Sören@iusearchlinux.fyi
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    I had to get security clearance for my job. I hope this finally convinces them to not use zoom anymore. Otherwise the security clearance thing is a joke.

  • PotentiallyAnApricot@beehaw.org
    link
    fedilink
    arrow-up
    33
    ·
    edit-2
    1 year ago

    For people who physically cannot go places or access important services (like healthcare, or their jobs) in person, this is a double violation, because it’s unavoidable. Increasingly, the only spaces available to us, our only avenues for accessing services or community, are becoming heavily surveilled in a way that in-person places are not (though in some places physical spaces are catching up). Everyone deserves well-enforced privacy laws and all these corporations should be regulated , but for people who are disabled or housbound or otherwise forced to rely on digital services that we know we can’t trust, it’s extra bad. Between this and the heavy push to sign up for digital medial record apps, I do not feel great about the future.

  • shiveyarbles@beehaw.org
    link
    fedilink
    arrow-up
    32
    ·
    1 year ago

    Ahh yes they’re going to harvest the infinite wisdom from our weekly conference calls. “Bob you’re on mute”. “Can you hear me now?” I hear echoes " " Bill is that a bong on your desk?"

  • Buttons@programming.dev
    link
    fedilink
    English
    arrow-up
    28
    ·
    edit-2
    1 year ago

    Entire industries are bound by the terms of a single company. Time for some anti-trust enforcement.

    Some privacy protection laws would also be good.

    Some politicians who are capable of understanding any of this would also be good. (What a mess we’re in.)

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      8
      ·
      1 year ago

      and when that data ends up going a lot farther back than the date of this policy change… that is, that they’ve been collecting it all this time.

  • kuchai@beehaw.org
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    This sucks. A lot of people like me only use zoom because classes/webinars/meetings/interviews are hosted there and we can’t really complain about something we have to attend for our own good, especially if everyone else is doing it. It sucks so bad, I hate how it’s like this. I wish people in my country would care enough to find this AI shit a red flag, but sadly I don’t think so.

    • tuhriel@infosec.pub
      link
      fedilink
      arrow-up
      3
      ·
      1 year ago

      It still might help if you point it out to the orginsator… Especially if you makebit clear to them that their copyrighted slides, etc. will be part of that aswell

  • knowledgephoenix@beehaw.org
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    User-generated data like recordings of all video and audio from meetings? Is that legal? And wouldn’t that be a lot of video to store?

    • Scrubbles@poptalk.scrubbles.tech
      link
      fedilink
      English
      arrow-up
      10
      ·
      1 year ago

      of course it’s legal. You clicked “I agree” once 8 years ago when your aunt sent you a zoom link, that means they can watch everything you ever do ever again for any purpose, and that’s completely fair. /s

      We need to ban the TOS model. There is no way artists uploading to DeviantArt 15 years ago could have known that their art was going to be trained on, there’s no way that should be legal. We shouldn’t be forced to sign away all rights for our content so it can be used in ways that don’t even exist yet so we can join a video call. When we had landlines we had laws about this, but we’ve never seen anything like that for the internet.

    • aranym@lemmy.nameOP
      link
      fedilink
      arrow-up
      20
      ·
      edit-2
      1 year ago

      It never is by default. In fact, they got in a bit of a fiasco early on (before their current E2EE implementation) for using the term “end to end encrypted” after it was revealed they were simply referring to TLS.

      • intensely_human@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        huh. It’s not even misleading it’s just plain false. TLS doesn’t operate at the application layer, it operates at the Transport Layer. End to end means Application Level encryption.

  • ijeff@lemdro.id
    link
    fedilink
    arrow-up
    6
    ·
    1 year ago

    Interesting. I wonder if anyone has a document comparison between the two versions.