This is an automated archive.

The original was posted on /r/cybersecurity by /u/OtheDreamer on 2023-08-07 13:18:28+00:00.

Posting here as there are potential security concerns that I haven’t seen discussed elsewhere yet. As noted by others, the Zoom TOS update came rather suddenly and there is no opt-out. This likely relates to Zoom’s “Intelligent Recap” features that they’re trying to roll out & more (based on their description of how the data will be used and sold).

“10.4 Customer License Grant. You agree to grant and hereby grant Zoom a perpetual, worldwide, non-exclusive, royalty-free, sublicensable, and transferable license and all other rights required or necessary to redistribute, publish, import, access, use, store, transmit, review, disclose, preserve, extract, modify, reproduce, share, use, display, copy, distribute, translate, transcribe, create derivative works, and process Customer Content and to perform all acts with respect to the Customer Content: […] _(ii) for the purpose of product and service development, marketing, analytics, quality assurance, machine learning, artificial intelligence, training, testing, improvement of the Services, Software, or Zoom’s other products, services, and software, or any combination thereof”

The main issue with security implications I’m looking out for more information on, is how exactly their AI is going to be able to train on customer content, assuming Zoom has End-to-End encryption? I remember Zoom falsely advertising for years that they had E2E, when in reality they had the ability to access streams the whole time. This led to the class action lawsuit that settled last year. Has anybody seen more information on this?