353
submitted 1 year ago by L4s@lemmy.world to c/technology@lemmy.world

Zoom Changes TOS to Say It Won't Train AI on Your Calls 'Without Your Consent' After Backlash::Zoom added a line to its terms of use on Monday, after concerns that the company was using calls to train artificial intelligence algorithms went viral.

you are viewing a single comment's thread
view the rest of the comments
[-] phx@lemmy.ca 43 points 1 year ago* (last edited 1 year ago)

So if they actually implemented E2E encryption like they said (last time they were called out on lying about it), how exactly would they even collect this information?

You'd need to MITM the calls for it to even be possible, which raises other issues...

[-] jsveiga@sh.itjust.works 24 points 1 year ago* (last edited 1 year ago)

Technically they can collect whatever they need, before encrypting to send from E to the other E, and send, with or without encryption, to their servers. The "E"s are the devices on each end, not necessarily the users mouths and ears.

You can send your typed credit card to that site using SSL encryption, but the number can be captured by a keylogger or a screen capture before being encrypted.

[-] outdated_belated@lemmy.sdf.org 11 points 1 year ago* (last edited 1 year ago)

So it’s basically “some stuff is E2EE, other stuff is not” which, absent knowing which is which, boils down to no E2EE at all.

[-] jsveiga@sh.itjust.works 2 points 1 year ago

Basically this. I don't assume that just because it's E2EE (or says it's E2EE) it's privacy safe.

Unless maybe if it's my own system on both sides, running Linux, connected through some FOSS VPN I've set up myself, chatting through nc tunneled through ssh with a 100% silent wired keyboard, no monitor, no network, and everything powered off. Inside an underground lead bunker.

That doesn't mean I don't use Teams, Whatsapp, Gmail, etc. I just don't assume it's private.

[-] phx@lemmy.ca 3 points 1 year ago

True, but in that case you don't actually have real E2E encryption anymore, as it would need to be sending copies the data to a tertiary destination for processing by AI. The application itself would be the malware (which, TBF is kinda accurate for Zoom anyhow)

[-] jsveiga@sh.itjust.works 1 points 1 year ago

E2E just means it's encrypted from end to end, iow, it's not decrypted in the middle of the way.

If I was using an E2E communication application, I, for one wouldn't automatically assume that meant it was not eavesdropping.

[-] frozen@lemmy.frozeninferno.xyz 1 points 1 year ago

Yeah, Zoom could encrypt the data twice with different keys, send one packet to their data collection servers and the other to the other people on the call. It's still technically E2E encrypted, there's just two sets of "ends" (origin to data collection and origin to meeting).

[-] ultratiem@lemmy.ca 11 points 1 year ago

Surprise, it’s not end to end encrypted!

[-] phx@lemmy.ca 3 points 1 year ago

Well, not really a surprise. Hell,I wouldn't be surprised to have it come out and Zoom say "well we didn't say which end the encryption terminates on"

[-] KIM_JONG_JUICEBOX@lemmy.ml 3 points 1 year ago

Lol is it really E2E if you purposely put an MITM in there wtf? What I guess they hand out the private keys?

this post was submitted on 08 Aug 2023
353 points (100.0% liked)

Technology

59119 readers
2956 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS