Zoom has agreed to an $85m settlement regarding privacy, zoom-bombing, and data sharing. The class action privacy lawsuit filed in the US against the embattled company wasn’t particularly impressed with the following:
- Zoom-bombing running wild in video sessions. Zoom-bombing, the practice of joining sessions without permission and causing mayhem, exploded into life during 2020.
- Claiming to offer end-to-end encryption, when they were using something called transport encryption in places. They later had to clarify that they meant data was encrypted at Zoom endpoints. In theory, the company could access the data but said they don’t directly access it.
- Sharing data with social media companies even if you don’t have an account with them. Zoom used Facebook’s Software Development Kit for app features, which resulted in data being sent to Facebook. The part about data being sent even without an account wasn’t made clear, according to Motherboard. As a result of the linked investigation, Zoom decided to remove the Facebook SDK. They also apologised for the oversight, and shut down “unnecessary device data” collection.
Interestingly, one part of the settlement is a request for Facebook to delete US user data obtained via the SDK.
The numbers game
How badly have Zoom done off the back of this settlement? Well, it’s complicated. It essentially boils down to around $15 for people without subscriptions, or $25 for folks with pricier accounts. It's worth noting these amounts are specifically for US-based Zoom users, with a few exceptions. If you’re using Zoom outside of the US, you almost certainly won’t be getting fractionally rich from this one. Sorry!
As for Zoom, your mileage will definitely vary as to whether or not you think these costs are sufficient. According to reports, they made around $1.3 billion in subscriptions from paying US customers. The plaintiff’s legal team says the $85m is “reasonable” considering other costs tied to legal action. They're also seeking $21.3m in legal fees from Zoom.
A fitting punishment?
Is it reasonable, though? Or should the total be higher? According to The Register, the $85m amount is “around 6% of the total revenues collected based on allegedly unlawful activities”. In many ways, Zoom wandered into a metaphorical gunfight they couldn’t hope to put a lid on. Nobody could’ve predicted the pandemic, or the massive shift to working from home. Much less which remote communication tools would rise or fall as a result. It just so happened the fates aligned and picked Zoom. It’s arguable no company could have weathered such a dramatic spike in users and rapid-fire improvements. It’s also arguable many issues could’ve been avoided if Zoom had shown a little more foresight, instead of seemingly playing catchup a lot of the time.
Trolls have been crashing private forums, chat sessions, web-chats and anything else they can get their hands on for years. Was it really a surprise the same would happen to Zoom sessions? Was a tipping point required before passwords and waiting rooms were enabled by default for all meetings? Biometrics, tracking, and monitoring people working at home is increasingly frowned upon. Did anyone really think features like Attention Tracking would be popular?
A hard lesson learned, but some may feel the lesson should have been much harder.
How do users get their money?
It’s still being worked out, and you’ll almost certainly need to see who qualifies and who doesn’t. The current plan is to apply for awards through a specific website. It’s likely there’ll be imitation pages and phishing mails aplenty once it goes live. It remains to be seen how many people will actually apply, and some aspects of the case aren’t fully hammered out yet so we’ll likely revisit this one come October.