Hacker News new | past | comments | ask | show | jobs | submit login

That's kind of the point isn't it? You can't know, because it wasn't actually e2ee, eh? That's the harm.

Also, think of the competitors of zoom who lost customers to them due to their lying, that's a harm too, eh?

These are hard to quantify but they're not nothing.




Well, we can know.

It was encrypted, but not E2EE, so the only person who could have spied was Zoom itself, and we know the how too - by the same mechanism it performs a video recording, for example.

We just don't know if. But seeing as we've had zero reports of any real-world consequences that could only have come about by Zoom spying, combined with the fact that "spying on your customers" is anathema to your business model and therefore a risk no sane and rational board of directors would ever approve (moderate upside, enormous possibly business-ending downside if ever discovered)... Occam's Razor says no spying ever occurred.


Do you know about the every case of industrial espionage? No, because neither victim nor perpetrator are interested in sharing that info.


You definitely can’t apply Occam’s razor simply because you don’t have access to information.


Ockham's razor doesn't apply in adversarial contexts.


"Zoom itself" spying sounds quite unlikely, "bribed underpaid Zoom intern" sounds a lot more likely, "the gvt. sending one of those silent warrants" sounds almost unavoidable.

Non-E2E encryption doesn't give access to just "the company" (which probably doesn't care to spy on you, true), but absolutely anyone who can bribe/trick/coerse anyone in their "supply chain" (from the CEO to the sysadmins, hosting provider, even janitor...). Not to mention a data leak due to a vulnerability in any part of their stack.

The company has shown complrte disregard for security multiple times in the past and I wouldn't be at all surprised if they had major security holes. And since they already lied about E2EE, it would be entirely safe to assume they would not have disclosed a breach either.


"We can know" ... "We just don't know if." ??

And that's not what Occam's Razor means.


>You can't know, because it wasn't actually e2ee, eh

You can know that nobody external to Zoom spied on those streams as they were encrypted between client and Zoom servers. The fact that Zoom had access to your stream, in principle, is par for course.

>These are hard to quantify but they're not nothing.

And they got in trouble. There is the FTC slap and the PR cost associated with the negative publicity. That feels about right for the level of infraction. But when these kinds of articles come out, people are calling for regulatory bodies to 'make examples' of the companies in question. That's not how it works. That's not how it should work.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: