This lawsuit settlement with Zoom begs the question how much Facebook users should get, given similar false claims of end-to-end encryption.

Zoom misrepresented its end-to-end encryption.

Seems like a redundant sentence, yet still good to see it officially stated.

Strangely, this giant lawsuit excludes any large customers who may have suffered the most egregious violations of trust. Note the “only” exception:

…“registered, used, opened, or downloaded the Zoom Meeting App” between March 30th, 2016, and July 30th, 2021, you can file a claim for $15. However, if you have only used Zoom with an “Enterprise-Level Account” or a government account, you’re excluded from the settlement.

Why?

It is not explained. The settlement details are in a PDF Notice.

The key phrase (pardon the pun) for me out of all the court documents is here from page 2 (also a PDF).

Zoom can still access the video and audio content of Zoom meetings.

That’s in fact a very similar problem to Facebook’s false representation (lies) about its implementation of encryption.

Technically Zoom made a different set of mistakes, however, and a court doc like this one all about that kind of distinction and detail.

For example, the court says the plaintiffs are probably right that Facebook and Zoom conspired to violate privacy (after all, Zoom hired the disgraced ex-CSO of Facebook to help drive its Titanic-level errors) but plaintiffs also did not always provide evidence of how they themselves were affected by each flaw.

The Court concludes that one former Plaintiff may have adequately alleged that Zoom shared her personal data through the Facebook SDK. Specifically, former Plaintiff Cynthia Gormezano alleges using Zoom on an iPhone “in March of 2020,” FAC ¶ 52—which is likely
while Zoom’s iOS app still implemented Facebook’s SDK. However, on February 18, 2021, Gormezano voluntarily dismissed her claims against Zoom without prejudice. ECF No. 158. Thus, the question is whether the remaining Plaintiffs adequately allege that Zoom disclosed their device data through Facebook’s SDK.

So Plaintiff Cynthia Gormezano dismissing her “adequate” claims meant an important specific flaw was swept under a rug since others couldn’t continue without her.

Is $15 enough compensation for such a failure of encryption and the exposure to Facebook’s “criminal executives” who failed even more massively at privacy?

Other related posts:

• Simple Illustration of Zoom Encryption Failure
• Safer Alternatives to Zoom
• Timeline: Did 2018 WhatsApp Security Flaw Lead to Assassination of WashPo Journalist?
• Facebook’s “secure” messaging app has been found vulnerable to compromise by a simple call.
• Can Facebook’s CSO be Held Liable for Atrocity Crimes?

The accuracy in this one seems very low, but the StrategyPage article emphasizes a mindset where some knowledge is better than none.

…an algorithm developed by an army reserve officer, 2nd lieutenant Christian Lance Relleve, whose academic studies covered architecture as well as HSGI (Human Security and Global Intelligence) and International Relations. Relleve presented an algorithm that could predict the internal layout of a building with 70 percent accuracy based on what country the building was in, what the apparent purpose was and obvious external features. Relleve noted that there were many external indicators of how the internal layout was and he examined layouts in many countries for various types of structures.

I’m kind of curious if the accuracy is even lower in reality because many of the “correct” assessments are just warehouses, toilets or similar single-use simple construction.