What's surprising to me is that it was allowed before. They have had their own videochat solution for years, so I would expect the usual "eat your own dogfood" approach.
It's frustrating because Google Hangouts used to be great, and then Google purposefully started cannibalizing their own platform.
I really want to know what goes on within Product Management at Google, because looking from the outside in I cannot imagine anything other than sheer incompetence.
The rumors from inside Google is that there's no way to get credit/be rewarded as an employee simply for maintaining an existing solution, or even for fixing obvious breakage. Every incentive is tilted towards starting new projects, often multiple projects in the same domain directly competing with one another. There are some positives to this of course, but clearly it's being overdone.
But still...As a prod manager,you aren't coming up with new projects every week, your entire job is to ensure the roadmap is decent and not taking the product into the graveyard. The company has so many people and yet can't produce a single product with a decent UX.
I worked at Google 2006-2010, and from where I sat, Google's biggest problems were (1) rapid erosion of corporate culture over that time frame and (2) weak project management.
A friend was managing a project on a shoestring budget. Upper management (C-suite) had reviewed the idea and green-lit it. He had been told Larry and Sergei in particular had voiced support. He got it done ahead of schedule and under budget by managing a stream of off-cycle interns. The week it was scheduled to go live, someone in middle management killed it. My friend and his team got zero credit for a job very well done, a big setback for him. He and I were working on an internal tool for datacenter management as a 20% project when I left. I asked him about it later, and our 20% project met a similar fate: enthusiastic support from management, including giving us some resources, all the way through completion, followed by cancellation shortly after completion. My friend left less than a year later.
Another friend started a modest improvement to chat as a 20% project, which later got expanded to a full-time project for several engineers. I forget the external name, but the internal code name was "Taco Town" after the SnL skit. Walkabout / Wave was a skunkworks project that used its separate repository, which was very rare at Google. People knew something mysterious was going on down in Australia, but we really had no idea what it was, other than the Google Maps guys were running it and it was named "Walkabout". When Walkabout / Wave came out of skunkworks mode shortly before external launch, the Taco Town team realized they needed to launch very soon or their project would never launch because its functionality was subsumed by Walkabout / Wave. Taco Town rushed its launch, was a bit buggy and had some scalability issues that they knew about, but expected to be able to improve shortly after launch. I think Taco Town's botched launch a few weeks before Walkabout/Wave contributed to initial confusion around Wave and some of Taco Town's problems colored perceptions of Wave's launch.
Shortly after I left, Google publicly announced they'd be putting "more wood behind fewer arrows", which was a step in the right direction.
I get it that management doesn't want to discourage engineers or stifle innovation, and they know they don't have a good handle on what will be successful and what won't, but keeping around zombie projects gives engineers false hope. The "throw mud at the wall and see what sticks" style of project management can be soul-crushing for talented junior people managing small projects, unless they're properly supported and really get proper credit for doing a very good job engineering something that fails for non-engineering reasons.
The screensharing is truly atrocious. Any window over, say, 1280x720 looks like total garbage on the other end. Aliased to hell, unreadable text, "ghosts" when you scroll.
Anyone remember Google Allo? I think it had video? If they made it a discord kind of thing it might have worked but instead they chose to compete with their own products.
Allo didn't have video, that was Duo's job. Hangouts Chat is their Slack/Discord competitor, and Hangouts Classic is the version that everyone has in Gmail. Hangouts Meet is their Zoom competitor. Both Hangouts Classic and Meet can video call, I believe. Chat piggybacks off of Meet. Hangouts Chat and Classic are named the same but are two different products.
Some employees had it installed on corp devices, maybe to connect with their friends and families. Google has banned even installing that app on corp devices. Nobody used it for corp work.
It's surprisingly common for people not to own a non-work computer other than a phone/tablet, especially now that prevalence of desktop computers is declining. Some people do still have a home desktop, or a separate personal laptop, but a lot of people I know don't. Or they might have one but it's a shared family computer that's mostly used by the kids, while parents use their work laptops.
This is correct.When all this Corona thing started,we put the entire office on remote. Before we did it,we had to assess who's got what at home. In my department it was about 20% without a laptop/pc. In others was similar.We simply gave company's PC to take home and called it a day. It's a small company, so obviously things are simpler here.
> What's surprising to me is that it was allowed before.
> They have had their own videochat solution for years, so I would expect the usual "eat your own dogfood" approach.
If an engineer from Microsoft has to speak to an engineer from Google, and you think they should both be dog-fooding their own video application... how do you see that working? Just both dig their feet in and never talk to each other? Seems silly to me.
One or both are going to have to install a video application that isn't their own aren't they?
They've probably run in to a similar issue to Apple whereby they've found their consumer-grade "phone auntie susan once a week" offerings don't stand up to the needs of everyone working remotely needing screen sharing, hot seating in and out all day long chats.
We're using MS Teams and it seems to be pretty great for us (team of about 15), we use Skype to contact the remaining 20ish more junior staff who don't need Teams licenses just to be able to keep in touch with their work and keep the face to face communication going.
I knew I would get downvoted. But folks seriously don’t remember the pain before Zoom. And the current pain anytime we have to use a GoToMeeting, Google Meet, Webex or other tool that barely functions.
Human interaction that actually works right now is so important. And I simply have a hard time trusting another product to actually do the call reliably
So has Google Meet and Hangouts. So was Skype, when I used it about 5 years ago.
Perhaps I'm just used to them as a remote worker, but they were never all that janky to begin with. Or, rather, more janky than the other tools available at the time.
Right. I've worked almost only remotely for several outfits over more than ten years although conveniently I am currently unemployed. I have used WebEx, Skype, Hangouts, Slack's built-in video conferencing, Zoom and I'm sure I'm forgetting others. If you have a sane setup all of these work fine.
I hadn't used Jitsi until this current situation meant friends wanted to "meet up" drunkenly on Friday evenings but it's the same.
The main obstacles are hardware. The cheapest correct working solution for a single individual participant is a headset and a webcam. Can you use lapel microphones, or (as two of my Youtube creator friends do for Friday evenings) sit in front of a huge professional microphone with filters? Yes, yes you can but that's not for most users. Can you plug a high-end SLR that's focused dead on you into a converter and stream that instead of a webcam? Yup, but again most people either don't own an SLR or don't want to set it up just so they can be a bit clearer and brighter when drunk.
And the thing about hardware is that we abstracted this away entirely. Zoom doesn't have different hardware support from Hangouts or Skype or any other tool.
"Which VC tool should we use for this meeting?" is a bike shed discussion at the best of times. Chances are good either you didn't need a video conference at all, or any of the tools would have been fine.
Yep I’ve been working nearly 100% remote for five years and have several WebEx conferences every day and Zoom doesn’t perform any better or more reliably than WebEx.
Teams is awful. Skype is worse. WebEx is just fine. So is Zoom.
Google Meet is the only one of these that has always worked reliably for me. Doesn't require any strange clients, works in most browsers, never randomly fails to move just some person's audio and so on.
Disclaimer: I work for Alphabet, but already held this opinion before I did.
Yeah, probably. But what should I do about it. It’s unusable for me. Doesn’t work with Chrome, doesn’t work with Firefox. Zoom works for me every single time.
Edit: Maybe if I could receive some support from Google to find out what my problem is, I’d be able to fix it. But that ain’t going to happen.
Almost all problems on video conferences are on the user's end. What Zoom excel at is to mitigate most of those user issues by trying to figure out all the corner cases that the user might be in.
I couldn't get it to work in Firefox ESR on Debian 10, and audio was consistently choppy for me in Chromium 80 after I went through their forced account creation process. Zoom wouldn't use my camera either in Chromium :c
Jitsi and Google Meet worked by following a link and clicking one popup. Much easier UX
Same here - often it'll tell me I'm waiting for other people to show up but the other people will never see I'm there. It works somewhat better with Chrome but I loathe having that installed on my Mac. Rarely I do have to do so, but am forced to spend time removing its tendrils afterward (it's not just deleting the app!).
It's missing too many features to be usable. No remote control. The speaker detection is terrible. Audio quality is bad. We only use it because we are cheap and it comes free.
We use Google Meet and it struggles to keep up with meetings with more than 10 people. It seems that the common hack is to ask each attendee to disable their camera. On the plus side, it is the only one that reliably works from a browser only.
I gave up on Google Meet/Hangouts/Whatever. When chatting with Googlers, it is really nice. But their products available to me as a non-Google employee suck and change quite a bit. Just trying to debut issues with participants was frustrating it it would vary based on how they clicked the link, what they had running, etc.
I wish Google would just provide the internal tool and sell that. It’s the opposite of dogfooding their product. They eat the good stuff and product a lesser product to their customers.
When I tried it years ago, the GSuite version could not dial out to an external phone number to join them in. Is this now available to gsuite users?
I tried looking up the features on the Wikipedia page [0] and didn’t see a really comprehensive list. I reviewed Wikipedia because when I searched for google meet, Google’s top result (that seems like their product page) [1] just had an “open” button that linked out to the App Store to install “Hangouts Meet by Google.”
only skype worked for us meeting group to group over single feed and open speakers, skype seems to work well doing audio google meet hasn't fixed it for ever. personal audio on most works for me, unless you have like less than 2-3megabit for video.
I'm surprised to hear that google meet doesn't work well for others. We've used it exclusively with all our clients for the past 5 years simply because its integrated into google calendar, but we've never had any reliability problems with it. Most problems we have are based around people trying to figure out how to unmute their conference room mic.
100% agree but I'm tentatively hopeful that alternatives to Zoom have caught up. Zoom raised the bar and I have seen that other products have improved. Meet is decent right now and Jitsi (in my very limited testing so far) seem actually pretty great, possibly better than Zoom (they mix audio more smoothly when two people are talking over each other in a way that is less jarring, not sure but that's my current theory of why it "feels" better). Even historically awful alternatives like Webex really are honestly improved. Anyway, Zoom is getting outed as being a seriously a-hole company - there are definitely alternatives better than selling out just for convenience of not switching or even trying to find an alternative.
Yes. I find jitsi one-on-one audio call is better than zoom. Screenshare is equivalent to skype if you set the fps to 15. zoom is better for videos if it involve large number of users.
Zoom just showcased this back to back to back to back in a few weeks time). They played tricks with the words. "we wrote ABC but what we really meant is XYZ" is a shitty response to any type of audit/scrutiny.
This is a public company. They have an Internal Audit. What the hell were these guys been auditing in security audits??? The color of the background????
I share you pain using other products, I really do. I'm stuck with Skype for Business and Webex. However Zoom's attitude to security is unacceptable, and therefore I will not accept it. Full Stop. Every now and then I'm on a company call that, if made public, could do serious harm to the company. My children do video calls with their friends from their bedrooms without adult supervision. In neither of those scenarios am I willing to trust Zoom right now.
I'm baffled by the amount of people claiming zoom to be painless or working, even. Don't you know any linux users? Zoom is utterly broken beyond comprehension on any variant or flavour, even when `sudo`ing everything: installer, running, audio setup (pavucontrol) to try to figure out why it refuses to work, etc
I concur. I haven't tried Zoom on any other platform yet, but it has been 100% reliable on my Ubuntu machine. Nothing else even comes close. I've had hundreds of Zoom calls over the past 8 months, from 1:1s to all-hands with ~500 participants. Audio, cameras, screen sharing all worked every single time.
We have two Linux users (myself included) that it works great for. Better than pretty much every other video conferencing tool I've tried on Linux. I do use the flatpak installer so that dependencies aren't a problem.
Linux user here. I have tried them all and Zoom is not perfect but is multiple levels above any of the competitors. Don't even get me started with WebEx.
I loved BlueJeans but I don't think they have a free option either.
It was really nice to just send a URL to someone and then have them pop into a BlueJeans meeting without a pre-installed client.
I have to agree. I deal with vendors a lot, so I've used a bunch of different ones: GoToMeeting, BlueJeans, WebEx, Skype. And the experience of using those ones is painful. Zoom is a joy to use. Its not perfect, and I have my complaints (when I'm sharing a screen why can't I make the gallery view large so I can see everybody on a second screen??) but it has been rock solid.
I just switched to GoToMeeting and they have improved significantly since the last time I used them (before Zoom). New interface, transcription, unlimited recorded meetings in the cloud, great audio so far, I’m happy.
I've only used Zoom in recent times and while it has seemed fairly solid, I also can't say I've noticed any major differences from Google Meet.
We use it internally at Xero, more than ever currently with working from home, and it's been solid from what I've experienced.
Given we also use Google Calendar, joining a meeting is pretty straight forward, as a Meet link is populated in each event, and shows up on the home screen for meet.google.com
Usually the only mic issues that occur are people using their own headsets with audio gain set too high or flaky bluetooth connections
Running in Firefox, it works great for the most part although sadly it breaks every few months. It'll tend to drop me from the lobby a few seconds in with "Network Error" or something along those lines. I would get frustrated but given it's a work tool, a few days to a week using Chrome (just for calls) and Firefox is back in action again.
We also conduct our postmortems via Google Meet and it generally seems to support 50+ person calls fairly well. That said, we use Hangouts Streaming for All Hands type of stuff so I couldn't speak on performance with hundreds of users at once
Purely anecdotal but my coworker has an older HP laptop (specs are still a respectable 8GB ram, presumably quad core CPU) and finds that he can't be on a Google Meet call while also doing development as his fans will flare up too much.
I would actually quite appreciate a Google Meet desktop app (that's not electron) but I guess the premium userbase tend to have enough specs to throw at web-based products
Oh yeah, I do appreciate that Zoom presumably doesn't require any fancy logins because running Google Meet on a phone requires a device policy in order to connect to a call.
I can either install it on my device plainly (requiring a pin to login going forward vs say, a fingerprint) or I could install it in a work profile. The latter is cleaner but then I have an entire second set of apps just to join a call on my phone once in a blue moon :(
At least you can dial into meetings but I find the audio is kinda wonky at times.
Having said all this, I can respect the product but I'm always happy for a non-Google entity to win in any given space ;)
As someone who demos software frequently, GoToMeeting is the only one that ever held a candle to Zoom for me. Webex does weird shit to screen shares on Windows, and don't even get me started on Teams/Skype. The rest are pretty obviously not designed to be used for screensharing.
Agreed. This is my biggest complaint with it, the functionality is amazing but if you're on any sort of laptop the poor thing will melt halfway through a meeting.
hangouts isn't bad at all. Dumb product decision to only be able to see 4 people at once tho. Probably biggest reason people are on Zoom and not hangouts right now
Sure it mostly works. But when your livelihood depends on online videoconferencing the last 10% of reliability that Zoom provides is extremely important
Because sometimes there are contractors, or consultants, or vendors, or partners you work with that for one reason or another can't use internal options.
Not the person you asked, but I personally really dislike Jitsi for the following reasons:
* We run into so many issues screen sharing, usually it's just that the persons screen doesn't show up, but it's also often way to compressed to read
* Even just 1 on 1 it makes my laptop cry, with 5 or 6 people in a conference I have to minimize the application or I cannot use my laptop at all because of the CPU load, and at 12+ people even with the application minimized it was maxing out my 2017 Macbook Pro CPU
* For comparison, I recently was in a 230 person Zoom conference, laptop hardly noticed
* I often have audio issues and it requires restarting the application or chrome before it fixes itself
* Really the performance of it is the biggest reason I hate it, we tried having a "lounge" where people join it and just chill while working, but we stopped because once a few of us got on it our computers just became unusable
I've got probably about a half dozen data points with each, and they seem about the same to me -- my laptop (2018 Macbook Pro) heated up about the same for the 12-node Zoom conference as the 12-node Jitsi conference (neither so badly that it affected the rest of the system or made me worry about anything); people seem to have about the same rate of technical issues / bandwidth issues.
I have to reboot if I want my laptop back after a Jitsi meeting. It sends the Windows audio driver into a resource-consuming tailspin from which it does not recover. In all fairness I've had issues with the audio driver before on this laptop but that's the only application that has this particular effect.
If you avoid firefox and stick to either Chrome or the unofficial (but perfectly working) electron app I've had zero issues. Using the free service (not a self hosted instance) I've had several calls with 10-20 (all video) people and not a single hiccup.
If you are using firefox you will encounter issues
My experience: On one computer it froze Firefox. On another computer it crashed Firefox. On my phone (Jitsi Meet via F-Droid): I once had a big meeting where it seemed like only call-in users could hear me, another time during a rather large meeting the application crashed, and recently I had a successful conference with 4 people.
The phone application had a few updates between the failures and the success, so perhaps everything's sorted out. I also need to give the desktop native application a try.
I'm rooting for them, I really hope we get a viable free software option. But we should be honest about the state of things right now.
If my livelihood depends on interacting with people, I need a super compelling reason to switch. Not to mention considering whether the hassle of using/maintaining Jitsi myself is worth billable rate doing work I’m actually interested in
Well, I was also instructed by my company to uninstall Zoom clients. And Zoom deliberately make the "use the web version" as obnoxiously difficult to use as their native client is easy. (Why would that be, I wonder? Hmm...) Is "I need to talk to someone at one of the dozens of companies that have forbidden Zoom" a good reason to switch to Jitsi, which is 1) open source 2) entirely browser-based 3) runs anywhere Chrome runs without any extra plugins / installation?
Jitsi hasn't been great for my team. Our company switched to Whereby and it is worlds better than jitsi/zoom and whatever else. Only thing I'm not sure about is sharing on-screen audio.
Is there any technical merit to this ban? Why would forcing use of web version mitigate any concerns? (The concerns I have heard are lack of proper end-to-end encryption, servers in China and the possibility to join chatrooms by guessing a name (zoom-bombing)).
Seems perfectly sensible to ban all software that is not pre-approved by IT, InfoSec and Legal.
You can't safely assume all your employees are properly assessing the risks unless that is their actual job. If you only allow what you know then you can reason about your risk.
I'll be absolutely stunned if people are really having to raise JIRA tickets instead of typing "brew install" but my information is secondhand so what do I know.
Our laptops are configuration managed, force upgraded, and surveilled, but we all have root and IT has never stood in the way of "power user" behavior. The extent of the frustration in engineering is that their management processes sometimes eat CPU. My understanding is that most of the Valley is like this.
https://github.com/google/santa is used to whitelist binaries on Macs, but you can fill out a form to instantly opt out. One of the options for why is "I use a package manager".
The Code execution vulns for both OSX and Win10 probably. In windows clicking a UNC path link would pass hashs. I believe for OSX there was an installer trick that allowed any code to run if triggered.
But those vulnerabilities were there, at least on OSX, because they were trying to avoid OSX's security warnings. And this is not the first time they've done something skanky like that.
Once may have been an honest mistake; 2+ times is now a pattern.
Installing third-party software on corp devices is generally a no-go at a lot of workplaces. With the security problems that Zoom has been having, it's only prudent of IT to ban its use on work devices.
> Why would forcing use of web version mitigate any concerns?
Because the web version runs in a browser sandbox, so there's a reduced risk of it compromising the security of the corp device.
> The concerns I have heard are lack of proper end-to-end encryption, servers in China and the possibility to join chatrooms by guessing a name (zoom-bombing)).
Googlers don't use Zoom for work, they use it for personal stuff, so that's not the problem.
From the perspective of a generic IT department: Even if there aren't any security problems with having the client installed on your workstation - the problem is that when they've made so many amateurish security mistakes, it's difficult for IT to trust the binary blob that Zoom wants you to install on your computer.
Corporate device security is a series of safety-versus-efficiency tradeoffs, made with incomplete information. Banning Zoom does not really compromise efficiency, if you aren't using it for work stuff.
"For those who have no choice but to use Zoom, including in contexts where secrets may be shared, we speculate that the browser plugin may have some marginally better security properties, as data transmission occurs over TLS."
Apparently the web version doesn't use their homegrown encryption scheme.
Using Zoom or any other videoconferencing app that might retain data for an internal meeting is presumably banned regardless, and unnecessary given that Google Meet exists. But some employees might need to use it to videoconference with customers and partners, and some employees might be using it for personal calls on their work laptop. Banning the native app of a company that is clearly 100% shady 100% of the time seems wise.
Same in my org. Employees cannot setup Zoom meetings but can join meetings set by others from outside the org but only via browser. Zoom apps are banned and all installed apps in managed devices will be removed by IT.
From a usability perspective, it worked decently for me for about a week, then stopped working (dying upon opening) for about a week. Now it seems to work again. This is on the Linux (X11) client.
I interviewed at Google a while back for an SRE position working with the Hangouts team. My first interview was in another office and the audio in Hangouts session would not start. We ending up having to move on to the next interview. I'm not surprised even Google employees don't use it.
There was a running joke (out of frustration, really) back when I was at Google (2013) that Hangouts was happily adding hundreds of new emoji, yet did not consider "reliable message delivery" to be a key feature.
Some of this is consumer vs. enterprise tension, though. Emoji demo really well on an initial product tour; reliability is one of those key features that's really hard to get people excited about, but which people hate to find lacking.
"Nearly a decade has passed since we built the first prototype. Face-to-face collaboration is ingrained in Google’s DNA now—more than 16,500 meetings rooms are VC-equipped at Google and our employees join Hangouts 240,000 times per day!"
Hangouts Meet actually works very well overall. I work at Google and almost never have problems with it.
Hangouts Chat, on the other hand...well okay, it seems reliable enough, doesn't have that problem that old Hangouts did. Comparing the UX to Discord just makes me sad though.
This has been my experience as well (with some relatively large Hangouts Meet meetings in a big G Suite org). Compared with old-fashioned Hangouts, Meet is pretty reliable.
Zoom has a not very well published chrome app (intended for chromebook users). You can install it in normal chrome and it gives you a much better experience than the web version without all the issues of the desktop app.
I trust zoom a lot more when it is running inside a chrome sandbox than as a native app.
I use this because I have a pixelbook and it works pretty well except for two issues: (1) minor issue that you have to click the "leave meeting" button, you can't just close the window or else it strangely relaunches and (2) major issue is that you can't change your video background which is a killer feature IMO.
I haven't been able to find a way to change my video background on the Linux client either. The image recognition software must be difficult to reliably implement for their lower-value platforms (as in, it would cost them too much to get it working well relative to the number of users).
I haven't audited the files yet to see what technology they use (e.g. why is the web experience shit, but the Chrome App is OK), but I certainly trust Zoom a lot more in a sandbox.
I mean, Google bans MS Office from employees' computers as well (with special-case exceptions), so they use Docs instead. Since Google has Meet (Hangouts), this isn't really surprising.
It mainly sucks for when an employee (especially in sales) has a call with a client that uses Zoom and can't use Meet, because then you're forced to dial in, which just puts you at a disadvantage when everyone can see everyone's face except yours.
Edit: per comments, people can still use the browser version of Zoom, so doesn't seem that bad.
The browser version of Zoom seems to require a free account be created, and it was audio only in Chromium, I could not get it to use my camera. Zoom refused to work in Firefox.
Jitsi and Google Meet seem to work in both browsers, without requiring me to log in.
It's improved a bit, and actually works fine in Firefox Nightly right now, but you have to craft the web client URL directly. The UI will try its very best to make you download the client.
Seen somewhere else: when you get to the web page that launches the app, don't allow that launch, hit (IIRC) "Retry", still don't allow it, and the page should say "Having trouble?" offer a link to the web version.
You can join Zoom meetings on your browser without creating an account. It's a bit off the beaten path:
1. Go to zoom.com
2. Click "Join a meeting"
3. Enter meeting id and click Join
4. Ignore the automatic app download
5. Go back
6. Click "Join a meeting" again
7. Enter meeting id and click Join again
8. Ignore the app download again
9. Click at "If nothing prompts, click here"
10. Click "Join from your browser"
11. Agree to terms of service
12. Enter password and name, click Join
I've joined plenty of Zoom meetings without creating an account. Are you sure it wasn't just asking you to enter your name and email in the page so people on the call would know who you are when you joined?
Personally, I feel much advantaged when no one can see my face.
And in truth, I usually don't want to see anyone else's face either. Aren't there companies that forbid looking at someone for more than five seconds? Well guess what, on a video call, they're staring at you for minutes on end.
Extremely unlikely Netflix actually has a policy like this. It was probably an example of what could be considered creepy in some circumstances during a training.
Perhaps, but almost certainly not. This sounds exactly like things that were said in sexual harassment trainings I've been to at other large companies. These trainings often provide examples of what can be construed which ways, because a non-trivial slice of any given sample of humanity totally lacks social graces. They don't want someone to later complain that, "I was only looking," when they get reprimanded for leering at a colleague.
Examples like this can accidentally or intentionally be misread as policy, but it is not actually policy. It's an example of what can be not OK in some contexts. Of course, I'm happy to be corrected if someone who works there wants to jump on and say otherwise. But I very much doubt that such a policy exists. Doesn't pass the sniff test.
"A spokeswoman clarified there is no such “rule” at Netflix. However, she confirms that the recommendation was, in fact, discussed in an anti-harassment training session, though it’s not an official guideline."
What should I look at conversing with another person? I used to look in the eyes or just in the face, I don't understand why is it harassment? Should I look at tits instead, is it less harassment or what? Shall I just close my eyes? West culture is weird.
MS Office isn't "banned" from employees' computers at Google. If you need it (and some do) you must request it specifically, because it costs Google a nontrivial amount of money for every user. Same thing with any piece of commercial software: for example, I have Adobe Photoshop on my Google laptop, and I had to request it because it costs Google a few hundred bucks, and most people don't need it at all.
Before Google Docs existed, many employees used MS Office, and when Docs was being rolled out Googlers were incentivized to switch to Docs by being offered kudos, swag, etc (ie, the carrot, not the stick).
Just because Google has a lot of money doesn’t mean they’ll go wasting it on software licenses. 24 million might not even come close to what they make per year, but they still have to be considerate on what they spend their money on.
$20/user/month is tens of millions of dollars every year for Google. Sure, they can afford it, but I'm quite sure they have better things to spend money on.
Yes, we can afford it, and that's why if you want MS Office you click a button on a web page and get it immediately. But why would we throw away money by having it installed by default?
> Nobody is dumb enough to believe that Google is saving money by not using office.
Maybe I'm dumb, why wouldn't they be saving money by not paying for Office? Obviously they could buy it for every employee, including the majority that don't need it, but why? They could also just light money on fire (but why?)?
Office is business productivity software. You don't buy it for every employee, you negotiate a license for the number of seats in use. It has way more features than google docs and is standard everywhere. It's like saying you could save money by having programmers write code on pencil and paper. You saved the money on the computer but you have a net loss because you lost the power and efficiency of real time editing, compiling and debugging. These corporate guys just drink the internal koolaid/spin from hr or whatever and come here repeating nonsense as if its fact and it annoys me. It's dogfooding with some minor privacy/security concerns since microsoft is competitor, we get it, just call it what it is and move on.
> It has way more features than google docs and is standard everywhere
I work for another FAANG and we don’t use MS Word. It certainly isn’t “standard” for us. It’s not standard for two of the three FAANG companies, so “everywhere” is inaccurate. Being popular isn’t the same thing as standard. Pages is a far more usable for the vast majority of use cases. Most people aren’t creating extremely complicated word processing documents in their day-to-day. Word is a bloated mess. Keynote is far easier and more elegant than PowerPoint. Excel however certainly shines for big spreadsheet work, but for most spreadsheet work Numbers and the google spreadsheet are perfectly fine.
This isn't about the merits of excel over sheets, it's about employees coming on the board and lying to promote their company. Google makes 1.61 million in revenue per employee. Honestly it's only going to get worse, because if you see the videos of the company meetings, Sundar was always the super loyalist that would say anything to protect Google or run interference for senior leadership. And now that he's CEO they will start aping him.
Your reasoning is based on the belief that Google is sacrificing productivity by not giving all employees office. GP is directly contradicting that line of thought, which makes the rest of it fall apart.
there is two narratives, which do you think is more likely:
1. Google is dogfooding it's own products to improve them and make them competitive and stop potential data/privacy/security leaks by using external software.
2. Google is trying to save 20 bucks
There is nothing wrong with Google docs or sheets and I have used them both. But sooner or later you make enough documents or work with enough spreadsheets you're going to want or need some feature that office has.
Why should it be an either/or thing? Both are valid reasons for Google to prefer its employees use Docs. However the fact that you can choose to use MS Office without any special permissions somewhat undermines your reasoning in point 1.
Google may be a rich company but it's also a very frugal company in many ways, particularly wrt technology (they pioneered the "huge amounts of redundant cheap hardware" approach to DC construction, for example). When Googlers were being coaxed into switching to Docs from MS Office, the financial benefits were front and centre to that pitch.
I may work for Google but I am often critical of them. I have no reason to lie in this instance, and anyone you talk to who works for Google will corroborate what I'm saying. Not everything is a conspiracy.
Google is a large company so they have lots of money, yes. Google also has lots of employees, so paying a per-employee price for anything gets expensive. I can't find a Google headcount vs Alphabet, but at the end of 2019 Alphabet had 118,899 employees. $20/month for each of those employees would cost $2,377,980 a month or $28,535,760/year assuming no annual-payment discounts. Google could absolutely absorb that easily if they purchased Office for every employee by default, or if only 25% of the company gets around to requesting it they can save $21 million a year simply by not buying software nobody asked for or intended to use.
I'd seriously doubt more than a few of people at Google would want to use 365 at work. I for one never felt the need when I was there nor afterwards and the entire company is fully utilizing Google Docs which is a better product as far as sharing and search is concerned. It's not like people at Google constantly email .docx files to each other, lol. Nevertheless, you can request it (in an AppStore like fashion, not some overburdened process) if you really need MSOffice, but Zoom binary being banned seems to be a completely different matter though, as pointed out in other posts.
For workplace collaboration, sharing is the highlight, not formatting (unless you're designing for paper-based publication). I have to say the few times I encountered the browser-based Word 356, it felt like total shit. Cannot imagine anyone really using it if they have the desktop app installed. Seems like a checkmark product and the real users end up using the full app version. I've even heard this from friends at Microsoft.
From what I've tried the desktop apps themselves do cloud-driven collab just fine, so I don't really see a reason to use a browser app when native's available. May just be me seeing things, but the native-to-native sync seems faster than with the web apps. Sadly that means sharing is a bit less convenient than just click link to open.
I imagine most people who want MS Office over Google Docs probably want it for Excel, which IIUC as several powerful features not present in Google's Sheets.
The only thing Google Docs has over MS is the collaboration.
Word in the browser is a billion times better for formatting than Google Docs. I loath using google docs. But when it comes to Collab, Google docs wins hands down.
> The only thing Google Docs has over MS is the collaboration.
As someone who has had to build relatively complex tools in both Sheets and Excel, I would have to say Sheets has done a much more impressive job with their builtin formulas/functions than Excel.
Also JS vs VB, im not a big fan of JS but only a madman prefers VB.
The JS in Sheets also run in the cloud. Really nice for scheduled things or things that talk to an api or similar. But being able to run stuff locally is nice to.
Entire GSuites is a productivity and doc formatting disaster. From docs, sheets to mail all very inconsistent and formatting of content and information is terrible compared to Office. Glad I'm back at a company that uses O365.
It would be wonderful. I don't want to be a Zoom hater, but they give me no choice. I'm uninstalling it now in hopes that next time I need to join a Zoom, the web experience will be improved.
This might explain why the people around me don't understand why it's so popular. None of us is reckless enough to install their application, so all we've seen is the web version.
1. Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
2. Google is motivated to push their own solution for obvious reasons.
3. Tavis, or others, at Project Zero might know some things, maybe we'll find out.
> Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
Google's threat model surely differs in some way from a school, but the specific threats you named seem like threats equally applicable to the surfaces identifiable in the threat model of a school.
No they are not. A business can have trade information they want to protect. A school would be more focused on individual privacy and safety. These threat models are quite different.
The threat model for a school is kids/others disrupting sessions and creepers using access to gawp at (or communicate with kids). Since the Chinese government is unlikely to feel the need to compel Zoom to do that, the fact that they have all the keys centrally stored is not a problem.
Google's threat model actually does include state level attack (And specifically by China) to steal IP or access confidential user data.
> The threat model for a school is kids/others disrupting sessions and creepers using access to gawp at (or communicate with kids).
Not if the school actually cares about the future of its students.
From a blog post[0] we published at NuCypher a while back:
> If we fail to take action now, we risk a world in which unsavory actors - domestic and foreign - have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
Exactly. why do you think they punched the OPM to get SF86's?
It continues to surprise me that people just don't grok basic concepts of intelligence gathering. Particularly on a site like this....
And as much is its controversial here, there is a material difference between US and Chinese objectives, value systems and implementations of surveillance.
I got confused and thought he was talking about Google. The results already exist via Cambridge Analytica.
It's like the old 5G debate in Europe: who do you want to have a backdoor: Cisco+USA or Huawei+PRC? (Hint for Americans: some/many see China as less malevolent).
It still leaks information. How many kids you have, their name, some things about their personality, who they are friends with, etc. Think about how someone who wants to hurt or control you could could use that information.
You seriously think the Chinese government is going to stoop to K&R with random Americans?
The Chinese government is the last entity I'd be worried about with this kind of information (unless, of course, you live in China). Certain criminals in your own country are a much bigger concern.
Doubtful. But "the Chinese government" is comprised of individuals who might want to make a quick buck selling information on various markets. Perhaps to those certain criminals better positioned to take advantage of it.
This is similar to the concern some of us had over giving local government departments access to our full Opal card public transport travel histories here in Australia. Not all government employees are up to no good, but some are. Don't give them more than they need.
The Chinese gov't spying problem isn't with schoolchildren per se but schoolchildren use their parents' computers. Chinese authorities openly demonstrate their intention to deploy the maximum level of surveillance they can over any adult within their reach. This just increases their reach.
Even if they don't use their parents' computers, if Zoom is not totally sandboxed, they can hack the child's OS, they can mess with computers on LAN, or the router/wifi.
Every native app made by a Chinese company could also provide a backdoor to the PLA. Same could be said about apps from other countries and the NSA, FSB, GCHQ, Mossad, ASD, whatever the Germans are calling the gentler, kinder, totally-not-spying-on-everyone-anymore-we-swear successor to the Stasi, etc.
There is no specific evidence for this, but it is a possibility. Balancing remote possibilities and accepting some that are beyond our control is what separates the sane from the tinfoil hat crowd. Personally, I would try to stick to apps by companies headquartered in your home country. This is difficult outside of the USA and probably impossible outside of the next 5 top software hub countries.
I think that's technically incorrect. The BND (and it's military sibling MAD) are mostly concerned with foreign intelligence, while the Stasi was mostly used for internal surveillance. The subdivision HVA inside the Stasi would be the equivalent to the BND, while the larger and infamous internal surveillance of the Stasi is now in the responsibility of the Verfassungsschutz.
> I think that's technically incorrect. The BND (and it's military sibling MAD) are mostly concerned with foreign intelligence, while the Stasi was mostly used for internal surveillance.
Of course they are. That's why they are happy to work with NSA which get everything that is routed through frankfurt.
>The subdivision HVA inside the Stasi would be the equivalent to the BND, while the larger and infamous internal surveillance of the Stasi is now in the responsibility of the Verfassungsschutz.
>Personally, I would try to stick to apps by companies headquartered in your home country.
Why is that? It seems like the opposite would be the best advice: make sure to use something from a company not headquartered in your country. Most people probably have more to worry about from their own government than anyone else.
I'm not sure why you worry about that. It's guaranteed they have it and use it. You should worry about "is it a problem for me that the Chinese government and Chinese companies have access to my video meeting streams"
If yes: do not use Zoom right now.
If no: do what you want.
If China wants to waste its resources having people spy on me on Zoom while I play board games with friends on it, then this seems like a good thing to me.
China doesn't have any concerns about wasting resources. They have more than enough to spare. Vacuuming up any sort of mundane daily task people do is good data to feed into some AI that can easily distinguish fluff conversations from useful interactions worth investigating.
Not sure what your interest is in this, but I was responding to his not caring if China harvests his data. I didn't make claims about Zoom sending the data to China, but I've seen other people make comments around the internet that Zoom is sending the data to China, and they promptly get flooded with comments tearing them apart for having suspicions.
But you made me look into this. Apparently Zoom does "accidentally" (accidents like this don't really happen) send data to China. [1] It's very normal for companies to completely divide up their Chinese servers and non-Chinese servers, so the rerouting makes me suspicious.
A risk when talking about memory safety vulnerabilities is that someone (not china especially, just someone exploiting zoom) pwns the child's or family's computing infrastructure and gains access to everything running on there and possibly does it without detection for a long time. It's badically an all-bets-are-off situation that also puts social media contacts at risk.
Zoom is of course just one vector for this, but the threat model of "it's just schoolwork at risk" is wrong. It's actually integrity of tje computing environment.
Understood, it differs, I just made a very brief comment and mentioned a couple of obvious threats!
For those that use Zoom - consider spending at least a few minutes to make a mental threat model about Zoom. Who might go after you? What features does Zoom have that might be exploitable? What's the worst thing that can happen? The worst case for Google is not the same as the worst case for a professor or elementary school.
Maybe Zoom doesn't work for your use case - fine!
Maybe Zoom is good for your use case - fine!
Lots of people will be using it either way, so it's good to have Alex help lock it down.
My children's school is using Microsoft Teams for classes. The students are:
- kicking out their colleagues
- muting the teacher
- posting memes in the chat room
It looks like you can't prevent them from muting/kicking out each other. There's a larger threat surface of mean pre-adolescents, than a hacker trying to steal their info.
Sure. And it's not easy for a k12 teacher of a third world country to use these tools. The default is open and the need to configure it is a surface attack.
Why use it at all? I honestly don't know what's available in this space, since I don't need to, but is there really no alternative?
If they're building a product that does shady things (e.g., macOS install nonsense) and is full of security holes (e.g., zoombombing) that's enough to tell me I don't want to use it and I don't want my son's school using it.
Google isn't alone here. Just another data point.
At best it's a product full of security holes. At worst deliberately designed to spy on people. I don't care who those people are. I care about the intent.
Some of us don’t have security as a high priority. I for example wouldn’t really mind if my computer’s entire contents were published at nytimes.com. What I care about right now is my kids getting to see their family over Zoom or whateverx
I think we’re probably at the point where it doesn’t matter what your personal threat model is: your insecurity affects everyone, so nobody has the luxury of not caring about it (much like vaccination against disease). It is a matter of collective and national security.
Zoom is by far the best usable conferencing software. Its security flaws are irrelevant to most users as the pain of using anything else is awful. It's always a major drawback.
People in the real world care as much about Jitsi as about Bernie Sanders. HN and Reddit are bubbles that Joe Schmitz from MegaCorp Inc. does not know or care about ever despite some aspects being vastly better on the security side. UI/UX is Zoom's domain though and nothing comes close.
* Google's exposure is far greater than merely other languages
* Exposing profiles & activities of an entire generation of kids to a foreign adversarial surveillance govt is itself a serious threat, covered by other responses here
* This creates a massive increase in exposed surface area. E. g., consider abkid using their parent's computer who happens to work at a sub-sub-contractor on a key defense project. Even if the key files are properly encrypted, just some little data points like the fact of their employment, network name, list of known WiFi routers cached, etc., now lets CCP fill out their model of attack vectors. There's a thousand other ways this can be used to gain an edge if you don't like that example
The bottom line is like the precautionary principle - just because you or I can't figure out how to exploit something, doesn't mean that it can't be exploited.
Google allows personal software to be installed in a corp laptop, subject to restrictions and limitations like this. It's not encouraged, though, and if something happens because you installed a third party software then it's your responsibility.
433 comments
[ 3.3 ms ] story [ 299 ms ] threadI really want to know what goes on within Product Management at Google, because looking from the outside in I cannot imagine anything other than sheer incompetence.
A friend was managing a project on a shoestring budget. Upper management (C-suite) had reviewed the idea and green-lit it. He had been told Larry and Sergei in particular had voiced support. He got it done ahead of schedule and under budget by managing a stream of off-cycle interns. The week it was scheduled to go live, someone in middle management killed it. My friend and his team got zero credit for a job very well done, a big setback for him. He and I were working on an internal tool for datacenter management as a 20% project when I left. I asked him about it later, and our 20% project met a similar fate: enthusiastic support from management, including giving us some resources, all the way through completion, followed by cancellation shortly after completion. My friend left less than a year later.
Another friend started a modest improvement to chat as a 20% project, which later got expanded to a full-time project for several engineers. I forget the external name, but the internal code name was "Taco Town" after the SnL skit. Walkabout / Wave was a skunkworks project that used its separate repository, which was very rare at Google. People knew something mysterious was going on down in Australia, but we really had no idea what it was, other than the Google Maps guys were running it and it was named "Walkabout". When Walkabout / Wave came out of skunkworks mode shortly before external launch, the Taco Town team realized they needed to launch very soon or their project would never launch because its functionality was subsumed by Walkabout / Wave. Taco Town rushed its launch, was a bit buggy and had some scalability issues that they knew about, but expected to be able to improve shortly after launch. I think Taco Town's botched launch a few weeks before Walkabout/Wave contributed to initial confusion around Wave and some of Taco Town's problems colored perceptions of Wave's launch.
Shortly after I left, Google publicly announced they'd be putting "more wood behind fewer arrows", which was a step in the right direction.
I get it that management doesn't want to discourage engineers or stifle innovation, and they know they don't have a good handle on what will be successful and what won't, but keeping around zombie projects gives engineers false hope. The "throw mud at the wall and see what sticks" style of project management can be soul-crushing for talented junior people managing small projects, unless they're properly supported and really get proper credit for doing a very good job engineering something that fails for non-engineering reasons.
It was banned as in it can no longer be installed on corp laptops.
With various levels of being merged or not.
> They have had their own videochat solution for years, so I would expect the usual "eat your own dogfood" approach.
If an engineer from Microsoft has to speak to an engineer from Google, and you think they should both be dog-fooding their own video application... how do you see that working? Just both dig their feet in and never talk to each other? Seems silly to me.
One or both are going to have to install a video application that isn't their own aren't they?
We're using MS Teams and it seems to be pretty great for us (team of about 15), we use Skype to contact the remaining 20ish more junior staff who don't need Teams licenses just to be able to keep in touch with their work and keep the face to face communication going.
Human interaction that actually works right now is so important. And I simply have a hard time trusting another product to actually do the call reliably
Perhaps I'm just used to them as a remote worker, but they were never all that janky to begin with. Or, rather, more janky than the other tools available at the time.
I hadn't used Jitsi until this current situation meant friends wanted to "meet up" drunkenly on Friday evenings but it's the same.
The main obstacles are hardware. The cheapest correct working solution for a single individual participant is a headset and a webcam. Can you use lapel microphones, or (as two of my Youtube creator friends do for Friday evenings) sit in front of a huge professional microphone with filters? Yes, yes you can but that's not for most users. Can you plug a high-end SLR that's focused dead on you into a converter and stream that instead of a webcam? Yup, but again most people either don't own an SLR or don't want to set it up just so they can be a bit clearer and brighter when drunk.
And the thing about hardware is that we abstracted this away entirely. Zoom doesn't have different hardware support from Hangouts or Skype or any other tool.
"Which VC tool should we use for this meeting?" is a bike shed discussion at the best of times. Chances are good either you didn't need a video conference at all, or any of the tools would have been fine.
Teams is awful. Skype is worse. WebEx is just fine. So is Zoom.
Disclaimer: I work for Alphabet, but already held this opinion before I did.
Every second time I’m using it, I either don’t hear the other people, or people do not hear me. YMMV.
Edit: Maybe if I could receive some support from Google to find out what my problem is, I’d be able to fix it. But that ain’t going to happen.
Jitsi and Google Meet worked by following a link and clicking one popup. Much easier UX
I wish Google would just provide the internal tool and sell that. It’s the opposite of dogfooding their product. They eat the good stuff and product a lesser product to their customers.
I tried looking up the features on the Wikipedia page [0] and didn’t see a really comprehensive list. I reviewed Wikipedia because when I searched for google meet, Google’s top result (that seems like their product page) [1] just had an “open” button that linked out to the App Store to install “Hangouts Meet by Google.”
[0] https://en.wikipedia.org/wiki/Google_Hangouts [1] https://meet.google.com/
It seems to work only in Chrome and Safari.
My pet peeve with Meet by the way is the absence of a native grid view in big rooms.
These two remove from one-another other.
Zoom just showcased this back to back to back to back in a few weeks time). They played tricks with the words. "we wrote ABC but what we really meant is XYZ" is a shitty response to any type of audit/scrutiny.
This is a public company. They have an Internal Audit. What the hell were these guys been auditing in security audits??? The color of the background????
My experience with Google Meet matches yours with Zoom.
Nothing else comes close on Linux for me.
We use it internally at Xero, more than ever currently with working from home, and it's been solid from what I've experienced.
Given we also use Google Calendar, joining a meeting is pretty straight forward, as a Meet link is populated in each event, and shows up on the home screen for meet.google.com
Usually the only mic issues that occur are people using their own headsets with audio gain set too high or flaky bluetooth connections
Running in Firefox, it works great for the most part although sadly it breaks every few months. It'll tend to drop me from the lobby a few seconds in with "Network Error" or something along those lines. I would get frustrated but given it's a work tool, a few days to a week using Chrome (just for calls) and Firefox is back in action again.
We also conduct our postmortems via Google Meet and it generally seems to support 50+ person calls fairly well. That said, we use Hangouts Streaming for All Hands type of stuff so I couldn't speak on performance with hundreds of users at once
Purely anecdotal but my coworker has an older HP laptop (specs are still a respectable 8GB ram, presumably quad core CPU) and finds that he can't be on a Google Meet call while also doing development as his fans will flare up too much.
I would actually quite appreciate a Google Meet desktop app (that's not electron) but I guess the premium userbase tend to have enough specs to throw at web-based products
Oh yeah, I do appreciate that Zoom presumably doesn't require any fancy logins because running Google Meet on a phone requires a device policy in order to connect to a call.
I can either install it on my device plainly (requiring a pin to login going forward vs say, a fingerprint) or I could install it in a work profile. The latter is cleaner but then I have an entire second set of apps just to join a call on my phone once in a blue moon :(
At least you can dial into meetings but I find the audio is kinda wonky at times.
Having said all this, I can respect the product but I'm always happy for a non-Google entity to win in any given space ;)
That kinda applies to any modern client. H.323 and SIP are ok, but webrtc is brutal.
Well that's example of what I suggested they'd have to do - use someone else's service.
Since finding this I find hangouts meet much more tolerable!
* We run into so many issues screen sharing, usually it's just that the persons screen doesn't show up, but it's also often way to compressed to read
* Even just 1 on 1 it makes my laptop cry, with 5 or 6 people in a conference I have to minimize the application or I cannot use my laptop at all because of the CPU load, and at 12+ people even with the application minimized it was maxing out my 2017 Macbook Pro CPU
* For comparison, I recently was in a 230 person Zoom conference, laptop hardly noticed
* I often have audio issues and it requires restarting the application or chrome before it fixes itself
* Really the performance of it is the biggest reason I hate it, we tried having a "lounge" where people join it and just chill while working, but we stopped because once a few of us got on it our computers just became unusable
If you are using firefox you will encounter issues
The phone application had a few updates between the failures and the success, so perhaps everything's sorted out. I also need to give the desktop native application a try.
I'm rooting for them, I really hope we get a viable free software option. But we should be honest about the state of things right now.
Considering your alternatives with zoom clients being banned it's not that far of a stretch.
You can't safely assume all your employees are properly assessing the risks unless that is their actual job. If you only allow what you know then you can reason about your risk.
Engineers aren’t clamoring to get into the kinds of companies where IT needs to pre-approve software for their workstations.
Of course, after years and years and hundreds of thousands of engineers, the whitelist is pretty robust.
I don't know for sure, but I bet Zoom has been on that whitelist, and "banning" is removing it from that whitelist.
Our laptops are configuration managed, force upgraded, and surveilled, but we all have root and IT has never stood in the way of "power user" behavior. The extent of the frustration in engineering is that their management processes sometimes eat CPU. My understanding is that most of the Valley is like this.
https://www.cvedetails.com/vulnerability-list/vendor_id-2159...
There is nothing new/outstanding.
Once may have been an honest mistake; 2+ times is now a pattern.
Installing third-party software on corp devices is generally a no-go at a lot of workplaces. With the security problems that Zoom has been having, it's only prudent of IT to ban its use on work devices.
> Why would forcing use of web version mitigate any concerns?
Because the web version runs in a browser sandbox, so there's a reduced risk of it compromising the security of the corp device.
> The concerns I have heard are lack of proper end-to-end encryption, servers in China and the possibility to join chatrooms by guessing a name (zoom-bombing)).
Googlers don't use Zoom for work, they use it for personal stuff, so that's not the problem.
From the perspective of a generic IT department: Even if there aren't any security problems with having the client installed on your workstation - the problem is that when they've made so many amateurish security mistakes, it's difficult for IT to trust the binary blob that Zoom wants you to install on your computer.
Corporate device security is a series of safety-versus-efficiency tradeoffs, made with incomplete information. Banning Zoom does not really compromise efficiency, if you aren't using it for work stuff.
"For those who have no choice but to use Zoom, including in contexts where secrets may be shared, we speculate that the browser plugin may have some marginally better security properties, as data transmission occurs over TLS."
Apparently the web version doesn't use their homegrown encryption scheme.
Some of this is consumer vs. enterprise tension, though. Emoji demo really well on an initial product tour; reliability is one of those key features that's really hard to get people excited about, but which people hate to find lacking.
I wouldn't go that far - there's something like 250k hangout meetings per day at Google[0] and that was before Covid.
[0] https://www.blog.google/products/g-suite/how-google-went-all... (2017)
"Nearly a decade has passed since we built the first prototype. Face-to-face collaboration is ingrained in Google’s DNA now—more than 16,500 meetings rooms are VC-equipped at Google and our employees join Hangouts 240,000 times per day!"
Hangouts Chat, on the other hand...well okay, it seems reliable enough, doesn't have that problem that old Hangouts did. Comparing the UX to Discord just makes me sad though.
I trust zoom a lot more when it is running inside a chrome sandbox than as a native app.
I haven't audited the files yet to see what technology they use (e.g. why is the web experience shit, but the Chrome App is OK), but I certainly trust Zoom a lot more in a sandbox.
It mainly sucks for when an employee (especially in sales) has a call with a client that uses Zoom and can't use Meet, because then you're forced to dial in, which just puts you at a disadvantage when everyone can see everyone's face except yours.
Edit: per comments, people can still use the browser version of Zoom, so doesn't seem that bad.
Can't they just participate in a call from the browser? I thought Google only banned the application/app, not usage of the service altogether.
Jitsi and Google Meet seem to work in both browsers, without requiring me to log in.
Or better yet, don't use Zoom...
1. Go to zoom.com 2. Click "Join a meeting" 3. Enter meeting id and click Join 4. Ignore the automatic app download 5. Go back 6. Click "Join a meeting" again 7. Enter meeting id and click Join again 8. Ignore the app download again 9. Click at "If nothing prompts, click here" 10. Click "Join from your browser" 11. Agree to terms of service 12. Enter password and name, click Join
Not saying you should do that, but that's why there's a difference.
Seems to work for them, and gets around that whole song and dance you described.
And in truth, I usually don't want to see anyone else's face either. Aren't there companies that forbid looking at someone for more than five seconds? Well guess what, on a video call, they're staring at you for minutes on end.
Wait what? Could someone explain to me the reasoning behind a policy like this?
Edit: it appears to be a sexual harassment policy, and apparently Netflix has tried it [0]
[0] https://www.nationalreview.com/2018/06/netflix-five-second-s...
Examples like this can accidentally or intentionally be misread as policy, but it is not actually policy. It's an example of what can be not OK in some contexts. Of course, I'm happy to be corrected if someone who works there wants to jump on and say otherwise. But I very much doubt that such a policy exists. Doesn't pass the sniff test.
https://qz.com/work/1306193/is-it-sexual-harassment-to-stare...
"A spokeswoman clarified there is no such “rule” at Netflix. However, she confirms that the recommendation was, in fact, discussed in an anti-harassment training session, though it’s not an official guideline."
> Employees who have been using Zoom [...] can continue to do so through a web browser or via mobile.
Before Google Docs existed, many employees used MS Office, and when Docs was being rolled out Googlers were incentivized to switch to Docs by being offered kudos, swag, etc (ie, the carrot, not the stick).
Google is the fourth biggest public company in the world as measured by market cap.
A Microsoft 365 "E3" license is $20/user/month. They can afford it.
This restriction is entirely about eating your own dogfood.
Maybe I'm dumb, why wouldn't they be saving money by not paying for Office? Obviously they could buy it for every employee, including the majority that don't need it, but why? They could also just light money on fire (but why?)?
I work for another FAANG and we don’t use MS Word. It certainly isn’t “standard” for us. It’s not standard for two of the three FAANG companies, so “everywhere” is inaccurate. Being popular isn’t the same thing as standard. Pages is a far more usable for the vast majority of use cases. Most people aren’t creating extremely complicated word processing documents in their day-to-day. Word is a bloated mess. Keynote is far easier and more elegant than PowerPoint. Excel however certainly shines for big spreadsheet work, but for most spreadsheet work Numbers and the google spreadsheet are perfectly fine.
1. Google is dogfooding it's own products to improve them and make them competitive and stop potential data/privacy/security leaks by using external software.
2. Google is trying to save 20 bucks
There is nothing wrong with Google docs or sheets and I have used them both. But sooner or later you make enough documents or work with enough spreadsheets you're going to want or need some feature that office has.
Google may be a rich company but it's also a very frugal company in many ways, particularly wrt technology (they pioneered the "huge amounts of redundant cheap hardware" approach to DC construction, for example). When Googlers were being coaxed into switching to Docs from MS Office, the financial benefits were front and centre to that pitch.
1. Yes, Google probably prefers for people to use its own products both for usability and security reasons.
2. Google also wants to save money. However, if someone wants a license for a Microsoft product, they can get one.
three?
It's not just the money it's also additional security vulns to defend.
I did most of my doc writing in LyX before Google, though.
Word in the browser is a billion times better for formatting than Google Docs. I loath using google docs. But when it comes to Collab, Google docs wins hands down.
As someone who has had to build relatively complex tools in both Sheets and Excel, I would have to say Sheets has done a much more impressive job with their builtin formulas/functions than Excel.
The JS in Sheets also run in the cloud. Really nice for scheduled things or things that talk to an api or similar. But being able to run stuff locally is nice to.
1. Google's threat model may not be your threat model, and it definitely isn't the threat model of my daughter's school. A corporation like Google may be concerned using native applications, written in unsafe languages, written by developers from other corporations in China. That said, Zoom isn't wrong for everyone.
2. Google is motivated to push their own solution for obvious reasons.
3. Tavis, or others, at Project Zero might know some things, maybe we'll find out.
Google's threat model surely differs in some way from a school, but the specific threats you named seem like threats equally applicable to the surfaces identifiable in the threat model of a school.
Google's threat model actually does include state level attack (And specifically by China) to steal IP or access confidential user data.
Not if the school actually cares about the future of its students.
From a blog post[0] we published at NuCypher a while back:
> If we fail to take action now, we risk a world in which unsavory actors - domestic and foreign - have built rich, comprehensive profiles for every one of our children, following the trajectories of their education, home life, consumer habits, health, and on and on. These profiles will then be used to manipulate their behavior not only as consumers, but as voters and participants in all those corners of society which, in order for freedom and justice to prevail, require instead that these kids mature into functional, free-thinking adults.
0: https://blog.nucypher.com/todays-kids-need-end-to-end-encryp...
It continues to surprise me that people just don't grok basic concepts of intelligence gathering. Particularly on a site like this....
And as much is its controversial here, there is a material difference between US and Chinese objectives, value systems and implementations of surveillance.
Indeed - they're no better.
It's like the old 5G debate in Europe: who do you want to have a backdoor: Cisco+USA or Huawei+PRC? (Hint for Americans: some/many see China as less malevolent).
"Someone", sure, but not the Chinese Government! That's a completely different threat model!
The Chinese government is the last entity I'd be worried about with this kind of information (unless, of course, you live in China). Certain criminals in your own country are a much bigger concern.
This is similar to the concern some of us had over giving local government departments access to our full Opal card public transport travel histories here in Australia. Not all government employees are up to no good, but some are. Don't give them more than they need.
See their push into universities.
Because China=bad, Google or Facebook or Microsoft (which all provide data to) or NSA =good
There is no specific evidence for this, but it is a possibility. Balancing remote possibilities and accepting some that are beyond our control is what separates the sane from the tinfoil hat crowd. Personally, I would try to stick to apps by companies headquartered in your home country. This is difficult outside of the USA and probably impossible outside of the next 5 top software hub countries.
I like it! I'd totally give that TV series a try!
Of course they are. That's why they are happy to work with NSA which get everything that is routed through frankfurt.
>The subdivision HVA inside the Stasi would be the equivalent to the BND, while the larger and infamous internal surveillance of the Stasi is now in the responsibility of the Verfassungsschutz.
Why is that? It seems like the opposite would be the best advice: make sure to use something from a company not headquartered in your country. Most people probably have more to worry about from their own government than anyone else.
If yes: do not use Zoom right now. If no: do what you want.
But I wouldn't use it for work meetings.
But you made me look into this. Apparently Zoom does "accidentally" (accidents like this don't really happen) send data to China. [1] It's very normal for companies to completely divide up their Chinese servers and non-Chinese servers, so the rerouting makes me suspicious.
[1]https://www.businessinsider.com/china-zoom-data-2020-4
Zoom is of course just one vector for this, but the threat model of "it's just schoolwork at risk" is wrong. It's actually integrity of tje computing environment.
For those that use Zoom - consider spending at least a few minutes to make a mental threat model about Zoom. Who might go after you? What features does Zoom have that might be exploitable? What's the worst thing that can happen? The worst case for Google is not the same as the worst case for a professor or elementary school.
Maybe Zoom doesn't work for your use case - fine!
Maybe Zoom is good for your use case - fine!
Lots of people will be using it either way, so it's good to have Alex help lock it down.
- kicking out their colleagues
- muting the teacher
- posting memes in the chat room
It looks like you can't prevent them from muting/kicking out each other. There's a larger threat surface of mean pre-adolescents, than a hacker trying to steal their info.
Better education regarding these tools is required for sure.
Why use it at all? I honestly don't know what's available in this space, since I don't need to, but is there really no alternative?
If they're building a product that does shady things (e.g., macOS install nonsense) and is full of security holes (e.g., zoombombing) that's enough to tell me I don't want to use it and I don't want my son's school using it.
Google isn't alone here. Just another data point.
At best it's a product full of security holes. At worst deliberately designed to spy on people. I don't care who those people are. I care about the intent.
People in the real world care as much about Jitsi as about Bernie Sanders. HN and Reddit are bubbles that Joe Schmitz from MegaCorp Inc. does not know or care about ever despite some aspects being vastly better on the security side. UI/UX is Zoom's domain though and nothing comes close.
Try doing a Teams call with 30+ people.
But look at the whole threat model.
* Google's exposure is far greater than merely other languages
* Exposing profiles & activities of an entire generation of kids to a foreign adversarial surveillance govt is itself a serious threat, covered by other responses here
* This creates a massive increase in exposed surface area. E. g., consider abkid using their parent's computer who happens to work at a sub-sub-contractor on a key defense project. Even if the key files are properly encrypted, just some little data points like the fact of their employment, network name, list of known WiFi routers cached, etc., now lets CCP fill out their model of attack vectors. There's a thousand other ways this can be used to gain an edge if you don't like that example
The bottom line is like the precautionary principle - just because you or I can't figure out how to exploit something, doesn't mean that it can't be exploited.