1. Misleading Encryption Claims
From 2016–17 Zoom advertised “end-to-end, 256-bit encryption,” but the FTC found it used only transport encryption—allowing Zoom servers to decrypt calls1.
2. Persistent Security Vulnerabilities
In May 2025 Zoom patched seven vulnerabilities, including privilege escalation and remote code execution flaws (e.g. CVE‑2025‑30663), underscoring ongoing security risks2.
3. Data Exfiltration to Third Parties
Zoom’s iOS client contained Facebook’s SDK, sending usage data to Facebook’s Graph API—even for users without Facebook accounts—until public outcry forced its removal3.
4. Surveillance & Detailed Logging
Zoom logs all meeting metadata—join/leave times, chat logs, device data—building profiles that may be shared internally or with partners4.
5. Predatory Tax Avoidance
Zoom paid effectively 0% federal tax on $2.7 b revenue in 2020 via R&D credits and depreciation schemes—practices criticized by tax watchdogs5.
6. Opaque Pricing & Dark Patterns
Subscriptions rose 30% from 2022–24 while cancellation links are buried in multi-step menus, making opt‑out cumbersome6.
7. Free software Alternatives
**Jitsi Meet**, **BigBlueButton**, and **Nextcloud Talk** offer fully free software, self-hosted video conferencing with end-to-end encryption, no telemetry, and community-driven support789.
Sources
- 1. FTC settlement on encryption claims
- 2. NVD: CVE-2025-30663 vulnerability
- 3. VICE: Zoom iOS data sent to Facebook
- 4. Recode: Zoom’s extensive meeting logs
- 5. ITEP: Zoom’s tax avoidance tactics
- 6. All Things Secured: Zoom cancellation dark patterns
- 7. Jitsi Meet: Open-source conferencing
- 8. BigBlueButton: Education-grade conferencing
- 9. Nextcloud Talk: Integrated team communication