This part about the zoom acquisition is true, but to date no sketchy things have been committed to the client repos, they’re open source
Personally I think the acquisition was to disrupt development, not to hijack it. You’re right that dev work essentially stopped at that time, outside of security fixes.
Also, it doesn’t track you, it allows you to post public proofs so you can choose to let the people you connect with verify your identify. It’s not mandatory.
And this is why having true ownership over our own devices is so important, so that they can’t force this on everyone and if they try, we just replace the root certs.
This is why “trusted computing” has been pushed for so long, to remove control from the user specifically to enable bullshit like this