Amid the coronavirus pandemic, Zoom has seen daily user counts for the video conferencing service skyrocket to 200 million, up from 10 million in December.
Of course, popularity brings scrutiny. On Wednesday, Zoom CEO Eric Yuan pointed to the company’s insane growth as he apologized for falling short on expectations for privacy and security.
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” he wrote in a blog post. “We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.”
In response, Zoom is temporarily freezing development on new features and will instead devote its engineering manpower to addressing security and privacy issues. The company is also killing off the creepy “attendee attention tracker” feature, which allowed Zoom meeting hosts to monitor the computers of everyone in the session. In addition, Zoom has patched three vulnerabilities in the app that security researchers uncovered this week.
“Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively,” Yuan added. “We are also committed to being transparent throughout this process.”
As part of this process, Zoom is bringing in third-party experts and consumers to help it review the video-conferencing service for unknown security problems. It’s also going to start publishing transparency reports on when Zoom receives requests from government authorities to hand over user information.
Finally, the company is trying to clear the confusion around its claim that Zoom offers end-to-end encryption. The company does, but only when all the connecting devices, such as laptops and smartphones, are joining the meeting via the installed Zoom app.
“In this scenario, where all participants are using the Zoom app, no user content is available to Zoom’s servers or employees at any point during the transmission process,” the company wrote in a separate blog post. However, if users are connecting to the meeting via a phone line, they're out of luck.
Zoom also notes it does hold on to the encryption keys for the end-to-end process. That said, the company says it's never built a mechanism to decrypt live meetings to help law enforcement intercept messages or videos. “Nor do we have means to insert our employees or others into meetings without being reflected in the participant list,” the blog post adds.
We’ll have to wait and see whether the newly announced efforts resolve any of the problems facing the video-conferencing service. But the product’s sudden popularity has also made it a target for pranksters and racists. For days now, they’ve been infiltrating unsecured Zoom meetings to harass people, which has prompted the FBI to issue a warning about “Zoom-bombing” attacks. Zoom also published a blog post with tips on securing your video sessions from unwanted intruders; PCMag has a guide, too.
Further Reading
- Were You Zoom-Bombed? Video of It May Now Be on YouTube, TikTok for All to See
- Amid Pandemic, Microsoft Alerts Dozens of Hospitals Vulnerable to Ransomware Threat
- Another Marriott Breach Exposes Details of 5.2M Hotel Guests
- Students Conspire in Chats to ‘Zoom-Bomb’ Online Classes, Harass Teachers
- More in How to Work From Home
- More in Security