- Zoom users have been raising concerns about the way the platform handles privacy and security ever since the app began to gain traction when the novel coronavirus outbreak became a pandemic.
- Zoom CEO Eric S. Yuan published a blog post on Wednesday acknowledging those issues and promising to address them as soon as possible.
- For the next 90 days, Zoom will have a feature freeze and focus solely on trust, safety, and privacy.
- Visit BGR’s homepage for more stories.
For better or worse, Zoom’s video conferencing software has been the center of attention for the past few weeks. As the novel coronavirus pandemic forces millions of individuals all over the world into quarantine to mitigate its spread, Zoom has been the tool of choice for both personal and professional video calls. But as a once niche enterprise app turned into an international phenomenon almost overnight, privacy and security concerns that might not otherwise have registered are suddenly making headlines, and Zoom has had no choice but to respond.
In a lengthy blog post on Wednesday, Zoom founder and CEO Eric S. Yuan explained just how rapidly things have changed for the company, acknowledging that there have been times when he and his team have failed to properly communicate its policies and prepare for the influx of users. Yuan provided some perspective by revealing that the maximum number of daily users in 2019 was 10 million. In March, Zoom hit 200 million users in one day.
Yuan then clarified that the Zoom platform was built with enterprise customers in mind, and said the flood of students, employees, and people wanting to socialize presented “challenges [the company] did not anticipate when the platform was conceived” while helping to “uncover unforeseen issues with [the] platform.”
Zoom has plenty of work left to do in the months ahead, but the company has already taken some of the necessary steps to address issues presented by journalists, security researchers, and average users:
- On March 20th, the company explained how to stop strangers from “zoombombing” your calls.
- On March 27th, the company removed the Facebook SDK that was collecting data surreptitiously.
- On March 29th, the company updated its privacy policy to be more transparent about data collection.
- On April 1st, the attendee attention tracking feature was removed and facts about encryption were clarified.
These are all steps in the right direction, but as Yuan notes, it’s just the beginning of what will be an extended process for the company. Here is everything else Zoom has on its docket over the next 90 days:
- Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
- Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
- Preparing a transparency report that details information related to requests for data, records, or content.
- Enhancing our current bug bounty program.
- Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
- Engaging a series of simultaneous white box penetration tests to further identify and address issues.
- Starting next week, I will host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to our community.
Zoom can’t go back in time and fix the most egregious problems with its platform, nor can it retroactively prepare for a 20x jump in daily active users, but it’s clear that the company is taking the many reports and complaints about its software seriously. This is a great sign for both the company’s future and the users who depend on the platform to talk to their coworkers or socialize with their friends in the midst of an unprecedented pandemic.
