As people around the world are forced to stay home due to COVID-19, digital communication has become increasingly important.
The use of video calling on platforms such as WhatsApp, Microsoft Teams and Google Hangouts has increased, but the popularity of Zoom has particularly surged among companies, schools, friends and families, as it is relatively easy to use and lets as many as 100 people simultaneously attend a video-conference.
The company says that the number of users who are using its platform on a daily basis soared to 200 million in March, compared to the previous high of 10 million last December.
However, the huge increase in users has raised major security and privacy concerns that Zoom has so far failed to fully address.
The biggest issue the company has had to deal with over the past few weeks has been internet trolls hijacking and disrupting remote classes, religious gatherings and other Zoom meetings by posting explicit content, such as pornograpy and racial slurs, in a phenomenon that has come to be known as “Zoombombing.”
After receiving numerous reports of Zoombombing, the FBI warned users to be careful when using Zoom, telling users to not make meetings public, to not share links widely and to not post about meetings on social media.
The service has also attracted scrutiny from members of congress, with 19 House Democrats sending a letter to Zoom’s founder and CEO Eric Yuan, seeking details regarding the company’s privacy practices.
New York Attorney General Letitia James and attorney generals from other states have expressed concerns over Zoom’s data privacy and security practices.
Yuan wrote in a blog post that the platform is currently being used more extensively than the company foresaw when it was founded in 2011.
“We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home,” Yuan said.
“We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived,” he added.
Yuan also apologized to users for the service’s shortcomings. “We recognize that we have fallen short of the community’s — and our own — privacy and security expectations,” Yuan said. “For that, I am deeply sorry.”
Yuan also announced a 90-day freeze on new operations to focus on identifying and fixing the problems at hand.
Other concerns with Zoom
One of the key concerns reported by The Washington Post relates to thousands of videos recorded on Zoom’s software that are left exposed online for anyone to see. These videos include sensitive chats, such as therapy sessions, elementary school classes and business meetings, which have left personal information such as individual’s names and phone numbers displayed.
These videos are saved on users’ computers then uploaded to non-Zoom cloud services without passwords.
Videos saved on Zoom’s cloud service have not been affected.
Zoom doesn’t force users to create a unique name for recorded videos, so they are labeled identically, allowing them to be easily found and downloaded.
A report from Motherboard revealed that Zoom’s iOS app was sharing users’ data with Facebook, including the data of individuals who are not Facebook users. This has led to a class action lawsuit against Zoom in California, which alleges that Zoom did not properly inform users that their data was being shared with Facebook.
The company has since issued an update of its iOS app that stops certain data from being sent to Facebook.
Zoom also falsely advertised its use of end-to-end encryption, a system that secures communication so that it can only be read by the users involved, meaning that the company had the ability to monitor calls.
Zoom apologized in a blog post for its incorrect use of the term, saying, “While we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
The post went on to say that “Zoom has never built a mechanism to decrypt live meetings for lawful intercept purposes, nor do we have means to insert our employees or others into meetings without being reflected in the participant list.”
Zoom faced further scrutiny after some calls made in North America were routed through China, as well as the encryption keys used for those calls. The company said that calls have been “mistakenly” allowed to flow through their two Chinese data centers since February as the company tried to deal with network congestion due to an increase in traffic.
Zoom getting banned
The scrutiny surrounding Zoom has forced some to reconsider using its services.
Elon Musk’s SpaceX banned employees from using Zoom, citing “significant privacy and security concerns.” Employees were encouraged to use email, text or the phone instead.
NASA, one of SpaceX’s biggest customers, has also banned employees from using Zoom.
New York City has banned Zoom from being used in city schools for remote learning.
The decision was made by the education department after numerous reports that online classes were being Zoombombed with inappropriate comments.
Teachers and students have instead been advised to use Microsoft Teams, which the education department suggests has similar functionality and is more secure.