It's not often that I have a visceral reaction to a single product. But over the last several days, Zoom has proven that it's time for individuals, companies, and schools to move on and find another solution.
As Covid-19 continues to spread around the world, the number of people forced to work and attend school from home has swelled, while companies, schools, and people just looking to communicate with friends and family have sought a digital solution with many of them choosing Zoom.
Zoom CEO Eric Yuan said this week that at the end of 2019, Zoom had about 10 million daily users. Since Covid-19 swept across the globe, Zoom daily usage has jumped to 200 million people, with no sign of slowing anytime soon.
It's easy to understand why. Zoom comes with a great interface, a level of usability few other options can match, and enough scalability to host one-on-one meetings or massive webinars.
But at some point, we need to balance that value (and it is significant) with the risks. And at this moment, I'm not so sure the value is enough.
A Series of Major Concerns
It's hard to know where to start with Zoom's troubles. In 2018, the trouble started in earnest, when a bug was discovered that would have allowed malicious hackers to hijack meetings, remove users from a call, and more. It was a relatively minor problem that was easily fixed, but started a flurry of much bigger concerns.
Just a year later, security researcher Jonathan Leitschuh revealed a zero-day vulnerability in Zoom that allowed hackers to access a Mac user's webcam and spy on them. Again, Zoom fixed the problem and moved on.
Now Zoom's biggest issues are being exposed at a time when it's also experiencing its greatest growth.
Just this week, the FBI warned the public of a new term called "zoombombing," in which hackers who get unauthorized access to a meeting wreak havoc. In one case, a zoombomber targeted a classroom in Massachusetts.
"In late March 2020, a Massachusetts-based high school reported that while a teacher was conducting an online class using the teleconferencing software Zoom, an unidentified individual(s) dialed into the classroom," the FBI said. "This individual yelled a profanity and then shouted the teacher's home address in the middle of instruction."
It didn't stop there.
Earlier this week, former NSA employee and security researcher Patrick Wardle said that he found two zero-day exploits that could still be exploited by hackers. One of the bugs gave hackers access to a Zoom's users webcam and microphone. The other? A user's entire computer.
On Thursday, The New York Times reported that Zoom had a data-mining feature built into the app that allowed some Zoom users to have access to others' LinkedIn account data. Zoom said it would shut it down.
Not to be outdone, the Washington Post reported on Friday that simple Web searches could help you find thousands of Zoom calls thought to be private, but freely accessible on the internet. The videos weren't "recorded by default," the Post reported, but they're accessible nonetheless. And in some cases, unwitting users revealed personal information and intimate conversations to the world.
Oh, and don't forget that New York Attorney General Letitia James is now investigating Zoom's privacy practices, her office said this week.
Despite all that, Zoom usage continues. Children across the globe are using Zoom to learn from home, despite the risk of someone yelling obscenities during their classes. Companies are holding meetings over Zoom, revealing trade secrets, talking strategy, and more, despite the threat of a hacker listening in. Individuals, desperate to see their loved ones again, are using Zoom to connect, even though those conversations could be spied on.
In a world where privacy and security should be on the top of everyone's mind at all times, we're all using a tool that has a decidedly poor track record.
But don't take my word for it.
This week, Zoom CEO Eric Yuan apologized to Zoom users for the company's lapses in security. He also promised to do better.
"We recognize that we have fallen short of the community's--and our own--privacy and security expectations," Yuan said. "For that, I am deeply sorry."
Yuan went on to thank journalists and security researchers for highlighting the app's flaws and said that the company "takes them extremely seriously."
"We are looking into each and every one of them and addressing them as expeditiously as we can," Yuan said. "We are committed to learning from them and doing better in the future."
Yuan then promised a series of improvements to Zoom, including more engineering resources focusing on security, a contract with third-party experts to find issues in the platform, and a better bug bounty program to find flaws and fix them. Yuan is even planning to host a weekly webinar on privacy and security as Zoom rolls out the changes.
While I applaud Zoom for wanting to do more, those changes are being rolled out over the next 90 days. By then, we'll hopefully be back to work and the need to use Zoom will wane.
Until then, however, I don't see why Zoom should be your go-to source for communication. It's certainly convenient and it's a fine choice for big companies. But the sheer number of flaws and security problems, coupled with the reality that competitors, like Microsoft's Skype or Google's Meet, are solid alternatives, makes Zoom less of a necessity.
Like every other tech company, I want to see Zoom succeed. But given what I know and what still needs to be done, I can't recommend that anyone use Zoom until it gets its act together.
Here's hoping it happens soon.