It turns out that Zoom, which millions of people use every day, has a few problems. The problems aren't new, however, with the increased usage by everyone from remote teams to piano teachers to schools to grandparents, they are getting an increased level of scrutiny. And they should.
This increased level of scrutiny is kind of like what happens to a presidential candidate when they have a good night at a debate, or start to rise in the poll. Until then, no one really pays that much attention, but now--with the spotlight on--we start to see all the quirks and wrinkles.
Of course, this isn't actually the first time Zoom has had a privacy or security issue. I wrote last year about a flaw that would allow websites to spy on you. It's just that at the time, outside of companies with remote workforces, most people had no idea what Zoom was, and even fewer had ever been on a videoconference.
Now, however, with the spotlight on it, Zoom is suddenly not looking quite as good. Aside from the problem of hackers dropping into your meetings, in just the past two weeks, the New York attorney general has launched an investigation into how the company handles user privacy. In California, a class-action lawsuit alleges that Zoom is violating users' privacy.
Let's also not leave out the fact that Zoom is apparently leaking your personal email to other users with a feature that groups similar emails into shared contact lists. Or the fact that despite Zoom's claims to use end-to-end encryption for video calls, that's not actually true. As The Intercept points out, Zoom is using a form of encryption that secures data in transit, meaning it's safe from someone who might be snooping on your internet traffic, but Zoom itself can still access your data and recordings.
There are technical reasons for this, which Zoom points out in its security white paper, but the bottom line is that recordings of your meetings aren't necessarily as private as you think. That seems like something that should be clear to users, especially since Zoom shows you a nice little "lock" icon to give you the peace of mind that everything is encrypted.
Finally, just yesterday, my Inc.com colleague Don Riesinger wrote about a new zero-day attack on Zoom that would make every user vulnerable to having their computer taken over.
I reached out to Zoom, and a spokesperson responded that the company "takes its users' privacy, security, and trust extremely seriously," and pointed me to a recent blog post by Eric Yuan, the company's CEO, on the steps it is taking to address these issues. That includes a fix for the zero-day attack, as well as a commitment to resolving these and future issues. According to Yuan:
Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust.
Here's the bottom line: We need Zoom to step it up a little. It's literally become the most important service on the internet right now. Like millions of remote workers, I spend three or four hours a day in meetings on Zoom.
It's how my company, and pretty much every company right now, stays connected. It's also how millions more Americans who are stuck inside stay connected--like my son, who spent a half-hour with his kindergarten class on Zoom today. It's how my mom, who happens to be a township official, held a board meeting so that the government can continue to serve the community.
Sure, there are other options, but as I pointed out last month, none of them are as easy-to-use or accessible as Zoom. At least, not yet.
Note to Zoom: The spotlight is on you. This is your big moment and while your performance so far has been outstanding, it's really time to double down on the fundamentals. We're all counting on you.