Zoom CEO Addresses Security and Privacy Concerns of Its Users

With cities all over the globe going into lockdown and the movement of people becoming more and more restricted, there has been a scramble to achieve connectivity with others despite everything. This is easily seen in the new-found popularity of video conferencing app, Zoom.

Image Credit: Carlo Allegri/AP

(WHO recommends playing video games to cope with isolation during COVID-19 pandemic)

In March alone, Zoom’s daily number of meeting participants jumped from 10 million – their figures as of December 2019 – to 200 million. However, Zoom was unprepared to cater to such a high volume of users and have faced a number of security issues.

CEO and founder of Zoom Eric Yuan published an apology in a blog post last April 1 for issues such as the level of encryption on the platform and its sharing of user data with Facebook.

“We recognize that we have fallen short of the community’s – and our own – privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it,” Yuan writes.

“Our platform was built primarily for enterprise customers – large institutions with full IT support. These range from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare organizations, and telemedicine practices,” he explains.

“However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived. ”

Yuan then addresses the recent issues which have come to light: “We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future.”

He lists the following points to assure that action has already been taken with regards to user concerns:

  • On March 20th, we published a blog post to help users address incidents of harassment (or so-called “Zoombombing”) on our platform by clarifying the protective features that can help prevent this.
  • On March 27th, we took action to remove the Facebook SDK in our iOS client and have reconfigured it to prevent it from collecting unnecessary device information from our users.
  • On March 29th, we updated our privacy policy to be more clear and transparent around what data we collect and how it is used – explicitly clarifying that we do not sell our users’ data, we have never sold user data in the past, and have no intention of selling users’ data going forward.
  • Published a blog to clarify the facts around encryption on our platform – acknowledging and apologizing for the confusion.
  • Permanently removed the attendee attention tracker feature.
  • Released fixes for both Mac-related issues raised by Patrick Wardle.
  • Released a fix for the UNC link issue.
  • Permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature.

Included in the apology was a list of measures Zoom promises to enact to better safeguard users:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
  • Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
  • Preparing a transparency report that details information related to requests for data, records, or content.
  • Enhancing our current bug bounty program.
  • Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
  • Engaging a series of simultaneous white box penetration tests to further identify and address issues.
  • Starting next week, I will host a weekly webinar on Wednesdays at 10 am PT to provide privacy and security updates to our community.

“Transparency has always been a core part of our culture,” Yuan concludes. “I am committed to being open and honest with you about areas where we are strengthening our platform and areas where users can take steps of their own to best use and protect themselves on the platform.”

What do you think about this?

Do you have a story for the WhenInManila.com Team? Email us at story.wheninmanila@gmail.com or send us a direct message at WhenInManila.com Facebook Page. Interact with the team and join the WhenInManila.com Community at WIM Squad!


Related Stories