In the space of a few weeks, the video-conferencing app Zoom has gone from barely known to one of the most talked-about chat apps, jumping from from 10 to 200 million daily users.
But with its success came grave data privacy concerns.
Hardly a day has gone by without new stories of security flaws, dubious privacy policies and obscene or racist “Zoombashing”.
Prominent clients like electric car brand Tesla and space company SpaceX have abandoned it. New York has instructed schools to switch to the Microsoft equivalent, Teams. And authorities in Taiwan are halting use due to security concerns.
Despite a massive success on paper, Zoom boss Eric Yuan has admitted he’s not sleeping well. “If we screw up again, it’s over,” he recently told the Wall Street Journal.
You might not have heard of it before the pandemic, but Zoom has been around for more than eight years. The company was worth around 20 billion US dollars on the stock market even before being boosted by a global lockdown. Now it’s worth around 34 billion dollars.
Initially its business-oriented approach meant that Zoom was largely unknown to the general public. Then the rapid spread of the coronavirus forced millions to work from home and avoid meeting up in person.
Almost overnight, Zoom was being used for teaching, birthday parties and yoga classes, as well as countless more business meetings.
What was surprising is how Zoom managed to steal the show from other video conferencing services, as well as popular chat services from Apple, Google and Microsoft.
The latter even offered many of the same features Zoom had with the far-better-known Skype.
An analysis by equipment provider Nokia showed that Zoom was responsible for most of the growth in online video conference traffic.
Zoom’s simple design was a big help. You only needed to click on a link and you’re in.
However, years of emphasis on ease of use also laid the foundation for massive problems that became apparent when Zoom was no longer used only in protected corporate environments, but by the wider public.
The best known problem was “Zoombombing,” where strangers would crash their way into someone else’s conversation.
After all, all you need is a link -- no password. What’s more, type in enough random conference IDs codes and eventually you could happen upon someone else’s ongoing video chat.
What at first sounded like harmless pranks and a bit of a nuisance, was far more serious: Church services and school lessons in the US were interrupted by racist taunts and images of Nazi symbols. Photos of people drinking appeared at Alcoholics Anonymous meetings.
The New York Times reported that online groups were even planning such attacks on both the dark web and Instagram.
Zoom has since responded by making password protection a standard setting.
How much this helps, however, remains to be seen.
In any case, Zoombombing wasn’t the service’s only problem. Zoom’s rise drew the attention of security experts, who quickly found hair-raising flaws.
“Zoom’s security is at best sloppy, and malicious at worst,” cryptography expert Bruce Schneier says. “Zoom’s encryption is awful.” Researchers at the University of Toronto’s Citizen Lab found that Zoom uses an encryption method that has been deemed inadequate.
The company also had to retract its claim that conversations are secured by end-to-end encryption. This is a fixed term for a method in which only users and recipients have access to the unencrypted data.
Zoom, however, has the keys to enable dial-in via conventional telephone, for example.
Among the various other problems were the unsolicited disclosure of data to Facebook, the redirection of some conferences to servers in China and the possibility hackers could guess web addresses where private video recordings are stored.
Company boss Yuan announced Zoom would stop rolling out new features so it could dedicate its efforts to patching up the security vulnerabilities.
Alarm bells should already have been ringing before the coronavirus outbreak. It turned out that Zoom had obtained extensive permissions when installing the software on Apple’s Mac computers by installing a secret web server on the device.
Even worse, it remained on the computer even if the Zoom software was deleted. Apple was forced to remove the Zoom server from the Macs with a forced update.
Zoom boss Yuan has since promised to win back the trust of the users and wants it known that he is not welcoming the massive amount of new users at any price. However, Zoom’s own success may still prove to be its undoing.
What’s Neue With You?
The Neue team would love to hear your thoughts about this article.