Zoom issues an apology for privacy and security issues, will enact a feature freeze to focus on fixes
Zoom has been in the headlines a lot recently -- and not always for the reasons the company might have wanted. Thrust into the spotlight due to massively increased usage during the coronavirus pandemic, Zoom has been plagued with numerous security and privacy issues.
Now company CEO Eric S Yuan has issued a lengthy statement to Zoom users, apologizing for "unforeseen issues" and promising to improve things. For now, Zoom will get no new features as the company is focusing on fixing what is wrong, and regaining customer trust.
See also:
- Zoom claims to offer end-to-end encryption -- even though that's not strictly true
- Zoom security vulnerability can be used to steal Windows login credentials
- Zoom apologizes for Facebook privacy fiasco and updates app to stop data sharing
Yuan says that usage of Zoom has exploded, jumping from 10 million daily meeting participants up to 200 million. He goes on to say that "we recognize that we have fallen short of the community's -- and our own -- privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it".
He thanks those who have highlighted issues with Zoom:
We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.
These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones. We appreciate the scrutiny and questions we have been getting – about how the service works, about our infrastructure and capacity, and about our privacy and security policies. These are the questions that will make Zoom better, both as a company and for all its users.
We take them extremely seriously. We are looking into each and every one of them and addressing them as expeditiously as we can. We are committed to learning from them and doing better in the future.
Zoom has already taken steps to response to the criticism that has been leveled at it. The company has updated its privacy policy, removed the Facebook SDK from its iOS app, tried to address the problem of Zoombombing, fixed a security issue with UNC links, and clarified its position on end-to-end- encryption. But there's more to come.
Yuan explains what else Zoom is going to be doing over the coming months:
Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust. This includes:
- Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
- Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
- Preparing a transparency report that details information related to requests for data, records, or content.
- Enhancing our current bug bounty program.
- Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
- Engaging a series of simultaneous white box penetration tests to further identify and address issues.
- Starting next week, I will host a weekly webinar on Wednesdays at 10am PT to provide privacy and security updates to our community.
You can read the full statement here.
Image credit: Tada Images / Shutterstock