Zoom finally announces plan to address privacy concerns

Since the outbreak of the coronavirus, Zoom's daily user base has shot up by almost 70 percent.

Kena Betancur/Getty Images News/Getty Images

After a string of reports detailing questionable data practices and calls for transparency, Zoom seems to have finally listened. In an official blog post on April 1, the company's CEO Eric Yuan stated that Zoom is actively looking into reports about privacy and security flaws.

That took a while — It shouldn't have taken this long to address urgent concerns — especially during a pandemic — but it's better late than never. The company is giving itself 90 days to get a grip on things. "We welcome your continued questions and encourage you to provide us with feedback," Zoom's CEO wrote, "our chief concern, now and always, is making users happy and ensuring that the safety, privacy, and security of our platform is worthy of the trust you all have put in us."

'Trust' is a stretch — If you're feeling a dash skeptical about this newfound vow to do better, you're not alone. Complaints about Zoom's vulnerabilities and data extraction models have flooded online for weeks now. Input has previously reported on the high potential for misuse through Zoom's attention tracking tool, how privacy advocacy groups are demanding security reports from the company, how Zoom's URL automatic conversion opens UNC injection paths for hackers, the way Zoom iOS delivers your data to Facebook, and more.

Here's what happens now — The essential gist of Yuan's post is that Zoom was initially designed for corporate enterprises; the company claims that it had no idea everyday consumers would flock to the program for commercial, academic, and personal use. To mitigate privacy problems, Yuan says that Zoom will:

  • Provide tutorial webinars, live daily demos, video trainings, and other resources.
  • To combat Zoombombing (where trolls hijack meetings), Yuan says the client will offer passwords, waiting rooms, and limit screen sharing.
  • For iOS users, Zoom will apparently take out the Facebook SDK (Input mentions here) to avoid unnecessary data collection.
  • Zoom also notes that it will clarify its personal data selling model, noting that it has "no intention of selling users’ data going forward."
  • If you're a teacher reliant on Zoom, the company has a set of changes like virtual classrooms, security tips, K-12 privacy policy, and content sharing protocol. It has not, however, made clear whether it is FERPA or COPPA compliant.
  • Zoom acknowledges and apologizes for the lack of clarity around its encryption platform.
  • It says it has removed the notorious attention tracking feature Input previously covered.
  • It says it has resolved its UNC issue.
  • Over the next 90 days, Yuan intends to pool engineering resources into identifying and fixing reported privacy and security problems.

The company remained silent up until now. It's hard to know whether Yuan — whose enterprise has gone from seeing 10 million daily users to 200 million daily users (both free and corporate) — is sincerely invested in providing secure services to his users or whether this is simple public image control. We now have three months to wait and see.