Zoom, a company that was relatively well-known before has zoomed to the top ranks of the App Store, Play Store, and has become one of the most used services in the world.
That added fame and popularity doesn’t come for free, it comes with the cost of the public learning the shady and wrong privacy practices you use.
Let’s break it all down.
That’s only the tip of the iceberg. Days later Electronic Frontier Foundation noted how hosts of a Zoom meeting can monitor the activity of all meeting participants, and even collect data from their device such as their OS, location data, and IP address.
The mothership came from a Vice report after they investigated the iOS Zoom app which revealed that the app “used too” share user data with Facebook. It did so without consent, without mention, and most striking of all, without even needing the user to have or be logged into a Facebook account.
Less than 24 hours after the Vice report, Zoom pushed an app update which it says fixed the “bug.” Factual evidence that it did is nonexistent.
Facebook’s privacy record is a book within itself, but this specific case revealed a major breach of privacy and a principal contradiction to Zoom’s own “privacy values.”
Likewise, the Zoom-Facebook relation also caused a massive rise of spam and fake Zoom domains to spur across the internet attempting to use the controversy as a means to collect money and user data.
Filtering through that garbage, Zoom says that it does not sell your data, that it does not record meetings, and that it only collects data that is needed to provide you services.
The AG’s office sent a letter to Zoom asking if the company had put any measures in place to take on the increased traffic and load on its network to protect users and detect hackers. As stated by The New York Times,
“The New York attorney general’s office is “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” the letter said. “While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”
The same day independent security researchers who were looking into Zoom’s Windows and macOS software revealed that the Windows app was leaking username and passwords of users directly to cyber-criminals.
The macOS story is a little less extreme only revealing that Zoom’s .dmg installer did not ask for user consent to be installed onto the Mac leaving a wide-open door for hackers to use RAT or remote access tool to gain unauthorized ways into the Mac.
Zoom has been caught implementing every possible security loophole and threat within its software. There is nothing the company hasn’t done that doesn’t undermine the value of user privacy. Put it no other way, it has broken common sense cyber and privacy protocols.
Even the CEO’s own apology attempted to justify Zoom’s unethical privacy practices instead of unequivocally admitting they were wrong. CEO Yuan said that they had “frozen development” of features to focus on privacy and security because clearly, that wasn’t something the company gave two-damns about before they were caught.
And let’s stop acting like Zoom is a new company that is making “innocent” mistakes. Zoom was founded 9 years ago and the only reason we know of these practices is because of COVID-19.
Zoom would have never come under this much scrutiny if it wasn’t for the millions around the world relying on it to conduct their daily lives. The company would have continued all of these practices, and possibly even worse without anyone ever noticing.
It sickens me that Zoom and countless other companies have to face public backlash and stock crashes before they even care about privacy.
Zoom went to great lengths to cover up, downplay, and ignore all privacy-related concerns, and that’s just wrong.
Moving forward, Zoom is going to spend millions of dollars on this all-out PR and marketing stunt to drive the narrative that is a company that “takes privacy very seriously.”
In a matter of fact, Zoom has already brushed all of this under the carpet. In the past few days the companies social media pages have pumped out posts and tips for educators and business-people alike. Already acting like nothing ever happening.
But, it’s too late. The damage is done, there is no recovering. Trust has been lost, and there isn’t anything the company can say to change that. If I were Zoom, I’d take my stock pile of cash and spend it on admitting my mistakes instead of on a marketing campaign that will fall on deaf ears.