Editorial: Dear Zoom, the damage is done, there is no recovering.

dear zoom rect 1

Zoom, a company that was relatively well-known before has zoomed to the top ranks of the App Store, Play Store, and has become one of the most used services in the world.

That added fame and popularity doesn’t come for free, it comes with the cost of the public learning the shady and wrong privacy practices you use. 

Let’s break it all down. 

The hell-storm started on March 24th, 2020 when Consumer Reports published a piece highlighting how Zoom’s old privacy policy stated that it had the legal right to collect and store user data and then to sell that data to advertisers to collect money. Merely as if Zoom didn’t think that was bad enough, their policy went on to state that it also had the right to collect and store “customer content” which included actual video recordings of meetings, messages, shared files, and more. 

That’s only the tip of the iceberg. Days later Electronic Frontier Foundation noted how hosts of a Zoom meeting can monitor the activity of all meeting participants, and even collect data from their device such as their OS, location data, and IP address.

The mothership came from a Vice report after they investigated the iOS Zoom app which revealed that the app “used too” share user data with Facebook. It did so without consent, without mention, and most striking of all, without even needing the user to have or be logged into a Facebook account. 

Less than 24 hours after the Vice report, Zoom pushed an app update which it says fixed the “bug.” Factual evidence that it did is nonexistent. 

Facebook’s privacy record is a book within itself, but this specific case revealed a major breach of privacy and a principal contradiction to Zoom’s own “privacy values.”

Likewise, the Zoom-Facebook relation also caused a massive rise of spam and fake Zoom domains to spur across the internet attempting to use the controversy as a means to collect money and user data.

On March 29th, 5 days after the first sign that something was off, Zoom spoke out. In an update to its privacy policy posted on its website, Zoom says that “privacy is an extremely important topic, and we want you to know that at Zoom, we take it very seriously.”

Filtering through that garbage, Zoom says that it does not sell your data, that it does not record meetings, and that it only collects data that is needed to provide you services.

A day later, Zoom’s CEO posted a link on Twitter to the companies privacy policy where it was just more nonsense and hypocritical statements.

I’ll be honest, if that was the end of the story and Zoom updated their privacy policy, I’d be satisfied. Yet literally 3 hours later, it’s revealed that Zoom was being investigated by the office of New York Attorney General, Letitia James. 

The AG’s office sent a letter to Zoom asking if the company had put any measures in place to take on the increased traffic and load on its network to protect users and detect hackers. As stated by The New York Times

“The New York attorney general’s office is “concerned that Zoom’s existing security practices might not be sufficient to adapt to the recent and sudden surge in both the volume and sensitivity of data being passed through its network,” the letter said. “While Zoom has remediated specific reported security vulnerabilities, we would like to understand whether Zoom has undertaken a broader review of its security practices.”

There’s more.

The same day independent security researchers who were looking into Zoom’s Windows and macOS software revealed that the Windows app was leaking username and passwords of users directly to cyber-criminals.

The macOS story is a little less extreme only revealing that Zoom’s .dmg installer did not ask for user consent to be installed onto the Mac leaving a wide-open door for hackers to use RAT or remote access tool to gain unauthorized ways into the Mac. 

Zoom has been caught implementing every possible security loophole and threat within its software. There is nothing the company hasn’t done that doesn’t undermine the value of user privacy. Put it no other way, it has broken common sense cyber and privacy protocols.

It’s truly hard for me to even begin to comprehend that the company thinks that one blog post, one privacy policy update, one tweet and one so-called “apology” from their CEO will magically fix all their issues. Zoom has been nothing less than arrogant and lackadaisical in their approach to fix this.

Even the CEO’s own apology attempted to justify Zoom’s unethical privacy practices instead of unequivocally admitting they were wrong. CEO Yuan said that they had “frozen development” of features to focus on privacy and security because clearly, that wasn’t something the company gave two-damns about before they were caught. 

And let’s stop acting like Zoom is a new company that is making “innocent” mistakes. Zoom was founded 9 years ago and the only reason we know of these practices is because of COVID-19.

Zoom would have never come under this much scrutiny if it wasn’t for the millions around the world relying on it to conduct their daily lives. The company would have continued all of these practices, and possibly even worse without anyone ever noticing. 

It sickens me that Zoom and countless other companies have to face public backlash and stock crashes before they even care about privacy. 

Zoom went to great lengths to cover up, downplay, and ignore all privacy-related concerns, and that’s just wrong.

Moving forward, Zoom is going to spend millions of dollars on this all-out PR and marketing stunt to drive the narrative that is a company that “takes privacy very seriously.” 

In a matter of fact, Zoom has already brushed all of this under the carpet. In the past few days the companies social media pages have pumped out posts and tips for educators and business-people alike. Already acting like nothing ever happening.

But, it’s too late. The damage is done, there is no recovering. Trust has been lost, and there isn’t anything the company can say to change that. If I were Zoom, I’d take my stock pile of cash and spend it on admitting my mistakes instead of on a marketing campaign that will fall on deaf ears. 

Default image
Sami
Sami started falling in love with Apple in 2010 with the iPhone 4S. As a registered developer, he deeply admires the world of Apple. Sami is an aspiring journalist, writer, and actor. He also has devoted his life to sharing his passion and knowledge with others around the world.