Zoom will let paying users stop their data being routed through China as part of the video conferencing app’s latest security update
- Zoom admitted it was possible some user data was previously routed via China
- This happened after demand for Zoom soared amid the coronavirus lockdown
- Zoom CEO Eric Yuan apologised for this and said the issue was now fixed
- The US-based company is now also releasing a feature for paying customers to give paying customers have more control over where their data is sent
- Learn more about how to help people impacted by COVID
Popular video-calling app Zoom will let paying customers prevent their data being routed via China in an update set to go live on April 18.
It is the latest security patch Zoom has ushered out in recent weeks as it tries to recover from a litany of concerning privacy issues.
The cyber-security upgrade comes in response to concerns that data from meetings was being sent via data centres in China, which critics argued was a security risk.
Zoom previously maintained no data was routed through China but CEO Eric Yuan later admitted best practices were not implemented as the company rushed to keep up with rapid demand amid the coronavirus lockdown.
As a result, some meeting data may have been routed through China. Mr Yuan said this issue had since been corrected.
Scroll down for video
Zoom previously maintained no data was routed through China but CEO Eric Yuan later admitted best practices were not implemented as the company rushed to keep up with rapid demand amid the coronavirus lockdown (file photo)
Now, the company has said it will allow its paying subscribers to directly choose which data centre regions are happy for their meeting data to transit through.
In a blog post, the firm writes: ‘Beginning April 18, every paid Zoom customer can opt in or out of a specific data center region.
‘This will determine the meeting servers and Zoom connectors that can be used to connect to Zoom meetings or webinars you are hosting and ensure the best-quality service.’
The firm currently has eight data centre regions: the United States, Canada, Europe, India, Australia, China, Latin America, and Japan/Hong Kong.
However, users will not be able to opt out of their default region, where their account is provisioned, Zoom said, adding that for the majority of customers, this was the US.
The company also said that free users will be locked to data centres within their default region and will not be able to opt in or out of others.
Bu the US-based company says the data of free users will never be routed through China.
Last week, it was reported Google and the US Senate were banning the use of Zoom amid data security concerns.
Google and the Senate join NASA, SpaceX, Tesla and the German Federal Foreign Office in ditching the app for official business.
Zoom has rapidly become one of the most essential apps as people adapt to remote working.
However the app’s surge in popularity has been outstripped by a string of publicity disasters and various privacy scandals.
Zoom has acknowledged that its security measures were inadequate, and that its rise to prominence and the scrutiny that comes with such an astronomical rise caught the company off-guard.
To address concerns, the company has hired former Facebook security chief Alex Stamos as an adviser.
It also formed an advisory board to look into its privacy and safety practices.
Zoom has also sent out an update with a new security menu to make accessing privacy tools easier.
The platform has introduced a dedicated security icon at the bottom of the screen from which users can quickly access all the app’s safety features.
The new menu now allows to update security settings while live in a call for the first time, rather than making meeting hosts set security settings before a call.
This was something critics said was leading to gaps in meeting security and privacy, because users unaware of all Zoom’s safety features often started meetings without seeing all the options.
In addition to the new centralised security menu, Zoom said meeting IDs would no longer be displayed on the title toolbar.
The company said this was to prevent others seeing active meeting IDs when ‘Zoom screenshots are posted publicly’, and using the information to crash meetings.
Prime Minister Boris Johnson was criticised when hosting a virtual Cabinet meeting on the platform last month, after he revealed the meeting ID and usernames of several Cabinet ministers by posting a screenshot to Twitter.
The company hired former Facebook security chief Alex Stamos as an adviser and formed an advisory board to look into its privacy and safety practices.
Zoom also released a privacy-focused update last week in an attempt to bolster its data protection measures and prevent the loss of more users.
It involves a new security menu to make accessing privacy tools easier.
A dedicated security icon will feature at the bottom of the screen from which users can quickly access all the app’s safety features.
‘We recognise that various security settings in the Zoom client, while extremely useful, were also extremely scattered,’ the company said of the update.
‘The addition of this persistent Security icon helps augment some of the default Zoom security features in your profile settings and enables Zoom users to more quickly take action to prevent meeting disruption.’
In addition to the new centralised security menu, Zoom said meeting IDs would no longer be displayed on the title toolbar.
The company said this was to prevent others seeing active meeting IDs when ‘Zoom screenshots are posted publicly’, and using the information to crash meetings – a practice known as ‘Zoombombing’.
Prime Minister Boris Johnson was criticised when hosting a virtual Cabinet meeting on the platform last month, after he revealed the meeting ID and usernames of several Cabinet ministers by posting a screenshot to Twitter.
It was also revealed previously that Zoom claims to secure calls with end-to-end encryption, the industry gold standard for privacy.
But the company actually employs a lesser form of security called TLS which is similar to HTTPS — used to secure websites.
Zoom calls this lesser feature ‘end-to-end encryption’, a different definition to what is used by the rest of the industry.
With Zoom’s form of cybersecurity, a chat is encrypted on a server but, if Zoom and its staff wanted to, they could unlock the chat and view its contents.
In the UK, Prime Minister Boris Johnson was mocked after sharing a screenshot of the cabinet’s virtual meeting and leaving on the Zoom ID (pictured). Zoom’s latest update removes the ID from the top bar of a call
Zoom also released a privacy-focused update last week in an attempt to bolster its data protection measures and prevent the loss of more users. It involves a new security menu to make accessing privacy tools easier (security icon pictured bottom of the screenshot, next to participants, which is available to call hosts)
The Zoom security menu offers hosts a range of security and privacy features to prevent ‘Zoombombing’
CEO Eric Yuan then put out a startling statement discussing the issues the company faced as its popularity skyrocketed.
It reads in its entirety: ‘Whether you are a global corporation that needs to maintain business continuity, a local government agency working to keep your community functioning, a school teacher educating students remotely, or a friend that wants to host a happy hour to spark some joy while social distancing, you are all managing through unique challenges brought upon by this global health crisis.
‘During this time of isolation, we at Zoom feel incredibly privileged to be in a position to help you stay connected.
‘We also feel an immense responsibility. Usage of Zoom has ballooned overnight – far surpassing what we expected when we first announced our desire to help in late February.
‘This includes over 90,000 schools across 20 countries that have taken us up on our offer to help children continue their education remotely.
‘To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million.
‘In March this year, we reached more than 200 million daily meeting participants, both free and paid.
‘We have been working around the clock to ensure that all of our users – new and old, large and small – can stay in touch and operational.
‘We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security.
‘However, we recognize that we have fallen short of the community’s – and our own – privacy and security expectations.
‘For that, I am deeply sorry, and I want to share what we are doing about it.’
Source: Read Full Article