Skip to main content

Zoom freezes development of new features to fix privacy issues

Coronavirus lockdowns have pushed Zoom to its limits, exposing a series of severe security cracks that have gone overlooked for years. The video-conferencing service announced Thursday it would pulling out all the stops to patch them.

In a lengthy blog post, Zoom CEO Eric S. Yuan announced the company is freezing development on new user features to exclusively focus on privacy improvements over the next 90 days.

Yuan also put a number on Zoom’s surge during this time of self-isolation. He revealed that the video-conferencing software has grown nearly 1,900% and now hosts 200 million daily meeting participants (both free and paid), up from 10 million in December last year.

But that surge has come at a cost.

In the past few weeks, security researchers have discovered a range of alarming vulnerabilities inside Zoom’s infrastructure. The California-based company was also found lying about its end-to-end encryption which meant its employees, if they so chose, could access your video meetings.

On top of that, Zoom was hit by a class-action lawsuit and is under scrutiny by the office of New York’s attorney general, Letitia James over its data-collection practices.

Yuan responded to these concerns, saying: “We have strived to provide you with uninterrupted service and the same user-friendly experience that has made Zoom the video-conferencing platform of choice for enterprises around the world, while also ensuring platform safety, privacy, and security. However, we recognize that we have fallen short of the community’s — and our own — privacy and security expectations. For that, I am deeply sorry, and I want to share what we are doing about it.”

To deal with this avalanche of security issues, Zoom is enacting a feature freeze and relocating all of its “engineering resources to focus on our biggest trust, safety, and privacy issues.” This essentially means you likely won’t see any major user-facing updates from it at least in the next three months. It’s also promising to be more transparent and “preparing a transparency report that details information related to requests for data, records, or content.”

Over the past couple of days, Zoom has actively addressed most of its glaring security loopholes. Its iOS app no longer covertly sends data to Facebook’s servers.

It has also tightened up its previously vague language regarding user data in its privacy policy. There’s still a lot left to be done, however. Zoom’s desktop apps are riddled with security bugs, some of which can potentially allow hackers to take over your computer.

Shubham Agarwal
Shubham Agarwal is a freelance technology journalist from Ahmedabad, India. His work has previously appeared in Firstpost…
A dangerous new jailbreak for AI chatbots was just discovered
the side of a Microsoft building

Microsoft has released more details about a troubling new generative AI jailbreak technique it has discovered, called "Skeleton Key." Using this prompt injection method, malicious users can effectively bypass a chatbot's safety guardrails, the security features that keeps ChatGPT from going full Taye.

Skeleton Key is an example of a prompt injection or prompt engineering attack. It's a multi-turn strategy designed to essentially convince an AI model to ignore its ingrained safety guardrails, "[causing] the system to violate its operators’ policies, make decisions unduly influenced by a user, or execute malicious instructions," Mark Russinovich, CTO of Microsoft Azure, wrote in the announcement.

Read more