Zoom founder and CEO Eric S. Yuan:
Over the next 90 days, we are committed to dedicating the
resources needed to better identify, address, and fix issues
proactively. We are also committed to being transparent throughout
this process. We want to do what it takes to maintain your trust.
- Enacting a feature freeze, effectively immediately, and shifting
all our engineering resources to focus on our biggest trust,
safety, and privacy issues.
Good for Zoom. I mean that. And no one can complain that Zoom acts slowly: on Wednesday they released a new version of their Mac app that fixed their installer issues and the security vulnerabilities discovered by Patrick Wardle just one day prior. They fixed at least one major Windows problem this week too.
But this blog post from Yuan contains a lot of bullshit:
First, some background: our platform was built primarily for
enterprise customers — large institutions with full IT support.
These range from the world’s largest financial services companies
to leading telecommunications providers, government agencies,
universities, healthcare organizations, and telemedicine
practices. Thousands of enterprises around the world have done
exhaustive security reviews of our user, network, and data center
layers and confidently selected Zoom for complete deployment.
However, we did not design the product with the foresight that, in
a matter of weeks, every person in the world would suddenly be
working, studying, and socializing from home. We now have a much
broader set of users who are utilizing our product in a myriad of
unexpected ways, presenting us with challenges we did not
anticipate when the platform was conceived.
These new, mostly consumer use cases have helped us uncover
unforeseen issues with our platform.
It makes no sense on the surface that a product purportedly designed for the enterprise would have lousy security and privacy. Most of the known problems with Zoom are specifically about all the corners they cut to ease onboarding for consumer users. The truth is Zoom has had a bifurcated strategy: one for enterprise and one for consumers. The consumer thing did not just sneak up on them in the last few weeks.
For chrissake just think about that secretly-installed hidden web server issue from last summer. That wasn’t a feature for the enterprise. Zoom has been playing very loose with consumer security and privacy not by accident, but as part of a strategy that emphasized ease of use above all else.
★ Friday, 3 April 2020