Quick Turnaround From Zoom on Mac Issues, But Their Story Remains Bullshit

Zoom founder and CEO Eric S. Yuan:

Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust. This includes:

  • Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.

Good for Zoom. I mean that. And no one can complain that Zoom acts slowly: on Wednesday they released a new version of their Mac app that fixed their installer issues and the security vulnerabilities discovered by Patrick Wardle just one day prior. They fixed at least one major Windows problem this week too.

But this blog post from Yuan contains a lot of bullshit:

First, some background: our platform was built primarily for enterprise customers — large institutions with full IT support. These range from the world’s largest financial services companies to leading telecommunications providers, government agencies, universities, healthcare organizations, and telemedicine practices. Thousands of enterprises around the world have done exhaustive security reviews of our user, network, and data center layers and confidently selected Zoom for complete deployment.

However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.

These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform.

It makes no sense on the surface that a product purportedly designed for the enterprise would have lousy security and privacy. Most of the known problems with Zoom are specifically about all the corners they cut to ease onboarding for consumer users. The truth is Zoom has had a bifurcated strategy: one for enterprise and one for consumers. The consumer thing did not just sneak up on them in the last few weeks.

For chrissake just think about that secretly-installed hidden web server issue from last summer. That wasn’t a feature for the enterprise. Zoom has been playing very loose with consumer security and privacy not by accident, but as part of a strategy that emphasized ease of use above all else.

Friday, 3 April 2020