Zoom, the company most of the world didn’t know existed before quarantine, is being banned from New York City classrooms due to some increasingly disturbing instances of “Zoombombing.”
Zoombombing, which the FBI has previously warned against, is a newish trend in which a bad actor hijacks a chat or call to transmit pornographic images, doxx others, or taunt them with hate speech and threats. Zoombombers have their own communities, sharing Zoom meeting IDs and coordinating attacks in online forums. Some have even recorded these attacks and published them on YouTube.
“The safety and security of our staff and students is at the forefront of every decision we make around remote learning, and for that reason, we have asked schools to transition away from using Zoom as soon as possible,” a spokesperson for The New York City Department of Education told Gizmodo. “We know this transition won’t happen overnight, and we are supporting our educators with training and professional development to get them onto secure tools like Google and Microsoft Teams.”
Zoom, now worth an estimated $30 billion, has run into a bit of a rough patch of late. As its popularity began to skyrocket during the quarantine — with hundreds of millions of students, employees, and colleagues relying on the service to conduct business as usual — so did the visibility of its shortcomings. It became clear, and quickly, that Zoom simply wasn’t ready for the primetime.
Here is a complete list of its recent snafus, 14 in total, but here are just a few of the highlights:
- Exposing private messages when administrators export chat transcripts after Zoom sessions. Meetings hosts can choose to create a transcript of a meeting, a transcript that contains all users’ private messages.
- Failing to secure Zoom meetings from Google’s spiders. The Washington Post reported about how trivially easy it is to find Zoom recordings on the web by searching common file-naming patterns that Zoom applies automatically.
- End-to-end encryption? Zoom claims to use end-to-end encryption to secure its meetings, but this was later proven false. Zoom instead uses Transport encryption, which secures the connection between you and the server you’re connected to, while giving Zoom — or its partners — access to this data.
Zoom’s troubles, however, don’t stop at privacy issues. There are some truly strange “feature” choices too. Its “privacy tracking” feature, for example, alerts employers if you’re paying too much attention to a new active window (rather than the meeting) during a Zoom chat.
And if that weren’t enough, we now have reports that its executives dumped millions in company stock before any of these issues came to light.
The damage to Zoom’s brand is unmistakable, though it’s used in a world that’s not necessarily inhabited by the most tech-savvy of people. 30% of businesses, for example, are still using legacy operating systems. It’s unclear how much this moves the needle for people who clearly aren’t all that concerned with running secure software.