In this time of social distancing and sudden transition to working from home, Zoom has emerged as the primary tool for online collaboration.
Their stock price has soared to ridiculous levels. Zoom’s PE ratio, a measurement of the value of all their stock against one year’s revenue, is far above the 13-15 ratio most investors seek. Over the last few weeks, Zoom’s PE ratio has been in the 1000’s, with a high of over 6,400.
And during these last few weeks, Zoom has abruptly changed from an obscure service with 10 million business users. Now, amid this coronavirus crisis, Zoom has become the connection point for an economy that relies on communication and collaboration. Within a few weeks, Zoom ballooned to 200 Million users.
And privacy advocates are up in arms because Zoom is a security mess.
Zoom’s security problems
News outlets as prestigious as NPR have bashed Zoom’s lack of user protections. EFF, the digital privacy advocacy group, has written about them numerous times, often in relation to the class action lawsuit currently levied against Zoom. The suit posits that Zoom gave user information to Facebook even if Zoom users did not have a Facebook account.
Zoom CEO Eric Yuan said he “really messed up” and is struggling to restore the reputation of the video tool.
In light of Zoom’s new popularity, the EFF has renewed their warnings with a fresh wave of articles. I’ll recommend the most important of these later in this post.
Senators and government prosecutors have launched independent investigations into security failures, the most damning of which might be Ohio Senator Sherrod Brown’s letter to the FTC seeking an investigation of Zoom’s advertising claim of providing end-to-end encryption of messages and other data shared between users.
Zoom is trying to address security issues
Likely in response to Brown’s letter, Zoom wrote a blog post clarifying that not everything is encrypted, with diagrams and definitions to help Zoom users discern when they have or have not been protected.
Even with my technical knowledge, I find the blog post overly complicated. The crux of the post seems to be that if you don’t download their software onto your computer or phone (and grant Zoom greater access to your systems and personal data), they will not guarantee your protection in return. This fact has not been clear in Zoom’s marketing efforts, according to Senator Brown.
And The Guardian went so far as to question if Zoom is malware in the headline of a widely circulated article.
Being malware is a serious charge. Trojan viruses are probably the most famous form of malware, but ransomware attacks on hospitals are quickly catching up. These attacks target patient medical data and lock hospital staff out of their own files until the hospital pays the attacker to retreat. And recently, we have discovered that these hackers are even willing to lock COVID-19 research.
Zoom’s CEO also made a public statement on April 1st vowing to pause any development projects that were not security-focused in order to make safety their primary directive. However the security conditions on Zoom seem to only be getting worse as new users, and new trolls, sign up.