Zoom Video Communications

Zoom Video Communications

Zoom Video Communications is an American remote conferencing services company headquartered in San Jose, California. It provides a remote conferencing service that combines video conferencing, online meetings, chat, and mobile collaboration

History

Zoom was founded in 2011 by Eric Yuan, a lead engineer from Cisco Systems and its collaboration business unit WebEx.[1] The service started in January 2013, and by May 2013 it claimed one million participants.[2] During the first year of its release, Zoom established partnerships with B2B collaboration software providers, such as Redbooth (then Teambox),[3] and also created a program named "Works with Zoom", which established partnerships with multiple hardware and software vendors such as Logitech, Vaddio,[4] and InFocus.[5][6][7]

By June 2014, Zoom had 10 million users.[8] In February 2015, the number of participants utilizing Zoom Video Communication's chief product, Zoom Meetings, reached 40 million individuals, with 65,000 organizations subscribed. The company had hosted a total of 1 billion meeting minutes since it was established.[9]

On February 4, 2015, Zoom Video Communications received US$30 million in Series C funding. Participants in this funding round include Emergence Capital, Horizons Ventures (Li Ka-shing), Qualcomm Ventures, Jerry Yang, and Patrick Soon-Shiong.[10] In November 2015, former president of RingCentral David Berman was named president of Zoom Video Communications, and the founder and CEO of Veeva Systems, Peter Gassner, joined Zoom's board of directors.[11]

In January 2017, Zoom had officially entered the unicorn club (US$1 billion valuation) and attracted US$100 million in Series D funding from Sequoia Capital at a billion dollar valuation.

In September 2017, Zoom hosted Zoomtopia 2017, Zoom's first annual user conference. Zoom announced a series of new products and partnerships, including Zoom's Partnership with Meta to integrate Zoom with Augmented Reality, integration with Slack and Workplace by Facebook, and first steps towards an artificial intelligence speech-to-text converter.[12]

In March 2019, Zoom filed to go public on the NASDAQ;[13] on April 18, 2019, the company went public, with shares up more than 72%, with an Initial public offering of US$36 a share.[14] The company was valued at just under US$16 billion by the end of its IPO.[14]

Use during the COVID-19 pandemic

In early 2020, usage of Zoom increased sharply as schools and companies adopted the platform for remote work in response to the coronavirus disease 2019 (COVID-19) pandemic, rising 67% from the start of the year to mid-March.[15] Since the coronavirus pandemic has intensified, news outlets have reported that thousands of educational institutions switched to online classes using Zoom.[16][17] The company offered its services to K–12 schools free of charge in many countries.[18] These measures have contributed to a sharp rise in Zoom usage; for example, in one day, the Zoom app was downloaded 343,000 times with about 18% of those downloads originating in the United States.[18] Zoom gained over 2.22 million users in the first months of 2020 which is more users than they amassed in the entirety of 2019.[19] Consequently, by March 2020, Zoom shares increased to US$160.98 per share which is a 263% increase from initial share prices when Zoom first went public.[20]

Zoom also became a popular social platform over the course of the pandemic.[21][22] Young people use the platform outside of the classroom setting.[21] Gen Z and Millennials have connected with each other through events such as "Zoom Blind Dates", "Zoom Recess", and sharing Zoom related memes online, such as in the Facebook group "Zoom Memes for Self Quaranteens".[21] Zoom as a company has developed into an Internet Meme and students at a number of colleges and universities have spread memes about its use as "Zoom University".[23][24] Zoom has also gained popularity amongst older users and families separated by ongoing social distancing guidelines and mandates. These virtual social gatherings are often referred to as "Zoom Parties".[25]

With the rise of videoconferencing, incidents of "Zoombombing", the practice of participants unexpectedly appearing in conferences and sending pornography or other offensive material to other attendees, have occurred,[26][27][28] causing some organizations to abandon the use of Zoom.[29] Zoom has published a guide to reduce the chances of such incidents.[30]

On April 1, 2020, Zoom came under a large amount of scrutiny as a result of the increased popularity in the midst of the COVID-19 outbreak. As millions of users started to use the application for work, its data security and privacy measures started to be questioned.[31]

Products

Zoom offers free video conferencing for up to 100 participants, with a 40-minute time limit. Paid subscriptions are available to allow more participants, increase the time limit, and obtain more advanced features. Zoom's closed source software is claimed to be compliant with FedRAMP[32], HIPAA[33], PIPEDA and PHIPA[34], and the GDPR.[35] Zoom has received various industry recognitions for its products.[36]

Initially, Zoom could host conferences with up to 15 video participants,[37] increased to 25 in January 2013, to 100 with version 2.5 in October 2015,[38][39] and later to 1,000 for business customers.[40] Between 2015 and mid-2016, Zoom Video Communications announced native support for Skype for Business and integration with Slack.[41][42]

In September 2015, Zoom announced integration of Zoom video conferencing with Salesforce's customer relationship management platform, allowing salespeople to initiate such conferences with their sales leads without leaving the application.[43] In April 2017, Zoom launched Telehealth, a scalable telehealth product allowing doctors to remotely visit their patients through video for consultation.[44][45] In May 2017, Zoom announced a partnership with Polycom that integrated Zoom's video meetings into Polycom's conferencing systems, enabling features such as multiple screen and device meetings, HD and wireless screen sharing, and calendar integration with Microsoft Outlook, Google Calendar, and iCal.[46]

In March 2020, NextTech AR Solutions acquired software company Jolokia and intends to integrate Zoom into Jolokia’s Inferno platform.[47] This integration would allow Zoom meetings to support up to 100,000 participants with “real-time Q&A Plus immersive AR.”[47] Additional features include the ability to start a Zoom meeting from the Inferno platform and the incorporation of closed captioning in 64 languages to meeting recordings.[47]

Criticism

Privacy

Zoom has been criticized for its data collection practices,[48] which include its collection and storage of "the content contained in cloud recordings, and instant messages, files, whiteboards" as well as its enabling employers to monitor workers remotely;[49][50] the Electronic Frontier Foundation warned that administrators can join any call at any time "without in-the-moment consent or warning for the attendees of the call."[51] The United Kingdom Ministry of Defence banned its use.[52][53] During signup for a Zoom free account, Zoom requires users to permit it to identify users with their personal information on Google and also offers to permanently delete their Google contacts.

Widespread use of Zoom for online education during the novel coronavirus pandemic increased concerns regarding students' data privacy and, in particular, their personally identifiable information.[17] According to the FBI, students’ IP addresses, browsing history, academic progress, and biometric data may be at risk during the use of similar online learning services.[17] Privacy experts are also concerned that the use of Zoom by schools and universities may raise issues regarding unauthorized surveillance of students and possible violations of students’ rights under the Family Educational Rights and Privacy Act (FERPA).[54] The company claims that the video services are FERPA-compliant, and also claims that it collects and stores user data only to "provide technical and operational support".[54]

The company's iOS app was found to be sending device analytics data to Facebook on startup, regardless of whether a Facebook account was being used with the service, and without mentioning it to the user.[55] On March 27, Zoom stated that it had been "recently made aware that the Facebook SDK was collecting unnecessary device data", and that it had patched the app to remove the SDK (which was primarily used for social login support) in order to address these concerns. The company stated that the SDK was only collecting information on the user's device specifications (such as model names and operating system versions), and was not collecting personal information.[56]

In March 2020, Zoom was sued in U.S. Federal Court for illegally disclosing personal data to third parties including Facebook. According to the suit, Zoom’s privacy policy doesn’t explain to users that its app contains code that discloses information to Facebook and potentially other third parties. The company’s "wholly inadequate program design and security measures have resulted, and will continue to result, in unauthorized disclosure of its users’ personal information," according to the complaint.[57] The same month, the New York State Attorney General, Letitia James launched an inquiry into Zoom's privacy practices.[58]

Security

Zoom claims to use Advanced Encryption Standard 256-bit (AES 256) encryption.[59][60] AES is being used to protect an initial TLS control connection to Zoom server but the actual audio and video streams sent over UDP are not end-to-end encrypted. Zoom claims to use "end-to-end encryption" in its marketing materials but later clarified they meant "from Zoom end point to Zoom end point" (meaning effectively between Zoom servers), which has been described as "dishonest".[61]

In November 2018, a security vulnerability (CVE-2018-15715) was discovered[62] that allowed a remote unauthenticated attacker to spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This would allow the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. Another vulnerability allowing the client unprompted access to camera and microphone was again discovered in 2020 (CVE-2020-11470).

In July 2019, security researcher Jonathan Leitschuh disclosed[63] a zero-day vulnerability allowing any website to forcibly join a macOS user to a Zoom call, with their video camera activated, without the user's permission. In addition, attempts to uninstall the Zoom client on macOS would prompt the software to re-install automatically in the background, using a hidden web server that was set up on the machine during the first installation and remained active even after attempting to remove the client. After receiving public criticism, Zoom updated their software to remove the vulnerability and the hidden webserver, allowing complete uninstallation.[64]

Spring 2020

The popularity of Zoom caused a "sharp" increase in Zoom-related phishing scams. The number of domains containing the name "Zoom" showed a sharp increase during the COVID-19 pandemic. Many of these were used to make fake Zoom websites and links for the purposes of stealing personal information.[65]

A number of security risks were also identified late March early April. A serious issue allowed a Windows user's credentials to be exposed. This was possible as because Zoom auto-converts links entered into chat using Windows' UNC paths. Clicking on a link to a remote server would then transmit the Windows user's username and password hash (NTLM credentials). If the password is cracked then hackers can gain "... access shared network resources, such as Outlook servers and storage devices". Bleeping Computer suggested a work around for Windows users is to block NTLM credentials being sent to remote servers.[66][67][68] Matthew Hickey, another expert who confirmed the vulnerabilities, claimed that hackers could use the same vulnerability to randomly cause users' computers to execute viruses and applications. Although a prompt may pop up before execution, some users may not know that pressing the confirmation randomly may make the computer poisoned or controlled by a hacker.[citation needed]

'Zoom bombing' was also a problem. This is when an unwanted participant joins a meeting. Bleeping Computer and The Independent recommended using a meeting password, among other measures