Zoom (software)

Zoom, stylized as zoom or Zoom Meetings is a proprietary videotelephony software program developed by Zoom Video Communications. The free plan allows up to 100 concurrent participants, with a 40-minute time restriction. Users have the option to upgrade by subscribing to a paid plan. The highest plan supports up to 1,000 concurrent participants for meetings lasting up to 30 hours.

During the COVID-19 pandemic, there was a major increase in the use of Zoom for remote work, distance education, and online social relations. The increase led to Zoom being one of the most downloaded mobile apps worldwide in 2020 with over 500 million downloads and over 300 million daily meeting participants.

History

Zoom was originally founded in 2011. Its headquarters are located in San Jose, California. Zoom also has offices in the USA, China, India as well as Oceania, Europe and other parts of Eastern Asia.
A beta version of Zoom—that could host conferences with only up to 15 video participants—was launched on August 21, 2012. On January 25, 2013, version 1.0 of the program was released with an increase in the number of participants per conference to 25. By the end of its first month, Zoom had 400,000 users and rose to over one million users by May 2013. After the start of the COVID-19 pandemic, by February 2020, Zoom had gained 2.22 million users in 2020 – more users than it amassed in the entirety of 2019 with the company's share price spiking by 35 percent. In March 2020, the Zoom app was downloaded 2.13 million times. In April 2020, Zoom had more than 300 million daily meeting participants.
On August 24, 2020, Zoom experienced widespread outages for several hours before service was restored.

Features

Zoom One has six tiers: Basic, Pro, Business, Business Plus, Enterprise, and Enterprise Plus. Zoom is compatible with Windows, macOS, iOS, Android, ChromeOS, and Linux. It is noted for its simple interface and usability, regardless of technological expertise. Features include one-on-one meetings, group video conferences, screen sharing, plugins, browser extensions, and the ability to record meetings and have them automatically transcribed. On some computers and operating systems, users are able to select a virtual background, which can be downloaded from different sites, to use as a backdrop behind themselves.

Use of the platform is free for video conferences of up to 100 participants at once, with a 40-minute time limit. For longer or larger conferences with more features, paid subscriptions are available. Features geared towards business conferences, such as Zoom Rooms, are also available. Up to 49 people can be seen on a desktop or laptop screen at once, up to 4 people per screen in iPhone and Android mobile phones and tablet computers, and up to 16 people per screen on iPad.

Zoom security features include password-protected meetings, user authentication, waiting rooms, locked meetings, disabling participant screen sharing, randomly generated IDs, and the ability for the host to remove disruptive attendees. As of June 2020, Zoom began offering end-to-end encryption to business and enterprise users, with AES 256 GCM encryption enabled for all users. In October 2020, Zoom added end-to-end encryption for free and paid users. It is available on all platforms, except for the official Zoom web client.

Zoom also offers a transcription service using Otter.ai software that allows businesses to store transcriptions of the Zoom meetings online and search them, including separating and labeling different speakers.

As of July 2020, Zoom Rooms and Zoom Phone also became available as hardware as a service products. As of July 2022, Zoom Phone is available for domestic telephone service in 47 countries, and the company has sold 3 million seats for the service. Zoom for Home, a category of products designed for home use, became available in August 2020. Zoom Phone Provider Exchange, which gives customers options for voice services, reaches more than 70 countries. In July 2022, an option was added on Zoom Phone to turn on end-to-end encryption during one-on-one calls between users on the same company account.

In September 2020, Zoom added new accessibility features to make the app easier to use for those who are deaf, hard of hearing, or visually impaired. New features include the ability to move around video windows in gallery view, pin video windows to be spotlighted; improved keyboard shortcuts; new tools to adjust the size of closed captioning text; and sign language interpreters' windows can now sit directly next to the speaker.

In October 2020 at Zoomtopia, Zoom's annual user conference, the company unveiled OnZoom, a virtual event marketplace with an integrated payment system where users can host and promote free or paid live events. With OnZoom, users will be able to schedule and host one-time events or event series for up to 1,000 attendees and sell tickets online. The company also announced Zoom Apps, a feature integrating third-party apps so they can be used within the Zoom interface during meetings. The first such apps were expected to be available around the end of 2020, from companies including Slack, Salesforce, Dropbox, and Qatalog. In October 2020, Zoom gave its users better security with an upgrade to end-to-end encryption for its online meetings network.

In October 2020, Zoom also signed a new carrier agreement between Global BT Business to offer a fully managed Zoom Meetings service featuring a choice of connectivity and integration with its global voice network

On March 22, 2021, Zoom announced that it would start selling its videoconferencing technology as a white-label product, so other companies can embed it in their own products, with the calls running over Zoom but not carrying the company's brand name.

In August 2021, Zoom launched a new feature called Focus Mode. It is designed for use in digital classrooms and other educational settings. When active, the mode will hide participants' screens from each other (though they can see each other's names) while the host retains the ability to see everyone's camera stream or screen share. The feature is available across all Zoom accounts, including free ones.

In September 2021 at Zoomtopia, the company announced that end-to-end encryption would now be available as an upgrade for Zoom Phone users. The company also announced Bring Your Own Key (BYOK) (for users to manage their own encryption keys that Zoom cannot access or see), Verified Identity (a multi-factor authentication feature working through Okta that allows users to confirm the identity of meeting participants), and Video Engagement Center (for businesses to digitally interact with customers). Other updates include revamped virtual whiteboard features, including touchscreen whiteboards that can be digitized for remote participants, and improved collaboration between Zoom Meetings and Zoom Chat.

In October 2021, the option to automatically generate closed captions in English for Zoom meetings was expanded to all accounts, including free ones. The feature had previously only been available for Premium users.

In April 2022, Zoom added new features including gesture recognition, a virtual whiteboard, and Zoom IQ for sales. In February 2022, the company launched Zoom Contact Center, a cloud contact center optimized for video calls and integrated directly into Zoom.

In June 2022, Zoom One was launched. It brings together chat, phone, whiteboard, and video conferencing capabilities into a single offering. Also in June 2022, Zoom opened its Zoom Apps developer program to all developers, via Zoom Apps SDK. With the release of Zoom One, the company offers video conferencing translation and captioning for 11 languages: English, simplified Chinese, Dutch, French, German, Italian, Japanese, Korean, Russian, Spanish, and Ukrainian. This feature is available with the Business Plus and Enterprise Plus plans.

Usage

Since the start of the COVID-19 pandemic, Zoom has been used by banks, schools, universities, and government agencies around the world, by the UK Parliament, by healthcare professionals for telemedicine, barbershops, and ceremonies such as birthday parties, funeral services, and bar and bat mitzvah services. Zoom formed a partnership with Formula One to create a virtual club where fans can go behind the scenes and take part in virtual activities through Zoom, beginning with the Hungarian Grand Prix on July 19, 2020. An article published in July 2020 in the ''San Francisco Chronicle'' noted a new real estate trend in San Francisco and Oakland where some listings include "Zoom rooms" with backdrops for Zoom calls. People were complaining about "zoom fatigue" (too many video calls) before they had their "zoom happy hour" (online social meeting with friends or colleagues).

Richard Nelson's play ''What Do We Need to Talk About?'' takes place on Zoom, with its main characters congregating online during the COVID-19 pandemic using Zoom. Written and directed by Nelson, it was commissioned by The Public Theater and premiered on YouTube on April 29, 2020, as a benefit performance. ''The New Yorker'' called it "the first great original play of quarantine". ''Oprah's Your Life in Focus: A Vision Forward'' was a live virtual experience hosted by Oprah Winfrey on Zoom from May 16 through June 6, 2020. In Source Material's play ''In These Uncertain Times'', directed by Samantha Shay, characters communicate on Zoom. The play premiered on Zoom on July 25, 2020. In the 2020 British found-footage Zoom-based horror film '' Host'', directed by Rob Savage, a group of young people has a remote séance in which they try contacting spirits over Zoom. It premiered on Shudder in July 2020. A live reading of Kristoffer Diaz's 2009 play '' The Elaborate Entrance of Chad Deity'' over Zoom streamed on Play-PerView from August 15–20, 2020. In the 2021 film '' Locked Down'', directed by Doug Liman and starring Anne Hathaway and Chiwetel Ejiofor, characters communicate through Zoom conferences.

On July 3–4, 2020, using Zoom Webinar, the International Association of Constitutional Law and Alma Mater Europaea organized the first "round-the-clock and round-the-globe" event that traveled through time zones, featuring 52 speakers from 28 countries. Soon after, a format of conferences that "virtually travel the globe with the sun from East to West", became common, some of them running for several days.

On September 17, 2020, a live table read of the script for the 1982 film '' Fast Times at Ridgemont High'' was hosted by Dane Cook, with performers including Brad Pitt, Jennifer Aniston, Julia Roberts, original cast member Sean Penn, Matthew McConaughey, Shia LaBeouf, Morgan Freeman (who served as the narrator), Jimmy Kimmel, Ray Liotta, and John Legend, to raise money for the charity CORE. The broadcast of the 72nd Primetime Emmy Awards on September 20, 2020, hosted by Jimmy Kimmel, featured nominees participating through Zoom. On an alternate music video for the 2020 single "Ice Cream" by Blackpink featuring Selena Gomez, the artists appeared via Zoom from their homes. The series ''Zoom Where It Happens'', airing on Zoom as a partnership between Zoom and Black female artists, launched in September 2020 with a virtual table read of an episode of '' The Golden Girls'', reimagined with an all-Black cast. The second episode featured an all-Black cast in a table read of an episode of '' Friends'', hosted by Gabrielle Union and featuring Sterling K. Brown and Uzo Aduba.

Reception

Zoom has been criticized for "security lapses and poor design choices" that have resulted in heightened scrutiny of its software. Many of Zoom's issues "surround deliberate features designed to reduce friction in meetings", which Citizen Lab found to "also, by design, reduce privacy or security". In March 2020, New York State Attorney General Letitia James launched an inquiry into Zoom's privacy and security practices. The inquiry was closed on May 7, 2020, with Zoom not admitting wrongdoing, but agreeing to take added security measures. In April 2020, CEO Yuan apologized for the security issues, stating that some of the issues were a result of Zoom's having been designed for "large institutions with full IT support." He noted that in December 2019, Zoom had a maximum of 10 million daily meeting participants, and in March 2020 the software had more than 200 million daily meeting participants, bringing the company increased challenges. Zoom agreed to focus on data privacy and issue a transparency report. In April 2020, the company released Zoom version 5.0, which addressed a number of the security and privacy concerns. It includes passwords by default, improved encryption, and a new security icon for meetings. In September 2020, Zoom added support for two-factor authentication to its desktop and mobile apps; the security feature was previously Web-only.

As of April 2020, businesses, schools, and government entities who have restricted or prohibited the use of Zoom on their networks include Google, Siemens, the Australian Defence Force, the German Ministry of Foreign Affairs, the Indian Ministry of Home Affairs, SpaceX, and the New York City Department of Education. In May 2020, the New York City Department of Education lifted their ban on Zoom after the company addressed security and privacy concerns.

By September 2020, Zoom had 370,200 institutional customers with more than 10 employees, up about 458 percent from the same quarter to the year before. The company's revenue rose 355 percent to $663.5 million, topping analysts' average estimate of $500.5 million. They were able to raise their annual revenue forecast by more than 30 percent after many of their free users converted to paid subscriptions.

During the pandemic, Zoom's profit increased by 4,000%, and the company did not pay any income tax, according to a report by the Institute on Taxation and Economic Policy.

Privacy

Zoom has been criticized for its privacy and corporate data sharing policies, as well as for enabling video hosts to potentially violate the privacy of those participating in their calls.

In March 2020, a Motherboard article found that the company's iOS app was sending device analytics data to Facebook on startup, regardless of whether a Facebook account was being used with the service, and without disclosing it to the user. Zoom responded that it had been made aware of the issue and patched the app to remove the SDK after learning that it was collecting unnecessary device data. The company stated that the SDK was only collecting information on the user's device specifications (such as model names and operating system versions) in order to optimize its service and that it was not collecting personal information. In the same month, Zoom was sued by a user in U.S. Federal Court for illegally and secretly disclosing personal data to third parties, including Facebook. Zoom responded that it "has never sold user data in the past and has no intention of selling users' data going forward".

In April 2020, a Zoom information gathering feature was found that automatically sent user names and email addresses to LinkedIn, allowing some participants to surreptitiously access LinkedIn profile data about other users without their express consent. Soon after, the companies disabled their integration. In May 2020, the Federal Trade Commission announced that it was looking into Zoom's privacy practices. The FTC alleged in a complaint that since at least 2016, "Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, did not provide advertised end-to-end encryption, falsely claimed HIPAA compliance, installed the ZoomOpener webserver without adequate consent, did not uninstall the web server after uninstalling the Zoom App, and secured its Zoom Meetings with a lower level of encryption than promised." On November 9, 2020, a settlement was reached, requiring the company to stop misrepresenting security features, create an information security program, obtain biannual assessments by a third party, and implement additional security measures.

Security

Vulnerabilities

In November 2018, a security vulnerability was discovered that allowed a remote unauthenticated attacker to spoof UDP messages that allowed the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. The company released fixes shortly after the vulnerability was discovered. In July 2019, security researcher Jonathan Leitschuh disclosed a zero-day vulnerability allowing any website to force a macOS user to join a Zoom call, with their video camera activated, without the user's permission. Attempts to uninstall the Zoom client on macOS would prompt the software to re-install automatically in the background using a hidden web server that was set up on the machine during the first installation so that it remains active even after attempting to remove the client. After receiving public criticism, Zoom removed the vulnerability and the hidden webserver to allow complete uninstallation. In April 2020, security researchers found vulnerabilities where Windows users' credentials could be exposed. Another vulnerability allowing unprompted access to cameras and microphones was made public. Zoom issued a fix in April 2020.

Motherboard reported that there were two Zoom zero-days for macOS and Windows respectively, selling for $500,000, on April 15, 2020. Security bug brokers were selling access to Zoom security flaws that could allow remote access into users' computers. Hackers also put up over 500,000 Zoom user names and passwords for sale on the dark web. In response to the multitude of security and privacy issues found, Zoom began a comprehensive security plan, which included consulting with Luta Security, Trail of Bits, former Facebook CSO Alex Stamos, former Google global lead of privacy technology Lea Kissner, BishopFox, the NCC Group, and Johns Hopkins University cryptographer Matthew D. Green.

On April 20, 2020, the ''New York Times'' reported that Dropbox engineers had traced Zoom's security vulnerabilities back over two years, pushing Zoom to address such issues more quickly, and paying top hackers to find problems with Zoom's software. In the same article, the ''New York Times'' noted that security researchers have praised Zoom for improving its response times, and for quickly patching recent bugs and removing features that could have privacy risks. In a blog post on April 1, 2020, CEO Yuan announced a 90-day freeze on releasing new features, to focus on fixing privacy and security issues within the platform. On July 1, 2020, at the end of the freeze, the company stated it had released 100 new safety features over the 90-day period. Those efforts include end-to-end encryption for all users, turning on meeting passwords by default, giving users the ability to choose which data centers calls are routed from, consulting with security experts, forming a CISO council, an improved bug bounty program, and working with third parties to help test security. Yuan also stated that Zoom would be sharing a transparency report later in 2020.

On November 16, 2020, Zoom announced a new security feature to combat disruptions during a session. The new feature was said to be a default for all free and paid users and made available on the Zoom clients for Mac, PC, and Linux, as well as Zoom mobile apps.

On August 12, 2022, Wired magazine reported on three separate security vulnerabilities discovered by security researcher Patrick Wardle affecting the Zoom Mac OS desktop app. The vulnerabilities allowed an attacker who already had access to the Mac device to perform a privilege escalation attack by installing malicious code using the app's auto-update feature, thereby giving them full control over the victim's device.

Zoombombing

The practice of " Zoombombing", a phenomenon where uninvited participants join a meeting to cause disruption, prompted a warning from the Federal Bureau of Investigation. In April 2020, Zoom set many of its higher security settings as default as they advised users on ways to mitigate Zoombombing.The company created a new "report a user to Zoom" button, intended to catch those behind Zoombombing attacks.

Encryption practices

Zoom encrypts its public data streams, using TLS 1.2 with AES-256 ( Advanced Encryption Standard) to protect signaling, and AES-128 to protect streaming media. Security researchers and reporters have criticized the company for its lack of transparency and poor encryption practices. Zoom initially claimed to use " end-to-end encryption" in its marketing materials, but later clarified it meant "from Zoom end point to Zoom end point" (meaning effectively between Zoom servers and Zoom clients), which ''The Intercept'' described as misleading and "dishonest". Alex Stamos, a Zoom advisor who was formerly security chief at Facebook, noted that a lack of end-to-end encryption is common in such products, as it is also true of Google Hangouts, Microsoft Teams, and Cisco Webex. On May 7, 2020, Zoom announced that it had acquired Keybase, a company specializing in end-to-end encryption, as part of an effort to strengthen its security practices moving forward. Later that month, Zoom published a document for peer review, detailing its plans to ultimately bring end-to-end encryption to the software.

In April 2020, Citizen Lab researchers discovered that a single, server-generated AES-128 key is being shared between all participants in ECB mode, which is deprecated due to its pattern-preserving characteristics of the ciphertext. During test calls between participants in Canada and United States, the key was provisioned from servers located in mainland China where they are subject to the China Internet Security Law.

On June 3, 2020, Zoom announced that users on their free tier will not have access to end-to-end encryption so that they could cooperate with the FBI and law enforcement. Later, they said that they do not "proactively monitor meeting content". On June 17, 2020, the company reversed course and announced that free users would have access to end-to-end encryption after all.

On September 7, 2020, cryptography researcher Nadim Kobeissi accused Zoom's security team of failing to credit his open-source protocol analysis research software, Verifpal, with being instrumental during the design phase of Zoom's new encryption protocol, as described in their whitepaper published in June 2020. Kobeissi published a week's worth of conversations with Zoom's security leadership in support of his claim, including Max Krohn, which included eight Verifpal models that Zoom's team asked for feedback on, promises of a citation to credit Kobeissi for his contributions and an admission that the Verifpal citation was pulled from the whitepaper at the last moment for unspecified reasons. Kobeissi also linked to a tweet by Zoom security consultant Lea Kissner which he described as a public character assassination attempt issued in response to his repeated requests to have his work cited in the research paper published by Zoom.

Data routing

Zoom admitted that some calls in early April 2020 and prior were mistakenly routed through servers in mainland China, prompting some governments and businesses to cease their usage of Zoom. The company later announced that data of free users outside of China would "never be routed through China" and that paid subscribers will be able to customize which data center regions they want to use. The company has data centers in Europe, Asia, North America, and Latin America.

Censorship

An April 2020 Citizen Lab report warned that having much of Zoom's research and development in China could "open up Zoom to pressure from Chinese authorities". Lee Cheuk Yan's (Chairman of Hong Kong Labour Party) account was also closed in early May 2020, and human rights activist Zhou Fengsuo's was closed in June after he held an event discussing the 1989 Tiananmen Square protests and massacre. In June 2020, Zoom acknowledged that it had terminated two accounts belonging to U.S. users and one of a user from Hong Kong connected to meetings discussing the 1989 Tiananmen Square protests, the accounts were later re-opened, with the company stating that in the future it "will have a new process for handling similar situations". Zoom also announced upcoming technology that could prevent participants from specific countries from joining calls that were deemed illegal in those areas.

In September 2020, Zoom blocked San Francisco State University from using its video conferencing software to host Popular Front for the Liberation of Palestine (PFLP) militant and hijacker Leila Khaled in response to vigorous lobbying by the Jewish coalition group "End Jewish Hatred". In justifying its decision, Zoom cited the PFLP's designation as a terrorist organization by the United States Government and its efforts to comply with U.S. export control, sanctions, and anti-terrorism laws. Facebook and YouTube also joined Zoom in denying their platforms to the conference organizers. Professor Rabab Ibrahim Abdulhadi, one of the conference organizers, criticized Zoom, Facebook, and Google for allegedly censoring Palestinian voices.

Transparency

On December 18, 2020, Zoom announced it would be issuing its first transparency report. These reports will be published twice a year beginning in 2021. These reports are supposed to show how Zoom responds when user data is requested by law enforcement or government officials. Zoom states that it "only produces user data to governments in response to valid and lawful requests in accordance with our Government Requests Guide and relevant legal policies". The first report covers from May 1, 2020, to December 12, 2020.

Regulatory issues

In August 2021, the Data Protection regulatory body in Hamburg, Germany, ruled that Zoom is operating in the European Union in breach of the General Data Protection Regulation (GDPR). This is due to the fact that, as per the ''Schrems II'' ruling, data that is being transferred out of the EU must be given the same protections that provided by the GDPR. The data gathered by Zoom is being sent to the United States.

See also

* List of video telecommunication services and product brands
* Impact of the COVID-19 pandemic on science and technology
* Zoom fatigue
* Zoom town

References

External links

*

{{Portal bar, Telecommunication, Technology

2012 software
Videotelephony
Web conferencing
Internet properties established in 2012
Impact of the COVID-19 pandemic on science and technology
Impact of the COVID-19 pandemic in the United States
Software associated with the COVID-19 pandemic