Zoom app privacy, security issue: A timeline of what happened

No matter if you are a student or an office employee who is working from home these days due to the Covid-19 pandemic, you must have come across the video conferencing app called Zoom. The application has gained a lot of traction lately and a lot of headlines as well for privacy and security concerns. And with developments taking place almost every other day, it can be quite a task to stay updated with that's happening at Zoom. So, here's a timeline of what happened with Zoom in past couple of weeks till date.

March 20th: The application made for desktops and smartphone soared to the top of popularity charts on different app stores ever since the lockdown began. The popularity came due to the app's ease of use design. It could feature up to 100 participants for meeting under 40 minutes for free users. According to Apptopia, the platform saw about 600,000 new downloads in a single day.

March 29th: Zoom's popularity grew so much so that it topped the Google Play Store charts, leaving others like TikTok, WhatsApp and Facebook behind. This came despite the existence of legacy video conferencing apps like Microsoft Skype, Teams, Google Duo, Hangout Meets and others.

April 1st: Right at the start of the new month and amid the lockdown period in several countries, a fresh report from FBI stated that there were several incidents of hacking reported on the Zoom platform. In one of the cases, the hackers were able to breach an online class, show hate messages and shouted the address of the teacher as well.

And this was called as 'Zoom-bombed' or 'zoombombing'.

The company's privacy policy was also found to have clauses stating that Zoom will have control to share some of your data with third-party clients as well.

April 2nd: Despite mentioning before that all Zoom video called are 'end-to-end' encrypted, the company, in an interview to The Intercept website confirmed that it does not support end-to-end encryption. However, the application features TLS standard encryption model. This placed the company in a more vulnerable position.

April 3rd: Zoom apologised in a blog post for the privacy concerns users were facing. The company CEO, Eric S Yuan confirmed they were not ready to handle so much user engagement in a short span of time. "...we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home". Company also apologised for wrongly using the 'end-to-end encryption' term.

Yuan adds that company will start working on fixing the privacy features.

April 3rd: The national cyber security agency, Computer Emergency Response Team of India or CERT-In issued a statement cautioning users of cyber vulnerability of Zoom. It also mentioned some measures that office and school admins and end users could take to stay safe from hacks.

April 4th: Zoom announces new security and privacy features to prevent 'zoombombing' for all basic and Pro users. The video conferencing app gets 'Waiting Room' feature and two password settings. As per a different report, few bad actors were reportedly using social media platforms like Instagram and Twitter to organise harassment campaigns on Zoom.

The New York Times has discovered 153 Instagram accounts created for Zoombombing. Facebook said they were in the process of pulling such accounts down.

April 5th: More bad news for Zoom as schools reportedly start banning the application. This directive came from the New York City Department of Education following the FBI warning of online classes being hacked. The authority also recommended teachers to use Microsoft Teams.

April 5th: In an interview, CEO Eric S Yuan once again says that the software was not meant for mass usage. He adds that while the intention was good, there were missteps along the way. Yuan also says that Zoom will fix all the issues in the coming days.

April 7th: Zoom and US-India Strategic Partnership Forum (USISPF) join hands to provide free access to video technologies for K-12 education institutions in India.

April 8th: US Department of Homeland Security (DHS) passed a memo to top government cybersecurity officials stating that Zoom is taking privacy and security rather seriously, sounding positive for the telecommunication applications. Nothing else was mentioned.

April 8th: German foreign ministry has restricted use of the video conferencing service Zoom, saying in an internal memo to employees that security and data protection weaknesses made it too risky to use. Zoom Video Communications Inc was also slapped with a class action suit by one of its shareholders, accusing the videoconferencing app of overstating its privacy standards and failing to disclose that its service was not end-to-end encrypted.

April 9th: The US Senate tells members not to use Zoom video calling app over privacy and security concerns. They are asked to find an alternative service for remote working as per reports. Meanwhile, Zoom rolls out an update that removes the meeting ID numbers from the title bar so no outsider can view it for hacking purposes. It also introduces a new 'Security' button that has all the essential security-focussed functions at one place.