With Zoom usage soaring amid the COVID-19 lockdowns, the multi-participant video streaming tool has released a new, large-scale update that aims to address its various security and privacy concerns, which have come into much sharper focus in recent weeks.
As explained by Zoom:
"Today we announced robust security enhancements with the upcoming general availability of Zoom 5.0, a key milestone in our 90-day plan to proactively identify, address, and enhance the security and privacy capabilities of the Zoom platform. By adding support for AES 256-bit GCM encryption, Zoom will provide increased protection for meeting data and resistance against tampering."
AES encryption is the key element of this update - 256-bit AES ('Advanced Encryption Standard'), is the level of encryption used by the US Government to protect classified documents, while GCM ('Galois Counter Mode') will help to ensure optimal performance at scale and speed, significantly increasing security.
The added protection will reduce the capacity for anyone outside of your meeting to steal your Zoom data, or access your content, while Zoom is also adding a new provision that will enable users to choose which data center regions their account-hosted meetings and webinars use, providing more control on this front.
In addition to this, Zoom's also adding improved access to its security controls, more options for reporting problems, waiting rooms and meeting passwords by default, and additional data control options.
With its ease of use and quality streaming capacity for multiple users at once, Zoom has quickly become the video meeting app of choice for many during the coronavirus lockdowns. The app went from 10 million daily active users in December, to 200 million in March, and it's hovered atop the app store charts in many regions for the last six weeks.
But with increased usage came more scrutiny, and various privacy and security flaws quickly became apparent in the app. Zoom had been unwitting sharing user data with Facebook and LinkedIn, had been routing potentially sensitive data through servers in China, and had inadvertently exposed many people to offensive content, and even web predators, via 'Zoom bombing', which sees uninvited guests dropping into random Zoom chats.
In response, Zoom pledged to address these concerns earlier this month, and this announcement addresses several key issues.
As per Oded Gal, the CPO of Zoom:
“From our network to our feature set to our user experience, everything is being put through rigorous scrutiny. On the back end, AES 256-bit GCM encryption will raise the bar for securing our users’ data in transit. On the front end, I’m most excited about the Security icon in the meeting menu bar. This takes our security features, existing and new, and puts them front and center for our meeting hosts. With millions of new users, this will make sure they have instant access to important security controls in their meetings.”
Zoom still has areas it's looking to address - which is not surprising given that it was never designed to be a consumer-facing app. But its quick action in working to address the most significant elements of concern is encouraging, and definitely, Zoom users are now much safer and better protected as a result of these updates.
The changes are available in version 5.0 of the Zoom app, which you can download here, while AES encryption will be enabled, system-wide, on May 30th.