Is Zoom safe?

'Zoombombing,' other vulnerabilities patched

As video conference platform Zoom gained hundreds of thousands of new users amid the coronavirus pandemic, researchers and tech experts pointed out privacy and security flaws within Zoom's technology.

But Zoom has made a number of regular changes and updates to the platform since these reports of privacy and security flaws started gaining traction in March and April, leading some users to feel more confident that the app is safe to use.

Zoom faced a number of new challenges due to an unprecedented surge in users as COVID-19 forced employees to work from home and students to learn from home amid local lockdown restrictions.

In this April 2, 2020, frame from a Zoom video, the Rev. Laura Everett in Boston delivers a sermon for Boston’s First Baptist Church. (The Rev. Laura E. Everett via AP)

The conferencing platform grew from 10 million daily video call participants in 2019 to 300 million in April. Since then,  Zoom has faced skepticism from Congressstate lawmakers and the FBI over privacy and security concerns.

One such concern was a viral trend called "Zoombombing" that made headlines for at least two weeks until the issue was resolved. The act allowed internet trolls to hack into protected conference calls or otherwise enter unprotected calls to disrupt meetings.

Some Zoombombing incidents were pranks but others sparked safety concerns because of the violent nature of the material being shared by these disruptive "trolls." Some shared racist comments, pornographic images or other insensitive material on professional calls or in messages. Some virtual classrooms were affected by the trend.

Zoom, however, quickly took care of the vulnerabilities that allowed Zoombombing to happen, including password requirements, screen-sharing limitations, hosts' ability to chose which participants can join calls  and other basic setting changes, according to a regularly updated blog post.

In this image made in Topeka, Kan., through Zoom video conferencing, J.G. Scott, director of the Kansas Legislative Research Department, discusses a new fiscal forecast during a news conference conducted online Monday, April 20, 2020. (AP Photo/John

But the platform's flaws didn't stop there. Zoom also came under fire for giving Facebook and LinkedIn access to some user information such as usernames and email addresses, even if users had taken measures to conceal information, according to a lawsuit against the company.

Zoom quickly addressed this issue soon after reports of the flaw and disabled its "log in with Facebook" feature.

In April, the University of Toronto's Citizen Lab published findings that highlighted Zoom's ties to China and other privacy flaws, including outdated encryption standards.

"In our urgency to come to the aid of people around the world during this unprecedented pandemic, we added server capacity and deployed it quickly — starting in China, where the outbreak began. In that process, we failed to fully implement our usual geo-fencing best practices," Zoom CEO Eric Yuan said in an April 3 response to the study.

Yuan has been transparent about the company's flaws and efforts to fix those flaws.