Zoom faces more negative headlines with reports that it’s been banned by the New York City, Washington, D.C., and Las Vegas school systems – as well as Elon Musk’s companies, Tesla and SpaceX.
The popular videoconferencing software company admitted late last week that it has been routing some traffic through two data centers in China, even though the traffic did not originate there, Business Insider reported.
Also, researchers at the Citizen Lab, a University of Toronto security research group, found Zoom’s encryption to be “substandard,” according to the Wall Street Journal (paywall.) The researchers also said Zoom stored encryption keys on servers in China, again even if call participants were outside of China.
The Chinese government could gain information from Zoom calls running through Chinese infrastructure, under current Chinese privacy laws, the researchers said.
Zoom has said it uses distributed infrastructure and added the Chinese data centers recently to cope with the coronavirus-related flood of users. Zoom said its user count ballooned from 10 million in December to 200 million in March.
The Chinese government has not asked for information on non-Chinese traffic, according to Zoom’s CEO, Eric S. Yuan.
Yuan is a Chinese native who has lived in the U.S. since 1997, the Journal said. He founded San Jose, Calif.- based Zoom in 2011.
Zoom also faces complaints that it leaked thousands of email addresses, has a flaw in the Windows version that allows attackers to send malicious links to chat interfaces, and shares data with Facebook.
Tech Crunch even went so far as to say “Zoom at your own risk.”
Earlier media reports on Zoom focused on people crashing Zoom meetings and disrupting them, an activity called “Zoombombing.” That led to a warning by the FBI to virtual classroom and other meeting organizers to change security settings.
Zoom responded April 4 by making passwords and its “Waiting Room” the default settings. The Waiting Room feature allows organizers to control who enters a Zoom meeting.
Yuan spent this past weekend doing media interviews in which he said the company was working to fix its security blunders and that he, as a CEO, had “really messed up.”
Meanwhile, competitors such as Microsoft, with its Skype and Teams platforms, Google Hangouts, and LogMeIn, home of GoToMeeting, have stepped up promoting their apps on social media.