Zoom has, er, zoomed to the front of the pack when it comes to video communications (though perhaps not as quickly as the company would have us believe), but has significantly lagged behind in user privacy, including failing to provide end-to-end encryption, and even exaggerating claims of its own encryption capabilities. Today, the company acquired Keybase, a secure messaging service with expertise in encryption, which should help in addressing some of the concerns regarding Zoom's lax security protocols.
The acquisition is the latest effort in Zoom's mad dash to up its security standards, which have been a blotch on the company's record despite its quickly growing userbase. While it has become the impromptu meeting room for many businesses and the destination of choice for virtual parties in our coronavirus-riddled times, companies including Google and SpaceX, and government agencies including NASA and the United States Senate have all banned the platform. Zoom has had a noteworthy issue with "zoombombing," when someone finds their way into a meeting uninvited and starts doing things like blaring loud music and displaying hateful or offensive imagery in order to disrupt conversations. There have also been significant concerns about privacy violations committed by the app, particularly after it was revealed that Zoom was quietly sharing user data with Facebook. The company also suffered from a significant bug that allowed hackers to steal a user's Windows password through the app. All of these issues, combined with the fact that communication on Zoom is largely unencrypted despite claims the company made to the contrary, has made some suspicious of the platform's security.
To Zoom's credit, it has taken the concerns quite seriously. On April 1, the company announced a 90-day security overhaul, during which it promised to dedicate resources to "better identify, address, and fix issues." Since then, Zoom brought on former Facebook security chief Alex Stamos as a consultant and hired dozens of experts to guide them through the process of improving their protocols. The company has also beefed up user protections by keeping calls from routing through servers in China, strengthening its password systems to stop brute force attacks, and addressing a number of bugs and potential exploits. The improvements have been enough for some organizations, including the New York City Department of Education, to this week reverse its ban on Zoom.
The acquisition of Keybase is the icing on that cake, giving the company a clear path forward to having true end-to-end encryption on its communications. According to the press release, the plan is to integrate Keybase's technology and have the startup add encryption for video conferences that can "reach current Zoom scalability," which recently dubiously claimed to reach more than 300 million daily meeting participants. The company intends to publish its encryption plans by May 22, but did not lay out a timeline for when the feature will actually be implemented. It's not clear what will happen to Keybase and its service in the meantime, which allows for secure messaging and file-sharing. It may continue as its own entity entirely or may be absorbed completely by Zoom. Mic reached out to Zoom for clarification but did not receive a response. Regardless, it appears Zoom calls are one step closer to finally being secure.