Zoom – The Case of Missing Product Roadmap

The COVID-19 pandemic has forced us to confine ourselves to our houses and connect to everyone digitally through video conferencing tools such as Zoom, Google Hangouts, Skype for Business, etc. People are using these tools to attend their daily business meetings, yoga sessions, online classes, and even cabinet meetings like that of the UK Government are conducted on Zoom.

 

Because of its simplicity, Zoom saw a huge spike in its usage and the number of downloads over the last few months after the onset of the lockdown in various countries. The maximum number of users increased from 10 million daily participants in December 2019 to 200 million in March 2020 for both the free and the paid version. Such a surge was unprecedented by Zoom and this influx got it into the spotlight because of the numerous privacy and security issues. The video conferencing tool got exposed to plenty of security breaches which made it come under the scanner of security experts, lawmakers, advocates, and even the FBI. 

Rampant Security Breaches

‘Zoombombing’, Facebook data sharing, abusing encryption permissions on Mac and having a vulnerability that exposes windows login credentials to hackers are some of the issues for which Zoom has been criticized lately. The most rampant and disturbing issue of all is that of Zoombombing. Each Zoom call that is being set-up has a randomly generated identification number that is used by the participants to connect to the online meetings. Security experts have found out that these meeting IDs’ are simple to guess and can be deduced by the Brute Force method allowing any random person to get access to the meetings. The miscreants posted offensive images, posts, racial epithets, and pornographic videos while the meetings were being conducted.

In the recently organized Concordia Forum where Muslim leaders from around the world met over Zoom to discuss spirituality and wellness during the coronavirus crisis was brought to a halt when Zahed Amanullah saw a cursor drawing racial slur across one of the slides. On this, Mr. Amanullah commented “We were all caught off guard. We had no clue where it was coming from.” Similar cases of online abuse and harassment were reported from many places around the world and the meetings had to be stopped.

The sudden increase in the use of Zoom was not accounted for by anyone. Zoom CEO Eric S Yuan in his latest blog post explains that the product was built primarily for enterprise customers and the design could not take into consideration the sudden inundation of the users. In a matter of weeks, every person in the world was using Zoom for working, studying, and socializing from home. The broader set of users who are utilizing the product in a myriad of ways presented Zoom with challenges it did not anticipate when the platform was invented.

Zoom Takes the Step

Zoom published a blog post to help users with the issue of harassment or now popularly known as Zoombombing. It elucidated on the features which can help prevent this such as waiting rooms, passwords, muting controls, and limited screen sharing.

Zoom is proactively working to fix the security and privacy-related issues and has put on hold all new releases for the next ninety days and the full engineering team will focus on fixing the security concerns and making it more robust. Zoom already updated its Facebook app for IOS users by removing the Facebook SDK which will stop the app from sharing data on Facebook profiles. It also rewrote its privacy policy as well since Zoom never mentioned the sharing of data with Facebook. A LinkedIn feature where unnecessary data disclosure was being made has recently been updated by the video conferencing company and It is clarifying its encryption practices and working on fixing issues related to Mac.

Zoom extensively worked on fixing the issues related to K-12 schools. It rolled out a guide for administrators to set up virtual classrooms and how to secure it better. It updated and wrote dedicated privacy policy guidelines for K-12 schools(waiting rooms are on by default, only teachers can share content).

A committee of third-party experts and beta users have been set up to understand the security features needed for new customers. It has enhanced the bug bounty program where users who will find bugs will be rewarded. It will provide transparency reports on data requests and every Wednesday Zoom will hold a webinar to provide privacy and security updates.

The Piece of Advice

The list of issues faced by Zoom is plenty and will take time to solve it out. But it is safe to say Zoom CEO Eric S Yuan and the team have taken a wise decision to stop all the feature updates for the upcoming months and instead focus on solving the security and privacy issues. This is a typical scenario where we can see that there has been a lack of planning and a missing product roadmap. The issues could have been avoided if the team had planned at every step and followed a contingency plan for the same.