Since it exploded in popularity at the start of the coronavirus pandemic, Zoom has promised to address the more glaring security and privacy issues that are a part of its video meeting software. And now the company has a regulatory incentive to do exactly that. As part of a new proposed settlement with the Federal Trade Commission (FTC) over its privacy practices, the company must establish an information security program that will see it share security audits with the agency. Zoom has also agreed to notify the FTC if it goes through a data breach, as well as implement additional security features.
The main issue the FTC had with Zoom’s practices was that it misled people about its use of end-to-end (E2E) encryption. Since as far back as 2016, the company’s website has said users could secure their Zoom meetings “with end-to-end encryption. In reality, Zoom only recently started rolling out E2E encryption to video meetings. The FTC says the company’s claims gave people a false sense of security. The agency also found problems with ZoomOpener, software the company included in a July 2018 update it pushed to Mac users. ZoomOpener installed a persistent web server on your Mac that could, in certain circumstances, reinstall Zoom on your computer without your permission.