Zoom Workplace (commonly known and stylized aszoom) is aproprietaryvideotelephony software program developed byZoom Communications. The free plan allows up to 100 concurrent participants, with a 40-minute time restriction. Users have the option to upgrade by subscribing to a paid plan, the highest of which supports up to 1,000 concurrent participants for meetings lasting up to 30 hours.[7]
A beta version of Zoom that could host conferences with only up to 15 video participants was launched on August 21, 2012.[8] On January 25, 2013, version 1.0 of the program was released with an increase in the number of participants per conference to 25.[9] By the end of its first month, Zoom had 400,000 users. By 2013, Zoom had more than one million users.[10] After the start of the COVID-19 pandemic, by February 2020, Zoom had gained 2.22 million users in 2020 – more users than it amassed in the entirety of 2019.[11][12] In March 2020, the Zoom app was downloaded 2.13 million times.[13][14]
During theCOVID-19 pandemic, there was a major increase in the use of Zoom forremote work,distance education,[15] and online social relations.[16] Zoom was one of the most downloaded mobile apps worldwide in 2020 with over 500 million downloads.[17]
As of April 2020, Zoom had more than 300 million daily meeting participants (calculated as the number of times someone joins a meeting, which can happen multiple times per day).[18][19]
Zoom One has six tiers: Basic, Pro, Business, Business Plus, Enterprise, and Enterprise Plus.[20][21] Zoom is compatible withWindows,macOS,iOS,Android,ChromeOS, andLinux. It is noted for its simple interface and usability, regardless of technological expertise.[22][23] Features include one-on-one meetings, group video conferences, screen sharing, plugins, browser extensions, and the ability to record meetings and have them automatically transcribed.[24] On some computers and operating systems, users are able to select a virtual background, which can be downloaded from different sites, to use as a backdrop behind themselves.[25]
Use of the platform is free for video conferences of up to 100 participants at once, with a 40-minute time limit. There is a 10-minute timeout period between free 40-minute meetings. For longer or larger conferences with more features, paid subscriptions are available. Features geared towards business conferences, such as Zoom Rooms, are also available.[22][25][26] Up to 49 people can be seen on adesktop orlaptop screen at once,[27] up to 4 people per screen iniPhone andAndroidmobile phones andtablet computers, and up to 16 people per screen oniPad.
Zoom security features include password-protected meetings, user authentication, waiting rooms, locked meetings, disabling participant screen sharing, randomly generated IDs, and the ability for the host to remove disruptive attendees.[28] As of June 2020, Zoom began offering end-to-end encryption to business and enterprise users, withAES 256GCM encryption enabled for all users.[29] In October 2020, Zoom added end-to-end encryption for free and paid users. It is available on all platforms, except for the official Zoom web client.[30][31]
Zoom also offers a transcription service usingOtter.ai software that allows businesses to store transcriptions of the Zoom meetings online and search them, including separating and labeling different speakers.[32]
In July 2020, Zoom Rooms and Zoom Phone became available ashardware as a service products.[33] As of July 2022, Zoom Phone is available for domestic telephone service in 47 countries, and the company has sold 3 million seats for the service.[34] Zoom for Home, a category of products designed for home use, became available in August 2020.[35] Zoom Phone Provider Exchange, which gives customers options for voice services, reaches more than 70 countries.[34] In July 2022, an option was added on Zoom Phone to turn on end-to-end encryption during one-on-one calls between users on the same company account.[36]
In September 2020, Zoom added new accessibility features to make the app easier to use for those who are deaf, hard of hearing, or visually impaired. New features include the ability to move around video windows in gallery view, pin video windows to be spotlighted; improved keyboard shortcuts; new tools to adjust the size of closed captioning text; and sign language interpreters' windows can now sit directly next to the speaker.[37]
In October 2020 at Zoomtopia, Zoom's annual user conference, the company unveiled OnZoom, a virtual event marketplace with an integrated payment system where users can host and promote free or paid live events.[38][39] With OnZoom, users will be able to schedule and host one-time events or event series for up to 1,000 attendees and sell tickets online.[40] The company also announced Zoom Apps, a feature integrating third-party apps so they can be used within the Zoom interface during meetings. The first such apps were expected to be available around the end of 2020, from companies includingSlack,Salesforce,Dropbox,[38][40] andQatalog. In October 2020, Zoom gave its users better security with an upgrade to end-to-end encryption for its online meetings network.[41]
Also in October 2020, Zoom signed a carrier agreement withGlobal BT Business[42] to offer a fully managed Zoom Meetings service featuring a choice of connectivity and integration with its global voice network.[43]
In February 2021, Zoom added a "virtual receptionist" feature in the Kiosk Mode for Zoom Rooms. The feature was created to cater to in-person visitors at a business to interact in the lobby without physical contact.[44]
On March 22, 2021, Zoom announced that it would start selling its videoconferencing technology as awhite-label product, so other companies can embed it in their own products, with the calls running over Zoom but not carrying the company's brand name.[45]
In July 2021, Zoom released Zoom Apps which integrated a marketplace of third-party applications such asDropbox Spaces,Asana, andSurveyMonkey.[46]
In August 2021, Zoom launched Focus Mode, designed for use in educational settings.[47][48] When active, the mode will hide participants' screens from each other (though they can see each other's names) while the host retains the ability to see everyone's camera stream or screen share.[49] The feature is available across all Zoom accounts, including free ones.[50][51]
In September 2021 at Zoomtopia, the company announced that end-to-end encryption would now be available as an upgrade for Zoom Phone users. The company also announcedbring your own key (BYOK) (for users to manage their own encryption keys that Zoom cannot access or see), Verified Identity (a multi-factor authentication feature working throughOkta that allows users to confirm the identity of meeting participants), and Video Engagement Center (for businesses to digitally interact with customers).[52][53] Other updates include revamped virtual whiteboard features, including touchscreen whiteboards that can be digitized for remote participants, and improved collaboration between Zoom Meetings and Zoom Chat.[54]
In October 2021, the option to automatically generate closed captions in English for Zoom meetings was expanded to all accounts, including free ones. The feature had previously only been available for Premium users.[55]
In April 2022, Zoom added features including gesture recognition, a virtual whiteboard, and Zoom IQ for sales.[56][57] In February 2022, the company launched Zoom Contact Center, a cloud contact center optimized for video calls and integrated directly into Zoom.[58]
In June 2022, Zoom One, which brings together chat, phone, whiteboard, and video conferencing capabilities into a single offering, was launched.[21][59] Also in June 2022, Zoom opened its Zoom Apps developer program to all developers, via Zoom Apps SDK.[21] With the release of Zoom One, the company offers video conferencing translation and captioning for 11 languages: English, simplified Chinese, Dutch, French, German, Italian, Japanese, Korean, Russian, Spanish, and Ukrainian. This feature is available with the Business Plus and Enterprise Plus plans.[59]
A version forApple TV was released on December 1, 2023, which requires using an external iOS device as the user's camera.[5]
In July 2020, using Zoom, the International Association of Constitutional Law andAlma Mater Europaea organized the first round-the-clock and round-the-globe event that traveled through time zones.
Zoom is used by a variety of individuals and private and public organizations, including banks, schools,[60] universities, healthcare providers, and government agencies,[61][62][63][64] and for ceremonies such as birthday parties,[65] funeral services,[66] andbar and bat mitzvah services.[67][68] In 2020, Zoom formed a partnership withFormula One to create a virtual club where fans can go behind the scenes and take part in virtual activities through Zoom, beginning with theHungarian Grand Prix.[69][70] An article published in July 2020 in theSan Francisco Chronicle noted a new real estate trend in San Francisco and Oakland where some listings include "Zoom rooms" with backdrops for Zoom calls.[71]
Richard Nelson's playWhat Do We Need to Talk About? takes place on Zoom, with its main characters congregating online during theCOVID-19 pandemic using the platform. Written and directed by Nelson, it was commissioned byThe Public Theater and premiered onYouTube on April 29, 2020, as a benefit performance.The New Yorker called it "the first great original play of quarantine".[72]Oprah's Your Life in Focus: A Vision Forward was a live virtual experience hosted byOprah Winfrey on Zoom from May 16 through June 6, 2020.[73] In Source Material's 2020 play,In These Uncertain Times, directed by Samantha Shay, characters communicate on Zoom.[74] The Britishfound-footage horror filmHost, directed byRob Savage, features a group of young people attempting to contact spirits through a remote séance on Zoom, and premiered onShudder in July 2020.[75][76] A live reading ofKristoffer Diaz's 2009 playThe Elaborate Entrance of Chad Deity over Zoom streamed on Play-PerView from August 15t to August 20, 2020.[77][78] In the 2021 filmLocked Down, directed byDoug Liman and starringAnne Hathaway andChiwetel Ejiofor, characters communicate through Zoom conferences.[79]
From July 3 to 4, 2020, the International Association of Constitutional Law andAlma Mater Europaea used Zoom Webinar to conduct the first "round-the-clock and round-the-globe" event, featuring 52 speakers from 28 countries and several time zones.[80][81] Soon after, a format of conferences that "virtually travel the globe with the sun from East to West",[82] became common, some of them running for several days.[83][84][85][86]
During the 2024 US Presidential elections, the Democrats used Zoom to host mega-rallies to raise funds for Kamala Harris’ campaign. Zoom rallies attracted large numbers of viewers and raised millions of dollars. In one instance, a Zoom rally was disrupted when attendees exceeded the 100,000 cap for the Zoom corporate account and Zoom employees raised the group’s cap to 200,000 so the call could continue with such a large number of attendees.[94]
Zoom has been criticized for "security lapses and poor design choices" that have resulted in heightened scrutiny of its software.[95][96] Many of Zoom's issues "surround deliberate features designed to reduce friction in meetings", whichCitizen Lab found to "also, by design, reduce privacy or security".[97][98] In March 2020,New York State Attorney GeneralLetitia James launched an inquiry into Zoom's privacy and security practices.[99] The inquiry was closed on May 7, 2020, with Zoom not admitting wrongdoing, but agreeing to take added security measures.[100] In April 2020, CEO Yuan apologized for the security issues, stating that some of the issues were a result of Zoom's having been designed for "large institutions with full IT support".[101] He noted that in December 2019, Zoom had a maximum of 10 million daily meeting participants, and in March 2020 the software had more than 200 million daily meeting participants, bringing the company increased challenges.[102] Zoom agreed to focus on data privacy and issue a transparency report.[103][104][105][106] In April 2020, the company released Zoom version 5.0, which addressed a number of the security and privacy concerns. It includes passwords by default, improved encryption, and a new security icon for meetings.[107] In September 2020, Zoom added support fortwo-factor authentication to its desktop and mobile apps; the security feature was previously Web-only.[108]
Zoom has been criticized for its privacy and corporate data sharing policies, as well as for enabling video hosts to potentially violate the privacy of those participating in their calls.[114][115][116]
In March 2020, aMotherboard article found that the company'siOS app was sending device analytics data toFacebook on startup, regardless of whether a Facebook account was being used with the service, and without disclosing it to the user.[117] Zoom responded that it had been made aware of the issue and patched the app to remove theSDK after learning that it was collecting unnecessary device data. The company stated that the SDK was only collecting information on the user's device specifications (such as model names and operating system versions) in order to optimize its service and that it was not collecting personal information.[25][118][119] In the same month, Zoom was sued by a user inU.S. Federal Court for illegally and secretly disclosing personal data to third parties, including Facebook.[120] Zoom responded that it "has never sold user data in the past and has no intention of selling users' data going forward".[121]
In April 2020, a Zoom information gathering feature was found that automatically sent user names and email addresses toLinkedIn, allowing some participants to surreptitiously access LinkedIn profile data about other users without their express consent.[122] Soon after, the companies disabled their integration.[123] In May 2020, theFederal Trade Commission announced that it was looking into Zoom's privacy practices.[124] The FTC alleged in a complaint[125] that since at least 2016, "Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, did not provide advertised end-to-end encryption, falsely claimedHIPAA compliance, installed the ZoomOpener webserver without adequate consent, did not uninstall the web server after uninstalling the Zoom App, and secured its Zoom Meetings with a lower level of encryption than promised."[126] On November 9, 2020, a settlement was reached, requiring the company to stop misrepresenting security features, create aninformation security program, obtain biannual assessments by a third party, and implement additional security measures.[127]
In November 2018, a security vulnerability was discovered that allowed a remote unauthenticated attacker to spoofUDP messages that allowed the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.[128][129] The company released fixes shortly after the vulnerability was discovered.[130] In July 2019, security researcher Jonathan Leitschuh disclosed azero-day vulnerability allowing any website to force amacOS user to join a Zoom call, with theirvideo camera activated, without the user's permission.[131] Attempts to uninstall the Zoom client on macOS would prompt the software to re-install automatically in the background using a hidden web server that was set up on the machine during the first installation so that it remains active even after attempting to remove the client. After receiving public criticism, Zoom removed the vulnerability and the hidden webserver to allow complete uninstallation.[132] In April 2020, security researchers found vulnerabilities whereWindows users'credentials could be exposed.[133][134] Another vulnerability allowing unprompted access to cameras and microphones was made public.[135][136] Zoom issued a fix in April 2020.[137]
Motherboard reported that there were two Zoomzero-days for macOS and Windows respectively, selling for $500,000, on April 15, 2020.[138] Security bug brokers were selling access to Zoom security flaws that could allow remote access into users' computers.[23] Hackers also put up over 500,000 Zoom user names and passwords for sale on thedark web.[23] In response to the multitude of security and privacy issues found, Zoom began a comprehensive security plan, which included consulting with Luta Security, Trail of Bits, formerFacebook CSOAlex Stamos, formerGoogle global lead of privacy technology Lea Kissner, BishopFox, theNCC Group, andJohns Hopkins University cryptographerMatthew D. Green.[139]
On April 20, 2020, theNew York Times reported thatDropbox engineers had traced Zoom's security vulnerabilities back over two years, pushing Zoom to address such issues more quickly, and paying top hackers to find problems with Zoom's software. In the same article, theNew York Times noted that security researchers have praised Zoom for improving its response times, and for quickly patching recent bugs and removing features that could have privacy risks.[23][25] In a blog post on April 1, 2020, CEO Yuan announced a 90-day freeze on releasing new features, to focus on fixing privacy and security issues within the platform.[140] On July 1, 2020, at the end of the freeze, the company stated it had released 100 new safety features over the 90-day period. Those efforts include end-to-end encryption for all users, turning on meeting passwords by default, giving users the ability to choose which data centers calls are routed from, consulting with security experts, forming a CISO council, an improved bug bounty program, and working with third parties to help test security. Yuan also stated that Zoom would be sharing a transparency report later in 2020.[141][142]
On November 16, 2020, Zoom announced a new security feature to combat disruptions during a session. The new feature was said to be a default for all free and paid users and made available on the Zoom clients forMac,Windows, andLinux, as well as Zoom mobile apps.[143]
On August 12, 2022,Wired magazine reported on three separate security vulnerabilities discovered by security researcher Patrick Wardle affecting the ZoomMac OS desktop app. The vulnerabilities allowed an attacker who already had access to the Mac device to perform aprivilege escalation attack by installing malicious code using the app's auto-update feature, thereby giving them full control over the victim's device.[144]
"Zoombombing" is a phenomenon where uninvited participants join a meeting to cause disruption.[145][146][147] In July 2019, security researcher Sam Jadali uncovered theDataSpii leak.[148][149] This catastrophic leak was facilitated by a marketing intelligence company known as Nacho Analytics (NA), which provided its members access to the URLs of real-time Zoom meetings of firms such as Oracle, Dell, Walmart, Uber, UCLA and Capital One.[150][151] NA's dissemination of meeting URLs enabled its members to Zoombomb these meetings. In April 2020, Zoom increased its default security settings to mitigate Zoombombing.[22] The company also created a new "report a user to Zoom" button, intended to catch those behind Zoombombing attacks.[152]
Zoom encrypts its public data streams, usingTLS 1.2 with AES-256 (Advanced Encryption Standard) to protectsignaling, and AES-128 to protectstreaming media.[153] Security researchers and reporters have criticized the company for its lack of transparency and poor encryption practices. Zoom initially claimed to use "end-to-end encryption" in its marketing materials,[154] but later clarified it meant "from Zoom end point to Zoom end point" (meaning effectively between Zoom servers and Zoom clients), whichThe Intercept described as misleading and "dishonest".[155]Alex Stamos, a Zoom advisor who was formerly security chief atFacebook, noted that a lack of end-to-end encryption is common in such products, as it is also true ofGoogle Hangouts,Microsoft Teams, andCisco Webex.[156] On May 7, 2020, Zoom announced that it had acquiredKeybase, a company specializing in end-to-end encryption, as part of an effort to strengthen its security practices moving forward.[157][158] Later that month, Zoom published a document for peer review, detailing its plans to ultimately bring end-to-end encryption to the software.[159]
In April 2020, Citizen Lab researchers discovered that a single, server-generated AES-128 key is being shared between all participants inECB mode, which is deprecated due to its pattern-preserving characteristics of the ciphertext.[160] During test calls between participants in Canada and United States, the key was provisioned from servers located in mainland China where they are subject to theChina Internet Security Law.[97]
On June 3, 2020, Zoom announced that users on their free tier will not have access toend-to-end encryption so that they could cooperate with theFBI and law enforcement.[161] Later, they said that they do not "proactively monitor meeting content".[162] On June 17, 2020, the company reversed course and announced that free users would have access to end-to-end encryption after all.[163]
On September 7, 2020, cryptography researcherNadim Kobeissi accused Zoom's security team of failing to credit his open-source protocol analysis research software, Verifpal, with being instrumental during the design phase of Zoom's new encryption protocol, as described in their whitepaper published in June 2020.[164] Kobeissi published a week's worth of conversations with Zoom's security leadership in support of his claim, including Max Krohn, which included eight Verifpal models that Zoom's team asked for feedback on, promises of a citation to credit Kobeissi for his contributions and an admission that the Verifpal citation was pulled from the whitepaper at the last moment for unspecified reasons. Kobeissi also linked to a tweet by Zoom security consultant Lea Kissner which he described as a publiccharacter assassination attempt issued in response to his repeated requests to have his work cited in the research paper published by Zoom.[165]
Zoom admitted that some calls in early April 2020 and prior were mistakenly routed through servers inmainland China, prompting some governments and businesses to cease their usage of Zoom.[166] The company later announced that data of free users outside of China would "never be routed through China" and that paid subscribers will be able to customize which data center regions they want to use. The company has data centers in Europe, Asia, North America, and Latin America.[167][168]
In August 2021, the Data Protection regulatory body in Hamburg, Germany, ruled that Zoom was operating in theEuropean Union in breach of theGeneral Data Protection Regulation (GDPR). This is due to the fact that, as per theSchrems II ruling, data that is transferred out of the EU must be protected as the GDPR requires. The data gathered by Zoom was being sent to the United States.[169]
^Jitendra Soni (April 15, 2020)."More top companies ban Zoom following security fears".Techradar.Archived from the original on April 21, 2020. RetrievedApril 22, 2020.Among the latest organisations to block the use of Zoom are German industrial giant Siemens, which sent out an internal circular urging its employees to not use the tool for video conferencing, with Standard Chartered Bank also issuing a similar note to its staff.
^O'Flaherty, Kate (March 25, 2020)."Zoom's A Lifeline During COVID-19: This Is Why It's Also A Privacy Risk".Forbes.Archived from the original on March 26, 2020. RetrievedMarch 27, 2020.collects and stores personal data and shares it with third parties such as advertisers. But Zoom's policy also covers what it labels "customer content" or "the content contained in cloud recordings, and instant messages, files, whiteboards... shared while using the service". This includes videos, transcripts that can be generated automatically, documents shared on screen, and the names of everyone on a call.
^Krolik, Aaron; Singer, Natasha (April 2, 2020)."A Feature on Zoom Secretly Displayed Data From People's LinkedIn Profiles".The New York Times.Archived from the original on April 3, 2020. RetrievedApril 3, 2020.as high school students in Colorado signed in to a mandatory video meeting for a class, Zoom readied the full names and email addresses of at least six students — and their teacher — for possible use by its LinkedIn profile-matching tool
^Simons, Joseph J.; Phillips, Noah Joshua; Chopra, Rohit; Slaughter, Rebecca Kelly; Wilson, Christine S."Zoom Communications: Complaint"(PDF).ftc.gov.Federal Trade Commission.Archived(PDF) from the original on December 17, 2020. RetrievedDecember 17, 2020.Zoom did not employ end-to-end encryption... Zoom did not employ 256-bit Encryption... recorded Messages are not stored encrypted in Zoom's cloud storage immediately after a Meeting has ended... Zoom installed the ZoomOpener webserver, without adequate notice or consent, to circumvent a browser privacy and security safeguard... the webserver would remain on users' computers even after they had uninstalled the Zoom App.
^Simons, Joseph J.; Phillips, Noah Joshua; Chopra, Rohit; Slaughter, Rebecca Kelly; Wilson, Christine S."Zoom Communications: Agreement Containing Consent Order"(PDF).ftc.gov.Federal Trade Commission.Archived(PDF) from the original on November 16, 2020. RetrievedDecember 17, 2020.must not misrepresent in any manner, expressly or by implication, the security features... establish and implement, and thereafter maintain, a comprehensive information security program... The Assessments must be obtained by one or more qualified, objective, independent third-party professionals...
^Goodin, Dan (April 1, 2020)."Attackers can use Zoom to steal users' Windows credentials with no warning".Ars Technica.Archived from the original on April 1, 2020. RetrievedApril 2, 2020.The vulnerability was first described last week by a researcher who uses the Twitter handle @_g0dmode. He wrote: "#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users.
^Lee, Micah; Grauer, Yael (March 31, 2020)."Zoom Meetings Aren't End-to-End Encrypted, Despite Misleading Marketing".The Intercept.Archived from the original on April 2, 2020. RetrievedMarch 31, 2020.Currently, it is not possible to enable E2E encryption for Zoom video meetings. (...) When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.
(in English, German, Spanish, French, Italian, Dutch, Polish, Portuguese, Russian, Japanese, Chinese, Korean, Vietnamese, Indonesian, and Turkish)
