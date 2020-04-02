(Editor's Note: Today's newsletter and column were written and distributed before Zoom CEO Eric S. Yuan published his 1,300 word plan to address security and privacy issues related to the company's unprecedented consumer growth. What follows is not edited because email is forever.)

Just in time for a backlash against the tech industry to end, or at least stop, a new set of concerns has come to occupy our attention. Zoom, the once obscure business video chat app company, rose to fame when COVID-19 forced tens of millions of Americans, and most of Silicon Valley, to start working, studying, and socializing at home. Like many people, I am now at Zoom several hours a day. But with all that new use comes increased scrutiny, and in the first few weeks of the Great Social Distance, Zoom has repeatedly come up short.

The first problem was zoombombings. I don't know if I was the first victim of this, but I certainly was one of them. My friend Hunter and I started a virtual happy hour a few weeks ago, and after we tweeted the links, some trolls stopped to take over our screens and share porn. We quickly learned how to fix the problem, but Zoombombings continue every day. The FBI is investigating him, and so is the New York Attorney General's office. The problem is that Zoom allows people who have joined your call to share their own screens by default, and the controls to change this setting are hard to find.

The second problem was that Zoom started generating directories for every email address that logged into a call and then allowed strangers to start making video calls with each other. As with screen sharing disabled by default, this could be a feature that made sense for in-company chats, but not for streaming. Joseph Cox had the story in Vice:

The problem is with Zoom's "Company Directory,quot; setting, which automatically adds other people to a user's contact lists if they registered with an email address that shares the same domain. This can make it easier to find a specific colleague to call when the domain belongs to an individual company. But several Zoom users say they signed up with personal email addresses, and Zoom brought them together with thousands of other people as if they all worked for the same company, exposing their personal information to each other. I was surprised by this! I subscribed (with an alias, luckily) and saw 995 people unknown to me with their names, images, and email addresses. "Barend Gehrels, a Zoom user affected by the problem and who marked it on Motherboard, wrote in a email.

The third problem was that Zoom ran around telling everyone that their platform is "end-to-end encryption,quot;, when in fact it had redefined "end-to-end encryption,quot; without telling anyone. Micah Lee and Yael Grauer had the story in The interception:

As long as you make sure everyone in a Zoom meeting connects using "computer audio,quot; instead of telephoning, the meeting is secured with end-to-end encryption, at least according to the Zoom website, your technical security document and the user interface within the application. But despite this misleading marketing, the service doesn't actually support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead, it offers what is generally called transport encryption, explained later. (…) The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to protect HTTPS websites. This means that the connection between the Zoom app running on a user's computer or phone and the Zoom server is encrypted in the same way as the connection between their web browser and this article (at https: // theintercept. com) is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will be kept private from anyone who spies on your Wi-Fi, but it won't be kept private from the company. (In a statement, Zoom said it does not directly access, extract, or sell user data.)

There are other problems. Zoom bypasses MacOS administrator controls to install without asking your boss for permission. And there is a way to steal someone's Windows credentials over Zoom by sharing hyperlinks, although arguably it is more of a Windows issue than a Zoom issue. To complete the list, a security researcher found two additional ways to exploit Zoom on Wednesday and wrote about them on his blog.

At this point, you might be wondering what Zoom has to say about all of this. On ProtocolDavid Pierce talks to Zoom Marketing Director Janine Pelosi about the past few weeks. He writes:

"The product was not designed for consumers," Janine Pelosi, Zoom CMO, told me, "but many consumers are using it." That forced Zoom to evaluate a lot about the platform, but especially its default privacy settings.

On the surface, this sounds reasonable. Zoom is a business tool, but it is now being used outside of business, so new vulnerabilities have emerged. And yet that argument is challenged by all of the above issues, which basically solve this: To make a popular video chat app, you have to make it extremely easy to use.

In other words, you have to do it a consumer application

In the old days, basically in the 1990s, the tools you used for work were decided by your workplace. They bought him his computer and his license for Microsoft Office, and any other arcane and generally horrible programs that he needed to do his job.

All of that changed once people got mobile phones and were able to start using whatever programs they wanted. A new class of productivity tools emerged that emphasizes design and ease of use: Google Docs, Box, Dropbox and Evernote led the way, with Trello, Asana and Slack after a few years. These were tools built for the job, but they were designed for consumers. That is why they were successful.

Zoom learned that lesson and has consistently applied it since its founding in 2011. Designing for consumers is the reason, for example, Zoom does its best to install itself on your Mac without having to get permission from an administrator. . Designing for consumers is the reason Zoom tries to generate a company director on their behalf. Designing for consumers is the reason Zoom lets you log in with Facebook. (Something else he got into trouble for … perhaps wrongly – this week.)

And to be clear, designing for consumers has been a good fit for Zoom. It helped the company grow much faster than the competition, especially Skype, which appears to have been surprised at the moment. Zoom has so much momentum right now that it creates virtual backgrounds for your calls – a fun and distinctive game. extremely Product Consumer Characteristic: It has suddenly become a key marketing platform for Hollywood.

Consumer-level ease of use is essential for a tool like Zoom, but so is enterprise-level security. That's what your business customers are paying for, after all, and that's why Zoom will have to quickly start propping up its platform. Ben Thompson has a good idea to stop Zoomlash in his tracks:

Freeze feature development and spend the next 30 days on a top-down review of Zoom's approach to security and privacy, followed by an update on how the company is reallocating resources based on that review.

That won't stop the occasional appearance of zero-day exploits. But it would go a long way in showing that the company understands the bets of our new world and is prepared to act accordingly. Zoom's problem has never been that, as its chief marketing officer says, "it was not designed for consumers." The problem is that it was.

The radio

Today in the news that could affect public perception of large technology platforms.

Upward trend: Google is partnering with California legislators to deliver 4,000 Chromebooks to needy students in California. It also provides free wifi to 100,000 rural households during the coronavirus pandemic to make remote learning more accessible.

Sideways trend: Facebook, TwitterY Youtube They are adopting stricter policies to limit coronavirus scams and stop disinformation on platforms. But people keep posting things that clearly violate the rules. The situation underscores how companies participate in an infinite game of whack-a-mole difficult to win.

Pandemic

Amazon Workers at a distribution center near Detroit, Michigan, plan to abandon the company's handling of COVID-19. Workers say management was slow to notify them of new coronavirus cases and failed to provide adequate cleaning supplies. (Josh Dzieza / The edge)

Amazon He ignored the patterns of social distancing at recruitment events while rushing to hire 100,000 new workers. Since then, the company has started making events virtual. (Spencer Soper and Matt Day / Bloomberg)

Palantir is in talks with France, Germany, Austria and Switzerland about the use of its software to help them respond to COVID-19. The data analysis firm says its technology can do everything from helping to track the spread of the virus to allowing hospitals to predict staff and supply shortages. (Helene Fouquet and Albertina Torsoli / Bloomberg)

Palantir It is also behind a new tool used by the Centers for Disease Control (CDC) to monitor how the coronavirus is spreading. The tool will also help CDC understand how well equipped hospitals are to deal with a spike in cases. (Thomas Brewster / Forbes)

A group of European experts is preparing to launch an initiative to track people's smartphones to see who has come into contact with those who have COVID-19. The goal is to help health authorities act quickly to stop the spread of the virus in a way that complies with the General Data Protection Regulation. (Douglas Busvine / Reuters)

School closings are leading to a new wave of student vigilance. Universities are competing to sign deals with online supervisory companies that watch students through their webcams as they take the exams. (Drew Harwell / The Washington Post)

Facebook It is expanding its Community Aid role as part of the company's COVID-19 efforts. The new community aid center COVID-19 will allow people to request or offer help to people affected by the coronavirus outbreak. (Sarah Perez / TechCrunch)

That is how Sheryl Sandberg you are dealing with the coronavirus pandemic. She is quarantined at home with her fiancé and children and is raising millions for her local food bank. (Alyson Shontell / Business Insider)

The coronavirus is forcing couples to cancel their weddings, but some people are getting creative and broadcasting their nuptials live on Focus. (Zoe Schiffer / The edge)

Doctors are turning to Twitter Y Tik Tok to share coronavirus news. They are trying to combat the bad medical advice that circulates on the big platforms. (Kaya Yurieff / CNN)

A Chinese diplomat has been helping spread a conspiracy theory that the United States and its military could be behind the coronavirus outbreak. This is how that deception began. (Vanessa Molter and Graham Webster / Stanford Internet Observatory)

The coronavirus pandemic shows why Comcast You could get rid of your data limits permanently without killing your business. (Jon Brodkin / Ars Technica)

Hackers are taking advantage of the coronavirus pandemic to launch cyber attacks against healthcare providers. In one case, criminals used encryption to block thousands of the company's patient records and promised to post them online if a ransom was not paid. (Ryan Gallagher / Bloomberg)

Startups are desperately struggling to survive the coronavirus pandemic. Some are laying off workers and cutting costs, but even that may not be enough. (Erin Griffith / The New York Times)

Americans aired 85 percent more video minutes in March 2020 compared to March 2019. Hulu It has grown more than 25 percent in the past two weeks alone. (Sara Fischer / Axios)

Snap He says that video calls increased 50 percent month-over-month. This blog post about how use with the coronavirus pandemic has changed is the kind of record I've been requesting from big tech companies.

Rebecca Jennings invites you to post with abandon. She says the digital world is now a much happier place than the real world, which is a perfect excuse for you to spend time on social media doing various Instagram and TikTok challenges. (Rebecca Jennings / Vox)

Virus tracker

Total cases in the US USA: 205,172

Total deaths in the US USA: at least 4,500

Cases reported in California: 8,582

Cases reported in New York: 83,760

Cases reported in Washington: 5,292

Data of The New York Times.

Ruler

Democrats are concerned that Google Banning most non-governmental organization COVID-19-related announcements could help Trump be re-elected. They say it allows the president to run ads promoting his response to the crisis and denies Democrats the opportunity to run ads that criticize this response. Emily Birnbaum in Protocol reports:

Prominent Democratic PACs in recent days have funneled millions of dollars in television commercials accusing Trump of mishandling the coronavirus crisis. But employees of several Democratic nonprofit and digital advertising companies realized this week that they would not be able to use Google's dominant advertising tools to spread true information about the handling of the President Trump outbreak on YouTube and other Google platforms. . The company only allows PSA-style ads from government agencies like the Centers for Disease Control and trusted health agencies like the World Health Organization. Multiple Democratic and progressive strategists were reprimanded when they attempted to place Google ads criticizing the Trump administration's response to the coronavirus, officials at the firms told Protocol.

Google Data centers use billions of gallons of water to keep processing units cool. Some of the centers are located in dry areas struggling to conserve their supplies. (Nikitha Sattiraju / Bloomberg)

As presidential candidates turn to campaign almost entirely online, political tech startups are struggling to keep up with demand. Business is booming for companies that allow candidates to easily text or call voters and donors. (Issie Lapowsky / Protocol)

Wisconsin faces a shortage of poll workers and a possible drop in voter turnout due to the coronavirus pandemic, but the state is still moving ahead with its April 7 primary. (Zach Montellaro / Political)

Oracle founder Larry ellison is helping President Trump build a COVID-19 case database. You are also turning your Hawaiian island complex into a data-fueled health and wellness lab, whatever that means! Everything promises to be a very good Netflix series someday. (Angel Au-Yeung / Forbes)

Facebook is stepping up its efforts to help with the US census. USA Facebook and Instagram They now have notifications reminding people to complete the census, and the company is also working to combat misinformation about the process. (Facebook)

Industry

⭐Youtube plans to launch a rival to Tik Tok called Shorts by the end of the year. The app will take advantage of YouTube's licensed music catalog by allowing users to choose songs as soundtracks for their videos. Alex Heath and Jessica Toonkel in Information have the story:

TikTok's business is small relative to YouTube's, which had more than $ 15 billion in advertising revenue last year. ByteDance earns the vast majority of its revenue in China, including its local TikTok equivalent, known as Douyin, and has used its financial resources to aggressively advertise TikTok in the United States and elsewhere. In a note to employees late last year, ByteDance CEO Zhang Yiming urged them to "diversify TikTok growth,quot; and "increase investment in weaker markets," according to Reuters.

The part of the economy dedicated to creating new Instagram backgrounds is sinking due to the coronavirus pandemic. Color Factory and Museum of Ice Cream closed for now, laying off most of the employees. (Ashley Carman / The edge)

YTMND is back, almost a year after it was downed by a server failure. The site has been modernized a bit and you no longer need Flash to view your looped GIF file and synced music. (Jacob Kastrenakes / The edge)

Jack Black joined Tik Tok. His first video shows him doing a dance that he calls "Dance of Quarantine,quot;. He is, um, shirtless. And with cowboy boots. (Taylor Lyles / The edge)

The Animal Crossing social media explosion has left some fans feeling frustrated and jealous of other people's elaborate designs. The game has become a phenomenon on social media in part due to a new button that allows players to easily share screenshots. (Patricia Hernández / Polygon)

Things to do

Things to take care of online during quarantine.

Take part in the 2020 census! It takes about 10 minutes and helps direct billions of dollars in federal funds to local communities. (And if you don't listen to me, maybe you will listen to Sheryl Sandberg).

Go to one of these virtual events with authors and illustrators creating content specifically for children.

Watch ProtocolIssie Lapowsky interviews Representative Ro Khanna, who represents Silicon Valley, at a Zoom meeting Thursday noon PT.

And finally…

Andy serkis is practicing rolling a ball in case he is asked to play the coronavirus – Josh & # 39; Letterman & # 39; (oldfriend99) (@ oldfriend99) April 1, 2020

OH: sink zero is the new inbox zero – Eric Ries (@ericries) March 30, 2020

