|Original author(s)||Eric Yuan|
|Developer(s)||Zoom Video Communications|
|Initial release||October 12, 2011|
5.10.7 / May 30, 2022
|Platform||Windows, macOS, Linux, Android, iOS, Chrome OS|
|Available in||11 languages|
|Type||Videoconferencing, VoIP, and Instant messaging|
Zoom Meetings (commonly shortened to Zoom, and stylized as zoom) is a proprietary videotelephony software program developed by Zoom Video Communications. The free plan allows up to 100 concurrent participants, with a 40-minute time restriction. Users have the option to upgrade by subscribing to a paid plan. The highest plan supports up to 1,000 concurrent participants for meetings lasting up to 30 hours.
During the COVID-19 pandemic, there was a major increase in the use of Zoom for remote work, distance education, and online social relations. The increase led to Zoom being the 5th most downloaded mobile app worldwide in 2020 at 477.3 million downloads.
Further information: Zoom Video Communications
Zoom was originally founded in 2011. Its headquarters are located in San Jose, California. Zoom also has offices in Europe, Asia, and Australia. A beta version of Zoom—that could host conferences with only up to 15 video participants—was launched on August 21, 2012. On January 25, 2013, version 1.0 of the program was released with an increase in the number of participants per conference to 25. By the end of its first month, Zoom had 400,000 users and rose to over one million users by May 2013. After the start of the COVID-19 pandemic, by February 2020, Zoom had gained 2.22 million users in 2020 – more users than it amassed in the entirety of 2019 with the company's share price spiking by 35 percent. In March 2020, the Zoom app was downloaded 2.13 million times. In April 2020, Zoom had more than 300 million daily meeting participants. On August 24, 2020, Zoom experienced widespread outages for several hours before service was restored.
Zoom has several tiers: Basic, Pro, Business, and Enterprise. Zoom is compatible with Windows, macOS, iOS, Android, Chrome OS, and Linux. It is noted for its simple interface and usability, regardless of technological expertise. Features include one-on-one meetings, group video conferences, screen sharing, plugins, browser extensions, and the ability to record meetings and have them automatically transcribed. On some computers and operating systems, users are able to select a virtual background, which can be downloaded from different sites, to use as a backdrop behind themselves.
Use of the platform is free for video conferences of up to 100 participants at once, with a 40-minute time limit if there are more than two participants. For longer or larger conferences with more features, paid subscriptions are available. Features geared towards business conferences, such as Zoom Rooms, are also available. Up to 49 people can be seen on a desktop or laptop screen at once, up to 4 people per screen in iPhone and Android mobile phones and tablet computers, and up to 16 people per screen on iPad.
Zoom security features include password-protected meetings, user authentication, waiting rooms, locked meetings, disabling participant screen sharing, randomly generated IDs, and the ability for the host to remove disruptive attendees. As of June 2020, Zoom began offering end-to-end encryption to business and enterprise users, with AES 256 GCM encryption enabled for all users. In October 2020, Zoom added end-to-end encryption for free and paid users. It is available on all platforms, except for the official Zoom web client.
Zoom also offers a transcription service using Otter.ai software that allows businesses to store transcriptions of the Zoom meetings online and search them, including separating and labeling different speakers.
As of July 2020, Zoom Rooms and Zoom Phone also became available as hardware as a service products. Zoom Phone is available for domestic telephone service in 40 countries as of August 2020. In January 2021, the company disclosed that it had sold one million seats for the Zoom Phone service. Zoom for Home, a category of products designed for home use, became available in August 2020.
In September 2020, Zoom added new accessibility features to make the app easier to use for those who are deaf, hard of hearing, or visually impaired. New features include the ability to move around video windows in gallery view, pin video windows to be spotlighted; improved keyboard shortcuts; new tools to adjust the size of closed captioning text; and sign language interpreters' windows can now sit directly next to the speaker.
In October 2020 at Zoomtopia, Zoom's annual user conference, the company unveiled OnZoom, a virtual event marketplace with an integrated payment system where users can host and promote free or paid live events. With OnZoom, users will be able to schedule and host one-time events or event series for up to 1,000 attendees and sell tickets online. The company also announced Zoom Apps, a feature integrating third-party apps so they can be used within the Zoom interface during meetings. The first such apps were expected to be available around the end of 2020, from companies including Slack, Salesforce, Dropbox, and Qatalog. In October 2020, Zoom gave its users better security with an upgrade to end-to-end encryption for its online meetings network.
On March 22, 2021, Zoom announced that it would start selling its videoconferencing technology as a white-label product, so other companies can embed it in their own products, with the calls running over Zoom but not carrying the company's brand name.
In August 2021, Zoom launched a new feature called Focus Mode. It is designed for use in digital classrooms and other educational settings. When active, the mode will hide participants' screens from each other (though they can see each other's names) while the host retains the ability to see everyone's camera stream or screen share. The feature is available across all Zoom accounts, including free ones.
In September 2021 at Zoomtopia, the company announced that end-to-end encryption would now be available as an upgrade for Zoom Phone users. The company also announced Bring Your Own Key (BYOK) (for users to manage their own encryption keys that Zoom cannot access or see), Verified Identity (a multi-factor authentication feature working through Okta that allows users to confirm the identity of meeting participants), and Video Engagement Center (for businesses to digitally interact with customers). Other updates include revamped virtual whiteboard features, including touchscreen whiteboards that can be digitized for remote participants, and improved collaboration between Zoom Meetings and Zoom Chat.
In October 2021, the option to automatically generate closed captions in English for Zoom meetings was expanded to all accounts, including free ones. The feature had previously only been available for Premium users.
In April 2022, Zoom added a couple of new features, including gesture recognition, a virtual whiteboard, and Zoom IQ for sales.
Since the start of the COVID-19 pandemic, Zoom has been used by banks, schools, universities, and government agencies around the world, by the UK Parliament, by healthcare professionals for telemedicine, barbershops, and ceremonies such as birthday parties, funeral services, and bar and bat mitzvah services. Zoom formed a partnership with Formula One to create a virtual club where fans can go behind the scenes and take part in virtual activities through Zoom, beginning with the Hungarian Grand Prix on July 19, 2020. An article published in July 2020 in the San Francisco Chronicle noted a new real estate trend in San Francisco and Oakland where some listings include "Zoom rooms" with backdrops for Zoom calls. People were complaining about "zoom fatigue" (too many video calls) before they had their "zoom happy hour" (online social meeting with friends or colleagues).
Richard Nelson's play What Do We Need to Talk About? takes place on Zoom, with its main characters congregating online during the COVID-19 pandemic using Zoom. Written and directed by Nelson, it was commissioned by The Public Theater and premiered on YouTube on April 29, 2020, as a benefit performance. The New Yorker called it "the first great original play of quarantine". Oprah's Your Life in Focus: A Vision Forward was a live virtual experience hosted by Oprah Winfrey on Zoom from May 16 through June 6, 2020. In Source Material's play In These Uncertain Times, directed by Samantha Shay, characters communicate on Zoom. The play premiered on Zoom on July 25, 2020. In the 2020 British found-footage Zoom-based horror film Host, directed by Rob Savage, a group of young people has a remote séance in which they try contacting spirits over Zoom. It premiered on Shudder in July 2020. A live reading of Kristoffer Diaz's 2009 play The Elaborate Entrance of Chad Deity over Zoom streamed on Play-PerView from August 15–20, 2020. In the 2021 film Locked Down, directed by Doug Liman and starring Anne Hathaway and Chiwetel Ejiofor, characters communicate through Zoom conferences.
On July 3–4, 2020, using Zoom Webinar, the International Association of Constitutional Law and Alma Mater Europaea organized the first "round-the-clock and round-the-globe" event that traveled through time zones, featuring 52 speakers from 28 countries. Soon after, a format of conferences that "virtually travel the globe with the sun from East to West", became common, some of them running for several days.
On September 17, 2020, a live table read of the script for the 1982 film Fast Times at Ridgemont High was hosted by Dane Cook, with performers including Brad Pitt, Jennifer Aniston, Julia Roberts, original cast member Sean Penn, Matthew McConaughey, Shia LaBeouf, Morgan Freeman (who served as the narrator), Jimmy Kimmel, Ray Liotta, and John Legend, to raise money for the charity CORE. The broadcast of the 72nd Primetime Emmy Awards on September 20, 2020, hosted by Jimmy Kimmel, featured nominees participating through Zoom. On an alternate music video for the 2020 single "Ice Cream" by Blackpink featuring Selena Gomez, the artists appeared via Zoom from their homes. The series Zoom Where It Happens, airing on Zoom as a partnership between Zoom and Black female artists, launched in September 2020 with a virtual table read of an episode of The Golden Girls, reimagined with an all-Black cast. The second episode featured an all-Black cast in a table read of an episode of Friends, hosted by Gabrielle Union and featuring Sterling K. Brown and Uzo Aduba.
Zoom has been criticized for "security lapses and poor design choices" that have resulted in heightened scrutiny of its software. Many of Zoom's issues "surround deliberate features designed to reduce friction in meetings", which Citizen Lab found to "also, by design, reduce privacy or security". In March 2020, New York State Attorney General Letitia James launched an inquiry into Zoom's privacy and security practices, the inquiry was closed on May 7, 2020, with Zoom not admitting wrongdoing, but agreeing to take added security measures. In April 2020, CEO Yuan apologized for the security issues, stating that some of the issues were a result of Zoom's having been designed for "large institutions with full IT support", he noted that in December 2019, Zoom had a maximum of 10 million daily users, and in March 2020 the software had more than 200 million daily users, bringing the company increased challenges. Zoom agreed to focus on data privacy and issue a transparency report. In April 2020, the company released Zoom version 5.0, which addressed a number of the security and privacy concerns. It includes passwords by default, improved encryption, and a new security icon for meetings. In September 2020, Zoom added support for two-factor authentication to its desktop and mobile apps; the security feature was previously Web-only.
As of April 2020, businesses, schools, and government entities who have restricted or prohibited the use of Zoom on their networks include Google, Siemens, the Australian Defence Force, the German Ministry of Foreign Affairs, the Indian Ministry of Home Affairs, SpaceX, and the New York City Department of Education. In May 2020, the New York City Department of Education lifted their ban on Zoom after the company addressed security and privacy concerns.
By September 2020, Zoom had 370,200 institutional customers with more than 10 employees, up about 458 percent from the same quarter to the year before. The company's revenue rose 355 percent to $663.5 million, topping analysts' average estimate of $500.5 million. They were able to raise their annual revenue forecast by more than 30 percent after many of their free users converted to paid subscriptions.
During the pandemic, Zoom's profit increased by 4000% despite paying zero taxes according to a report by the Institute on Taxation and Economic Policy, leading to controversies.
Zoom has been criticized for its privacy and corporate data sharing policies, as well as for enabling video hosts to potentially violate the privacy of those participating in their calls. There may also be issues with unauthorized surveillance of students and possible violations of students' rights under the Family Educational Rights and Privacy Act (FERPA). According to the company, the video services are FERPA-compliant, and it collects and stores user data only for tech support.
In March 2020, a Motherboard article found that the company's iOS app was sending device analytics data to Facebook on startup, regardless of whether a Facebook account was being used with the service, and without disclosing it to the user. Zoom responded that it had recently been made aware of the issue and patched the app to remove the SDK after learning that it was collecting unnecessary device data. The company stated that the SDK was only collecting information on the user's device specifications (such as model names and operating system versions) in order to optimize its service and that it was not collecting personal information. In the same month, Zoom was sued by a user in U.S. Federal Court for illegally and secretly disclosing personal data to third parties including Facebook. Zoom responded that it "has never sold user data in the past and has no intention of selling users' data going forward".
In April 2020, a Zoom information gathering feature was found that automatically sent user names and email addresses to LinkedIn, allowing some participants to surreptitiously access LinkedIn profile data about other users without their express consent. The companies disabled their integration. In May 2020, the Federal Trade Commission announced that it was looking into Zoom's privacy practices. The FTC alleged in a complaint that since at least 2016, "Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers' meetings, did not provide advertised end-to-end encryption, falsely claimed HIPAA compliance, installed the ZoomOpener webserver without adequate consent, did not uninstall the web server after uninstalling the Zoom App, and secured its Zoom Meetings with a lower level of encryption than promised." On November 9, 2020, a settlement was reached, requiring the company to stop misrepresenting security features, create an information security program, obtain biannual assessments by a third party, and implement additional security measures.
In November 2018, a security vulnerability was discovered that allowed a remote unauthenticated attacker to spoof UDP messages that allowed the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. The company released fixes shortly after the vulnerability was discovered. In July 2019, security researcher Jonathan Leitschuh disclosed a zero-day vulnerability allowing any website to force a macOS user to join a Zoom call, with their video camera activated, without the user's permission. Attempts to uninstall the Zoom client on macOS would prompt the software to re-install automatically in the background using a hidden web server that was set up on the machine during the first installation so that it remains active even after attempting to remove the client. After receiving public criticism, Zoom removed the vulnerability and the hidden webserver to allow complete uninstallation. In April 2020, security researchers found vulnerabilities where Windows users' credentials could be exposed. Another vulnerability allowing unprompted access to cameras and microphones was made public. Zoom issued a fix in April 2020.
Motherboard reported that there were two Zoom zero-days for macOS and Windows respectively, selling for $500,000, on April 15, 2020. Security bug brokers were selling access to Zoom security flaws that could allow remote access into users' computers. Hackers also put up over 500,000 Zoom user names and passwords for sale on the dark web. In response to the multitude of security and privacy issues found, Zoom began a comprehensive security plan, which included consulting with Luta Security, Trail of Bits, former Facebook CSO Alex Stamos, former Google global lead of privacy technology Lea Kissner, BishopFox, the NCC Group, and Johns Hopkins University cryptographer Matthew D. Green.
On April 20, 2020, the New York Times reported that Dropbox engineers had traced Zoom's security vulnerabilities back over two years, pushing Zoom to address such issues more quickly, and paying top hackers to find problems with Zoom's software. In the same article, the New York Times noted that security researchers have praised Zoom for improving its response times, and for quickly patching recent bugs and removing features that could have privacy risks. In a blog post on April 1, 2020, Yuan announced a 90-day freeze on releasing new features, to focus on fixing privacy and security issues within the platform. On July 1, 2020, at the end of the freeze, the company stated it had released 100 new safety features over the 90-day period. Those efforts include end-to-end encryption for all users, turning on meeting passwords by default, giving users the ability to choose which data centers calls are routed from, consulting with security experts, forming a CISO council, an improved bug bounty program, and working with third parties to help test security. Yuan also stated that Zoom would be sharing a transparency report later in 2020.
On 16 November 2020, Zoom announced a new security feature to combat disruptions during a session. The new feature was said to be a default for all free and paid users and made available on the Zoom clients for Mac, PC, and Linux, as well as Zoom mobile apps.
Further information: Zoombombing
The practice of "Zoombombing", a phenomenon where uninvited participants join a meeting to cause disruption, prompted a warning from the Federal Bureau of Investigation. In April 2020, Zoom set many of its higher security settings as default as they advised users on ways to mitigate Zoombombing.The company created a new "report a user to Zoom" button, intended to catch those behind Zoombombing attacks.
Zoom encrypts its public data streams, using TLS 1.2 with AES-256 (Advanced Encryption Standard) to protect signaling, and AES-128 to protect streaming media. Security researchers and reporters have criticized the company for its lack of transparency and poor encryption practices. Zoom initially claimed to use "end-to-end encryption" in its marketing materials, but later clarified it meant "from Zoom end point to Zoom end point" (meaning effectively between Zoom servers and Zoom clients), which The Intercept described as misleading and "dishonest". Alex Stamos, a Zoom advisor who was formerly security chief at Facebook, noted that a lack of end-to-end encryption is common in such products, as it is also true of Google Hangouts, Microsoft Teams, and Cisco Webex. On May 7, 2020, Zoom announced that it had acquired Keybase, a company specializing in end-to-end encryption, as part of an effort to strengthen its security practices moving forward. Later that month, Zoom published a document for peer review, detailing its plans to ultimately bring end-to-end encryption to the software.
In April 2020, Citizen Lab researchers discovered that a single, server-generated AES-128 key is being shared between all participants in ECB mode, which is deprecated due to its pattern-preserving characteristics of the ciphertext. During test calls between participants in Canada and United States, the key was provisioned from servers located in mainland China where they are subject to the China Internet Security Law.
On June 3, 2020, Zoom announced that users on their free tier will not have access to end-to-end encryption so that they could cooperate with the FBI and law enforcement. Later, they said that they do not "proactively monitor meeting content". On June 17, 2020, the company reversed course and announced that free users would have access to end-to-end encryption after all.
On September 7, 2020, cryptography researcher Nadim Kobeissi accused Zoom's security team of failing to credit his open-source protocol analysis research software, Verifpal, with being instrumental during the design phase of Zoom's new encryption protocol, as described in their whitepaper published in June 2020. Kobeissi published a week's worth of conversations with Zoom's security leadership in support of his claim, including Max Krohn, which included eight Verifpal models that Zoom's team asked for feedback on, promises of a citation to credit Kobeissi for his contributions and an admission that the Verifpal citation was pulled from the whitepaper at the last moment for unspecified reasons. Kobeissi also linked to a tweet by Zoom security consultant Lea Kissner which he described as a public character assassination attempt issued in response to his repeated requests to have his work cited in the research paper published by Zoom.
Zoom admitted that some calls in early April 2020 and prior were mistakenly routed through servers in mainland China, prompting some governments and businesses to cease their usage of Zoom. The company later announced that data of free users outside of China would "never be routed through China" and that paid subscribers will be able to customize which data center regions they want to use. The company has data centers in Europe, Asia, North America, and Latin America.
An April 2020 Citizen Lab report warned that having much of Zoom's research and development in China could "open up Zoom to pressure from Chinese authorities". Lee Cheuk Yan's (Chairman of Hong Kong Labour Party) account was also closed in early May 2020, and human rights activist Zhou Fengsuo's was closed in June after he held an event discussing the 1989 Tiananmen Square protests and massacre. In June 2020, Zoom acknowledged that it had terminated two accounts belonging to U.S. users and one of a user from Hong Kong connected to meetings discussing the 1989 Tiananmen Square protests, the accounts were later re-opened, with the company stating that in the future it "will have a new process for handling similar situations". Zoom also announced upcoming technology that could prevent participants from specific countries from joining calls that were deemed illegal in those areas.
In September 2020, Zoom blocked San Francisco State University from using its video conferencing software to host Popular Front for the Liberation of Palestine (PFLP) militant and hijacker Leila Khaled in response to vigorous lobbying by the Jewish coalition group "End Jewish Hatred". In justifying its decision, Zoom cited the PFLP's designation as a terrorist organization by the United States Government and its efforts to comply with U.S. export control, sanctions, and anti-terrorism laws. Facebook and YouTube also joined Zoom in denying their platforms to the conference organizers. Professor Rabab Ibrahim Abdulhadi, one of the conference organizers, criticized Zoom, Facebook, and Google for allegedly censoring Palestinian voices.
On December 18, 2020, Zoom announced it would be issuing its first transparency report. These reports will be published twice a year beginning in 2021. These reports are supposed to show how Zoom responds when user data is requested by law enforcement or government officials. Zoom states that it "only produces user data to governments in response to valid and lawful requests in accordance with our Government Requests Guide and relevant legal policies". The first report covers from May 1, 2020, to December 12, 2020.
In August 2021, the Data Protection regulatory body in Hamburg, Germany, ruled that Zoom is operating in the European Union in breach of the General Data Protection Regulation (GDPR). This is due to the fact that, as per the Schrems II ruling, data that is being transferred out of the EU must be given the same protections that provided by the GDPR. The data gathered by Zoom is being sent to the United States.
Among the latest organisations to block the use of Zoom are German industrial giant Siemens, which sent out an internal circular urging its employees to not use the tool for video conferencing, with Standard Chartered Bank also issuing a similar note to its staff.
collects and stores personal data and shares it with third parties such as advertisers. But Zoom's policy also covers what it labels "customer content" or "the content contained in cloud recordings, and instant messages, files, whiteboards... shared while using the service". This includes videos, transcripts that can be generated automatically, documents shared on screen, and the names of everyone on a call.
as high school students in Colorado signed in to a mandatory video meeting for a class, Zoom readied the full names and email addresses of at least six students — and their teacher — for possible use by its LinkedIn profile-matching tool
Zoom did not employ end-to-end encryption... Zoom did not employ 256-bit Encryption... recorded Messages are not stored encrypted in Zoom's cloud storage immediately after a Meeting has ended... Zoom installed the ZoomOpener webserver, without adequate notice or consent, to circumvent a browser privacy and security safeguard... the webserver would remain on users' computers even after they had uninstalled the Zoom App.
must not misrepresent in any manner, expressly or by implication, the security features... establish and implement, and thereafter maintain, a comprehensive information security program... The Assessments must be obtained by one or more qualified, objective, independent third-party professionals...
The vulnerability was first described last week by a researcher who uses the Twitter handle @_g0dmode. He wrote: "#Zoom chat allows you to post links such as \\x.x.x.x\xyz to attempt to capture Net-NTLM hashes if clicked by other users.
Currently, it is not possible to enable E2E encryption for Zoom video meetings. (...) When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.