A Message to Our Users

What we’ve done
With the flood of new users, part of the challenge is ensuring that we provide the proper training, tools, and support to help them understand their own account features and how best to use the platform.- We’ve been offering training sessions and tutorials, as well as free interactive daily webinars to users. We have proactively sent out many of these resources to help familiarize users with Zoom.
- We are taking several steps to minimize customer support wait times when they reach out with questions.
- We’re listening to our community of users to help us evolve our approach.
- On March 20th, we published a blog post to help users address incidents of harassment (or so-called “Zoombombing”) on our platform by clarifying the protective features that can help prevent this, such as waiting rooms, passwords, muting controls, and limiting screen sharing. (We’ve also changed the name and content of that blog post, which originally referred to uninvited participants as “party crashers.” Given the more serious and hateful types of attacks that have since emerged, that terminology clearly doesn’t suffice. We absolutely condemn these types of attacks and deeply feel for anyone whose meeting has been interrupted in this way.)
- On March 27th, we took action to remove the Facebook SDK in our iOS client and have reconfigured it to prevent it from collecting unnecessary device information from our users.
- On March 29th, we updated our privacy policy to be more clear and transparent around what data we collect and how it is used – explicitly clarifying that we do not sell our users’ data, we have never sold user data in the past, and have no intention of selling users’ data going forward.
- For education users we:
- Rolled out a guide for administrators on setting up a virtual classroom.
- Set up a guide on how to better secure their virtual classrooms.
- Set up a dedicated K-12 privacy policy.
- Changed the settings for education users enrolled in our K-12 program so virtual waiting rooms are on by default.
- Changed the settings for education users enrolled in our K-12 program so that teachers by default are the only ones who can share content in class.
- On April 1, we:
- Published a blog to clarify the facts around encryption on our platform – acknowledging and apologizing for the confusion.
- Permanently removed the attendee attention tracker feature. (updated 4/2 to clarify that it's permanently removed)
- Released fixes for both Mac-related issues raised by Patrick Wardle.
- Released a fix for the UNC link issue.
- Permanently removed the LinkedIn Sales Navigator app after identifying unnecessary data disclosure by the feature. (updated 4/2 to clarify that it's permanently removed)
What we’re going to do
Over the next 90 days, we are committed to dedicating the resources needed to better identify, address, and fix issues proactively. We are also committed to being transparent throughout this process. We want to do what it takes to maintain your trust. This includes:- Enacting a feature freeze, effectively immediately, and shifting all our engineering resources to focus on our biggest trust, safety, and privacy issues.
- Conducting a comprehensive review with third-party experts and representative users to understand and ensure the security of all of our new consumer use cases.
- Preparing a transparency report that details information related to requests for data, records, or content.
- Enhancing our current bug bounty program.
- Launching a CISO council in partnership with leading CISOs from across the industry to facilitate an ongoing dialogue regarding security and privacy best practices.
- Engaging a series of simultaneous white box penetration tests to further identify and address issues.
- Starting next week, I will host a weekly webinar on Wednesdays to provide privacy and security updates to our community.