They're succeeding because of their security issues.
Look at the problems they've had over the past month:
- "Zoombombing" is a thing because the default meeting configuration didn't require a password, making it easier for attendees—legitimate or not—to join.
- Issues with the installer were in part caused by shady workarounds they took to reduce friction during the installation.
And yet, they're doing just fine with their "UX first, security later" approach. So I guess I'm underscoring your point: we absolutely need more consumer protection.
Side-note: I wonder if Zoom is getting into trouble in Europe over any of this?
> Side-note: I wonder if Zoom is getting into trouble in Europe over any of this?
Some European organizations are banning it from business computers.
I only use it for semi-public discussions, and run it on a Windows 10 laptop that isn't used for anything else, so I'm not that bothered by the security issues.
They might, but it will be some time before privacy authorities build a case against Zoom and start fining them.
In the meanwhile, imho they are under so much pressure to behave that in the next few months might really make some progress in this field. I mean, right now Zoom is the most independently "audited" video conferencing app in the world and many newspapers and state attorneys are investigating [1].
"Zoombombing" is a thing because the ID space is ridiculously small. It's 8 digits! Just pump it up to UUID size and encode it as Crockford Base32 + checksum. Then you don't need a password because the ID space is too big to guess. We all learned this back in the days of link shortners, but Zoom somehow didn't?
The ID number can also be used by attendees calling in via phone, so it has to be short and numeric (back to the UX vs. security tension).
Another issue was that until recently the ID number was prominently displayed in the application window. Many people (including Boris Johnson) shared screenshots on social media with the ID included.
Look at the problems they've had over the past month:
- "Zoombombing" is a thing because the default meeting configuration didn't require a password, making it easier for attendees—legitimate or not—to join.
- Issues with the installer were in part caused by shady workarounds they took to reduce friction during the installation.
And yet, they're doing just fine with their "UX first, security later" approach. So I guess I'm underscoring your point: we absolutely need more consumer protection.
Side-note: I wonder if Zoom is getting into trouble in Europe over any of this?