Zoom will allow users to choose where their data is routed and has brought on board an renowned cybersecurity expert as the company battles to improve its security and privacy in the wake of widespread controversies.
The video conferencing giant is in the midst of a 90-day plan to improve its security and privacy after increased usage led to heightened scrutiny and a series of issues were identified.
As of Saturday, paid-up Zoom users are able to control their own data routing by customising which of Zoom’s data centres around the world their account uses for its real-time meeting traffic.
This will be done through Zoom account holders opting in or out of specific data centre regions. These regions include the US, Canada, Europe, India, Australia, China, Latin America and Japan/Hong Kong.
“This will determine the meeting servers and Zoom connectors that can be used to connect to Zoom meetings or webinars you are hosting and ensure the best-quality service,” Zoom CTO Brendan Ittelson said in a blog post.
“This feature gives our customers more control over their data and their interaction with our global network when using Zoom’s industry-leading video communication services.”
Those using Zoom for free will still be restricted to the data centre within their default region, which for most is the US.
The company has also brought in Luta Security to reboot its bug bounty program.
Luta Security is led by Katie Moussouris, who has “created some of the most important vulnerability programs still running today”.
These include launching Microsoft Vulnerability Research and Symantec Vulnerability Research, and starting Microsoft and the Pentagon’s bug bounty programs.
“Katie has testified as an expert on bug bounties and the labour market for security research for the US Senate, and has also been called upon for European Parliament hearings on dual-use technology,” Zoom said in another blog post.
“We’re thrilled to have Katie and the Luta Security team on board.”
Zoom and Luta Security will first be seeking feedback on the company’s existing bug bounty program before looking to make improvements to it.
“We’re not changing the day-to-day bug bounty operations, platforms or rules without your input,” they said. “Now’s the perfect time to get feedback directly from the researcher community.
“Luta Security and Zoom will take this feedback and use it to make a world-class bug bounty program that advances our relationship with researchers and remains consistent with our commitment to protect user security.”
Zoom has faced a number of controversies recently as the platform has seen an explosion in use due to the ongoing COVID-19 pandemic. It has been criticised for “misleading marketing” after it was revealed the company does not offer end-to-end encryption, despite claiming so.
New York Attorney-General Letita James has also launched an investigation into Zoom’s data privacy and security practices, and questioned how it responded to identified vulnerabilities and flaws, saying they would “enable malicious third parties to, among other things, gain surreptitious access to consumer webcams”.
Last week it was revealed that 500,000 Zoom credentials had been dumped on the dark web. There’s no indication this was a result of a breach at Zoom though, but was rather the result of a credential stuffing attack.
These events led Zoom CEO Eric Yuan to issue a mea culpa, saying he was “deeply sorry”, and launching the 90-day improvement plan. These initiatives include the improved bug bounty program, along with a freeze on new features, a transparency report, a comprehensive review with third-party experts and a new CISO council.