The Zoom Boom

in the world of tech. Recently, I went on Twitter and I asked my followers if they had any suggestions for episode topics, and I got a whole bunch of different, you know, candidates, But the one that received the most independent submissions was the video conferencing service Zoom. For many, Zoom was something that just kind of popped up once millions of us had to shift to work from home.

The company, as it turns out, has been around for a few years, but it was really when people were rushing to find conferencing solutions that it became mainstream news. A lot of you out there were probably using Zoom, possibly for years, because it was already a popular video conferencing tool, but it's just that a lot of folks never really had occasion to use it until current circumstances

changed things. Add to that some pretty high profile controversies regarding everything from Internet security to privacy concerns, and you've got yourself a prime tech stuff topic. So today we're going to talk about the Zoom service, where it came from, how it made its founder a billionaire, and we'll look into some of those controversies. But let's start with what Zoom is. Just in case you don't know, the basic idea behind Zoom is pretty easy to get your mind

wrapped around. It's a conferencing service that uses the Internet, so you can do audio conferences, video conferences, you can do web conferences, including sharing screens so that multiple people can view the same documents simultaneously. It works on mobile devices as well as desktop or laptop computers. It can support meetings with as few as two people or as many as five hundred. There are also options to have a single presenter streamed to an unlimited audience. This would

be one way communication like a lecture. Obviously, a lot has to happen in the back end for all of this to work, and it requires a persistent Internet connection. But we'll get into all of that later. Right now, let's talk about the company's history, and the story of Zoom really starts with a different company, and that company would be Cisco, which is an enormous technology conglomerate that does a whole lot of stuff, and among that stuff

is a web conferencing service called WebEx. Now WebEx didn't come out of Cisco. Cisco actually acquired the company in two thousand seven. WebEx itself was founded in the late nineteen nineties. Originally it was called Active Touch, but quickly became WebEx. One Cisco executive named Eric Yuan found the WebEx service needed several improvements. Yuan was born in China. He grew up attended school and later college in China.

As a kid, Yuan's first attempt at making money involved taking copper out of leftover material from construction sites and selling it. And he found out that the company he was selling these scraps to really just wanted the copper that was it. So he decided, you know, to streamline things, he would go a step further and attempt to extract copper from everything else by burning it, you know, burning

the everything else away and leaving the copper behind. As a result, he accidentally burned down his neighbor's shack, which he was using to secretly conduct his business, and he was doing this d I y copper reclamation project. As a kid burned down his neighbor's shack, and you could say this first business venture was a failure. But unlike the shack, Yuan did not suffer from burnout but um bum.

As a young adult, he was in a long distance relationship with a girlfriend and she lived so far away that he would have to take the train to see her, and it would take a ten hour trip by train to get there. Yuan frequently wished there was some easier way for him to see his girlfriend, and later said it was this desire that fueled his motivation for creating

Zoom in the first place. He studied computer science at university and then married that long distance girlfriend when he was twenty two years old, and he was pursuing a master's degree at the time, and he was thinking about what was going to come next once he got out of school, what he was going to pursue as a career.

Yuan learned of the Internet and felt that this technology would be truly transformative, but he lived in China, and the Chinese government hadn't rolled out internet infrastructure, and it was pretty obvious that the government was going to keep a tight control on what could come into China once it was connected to the rest of the world. This

would be the Great Chinese Firewall. Yuan decided that he wanted to immigrate to the United States so that he could work on projects connected to the Internet and be free of that particular obstacle. The first time he applied for a visa to work in the United States, he received a rejection. He didn't let that get to him, so he applied again, and he was rejected again. So he applied again and again. In fact, it wasn't until

his ninth try that he was accepted. Upon arriving in the United States in nine seven, at the age of twenty seven, Yuan secured a job with Webbex, which itself was just a couple of years old. In fact, a

little less than two years old. It only had a few employees, but it was growing fairly quickly, and unlike many web based companies, WebEx was able to get through the dot com bubble burst of two thousand and two thousand one, when the economy stabilized WebEx began to grow again, and it held its own I p O. Several years later, a decade after you Want joined WebEx, Cisco came a colon. The mega company acquired WebEx for the princely sum of

three point two billion dollars. At the time, WebEx was reporting three hundred eighty million dollars in revenue with a fifty million dollar profits, so the company was doing well. It was no wonder that a big company like Cisco, which is all about providing internet and text services mostly to other big companies, would be interested. Even at the time people were criticizing WebEx as being a bit too

bloated and costly. Michael Arrington of tech Crunch posted about the acquisition announcement and mentioned that several startups were aiming at the same general suite of services that WebEx provided, and that these startups were on the rise, indicating that perhaps WebEx was already loaded with feature creep, that it was getting too unwieldy for its own good, and it was creating its own opportunities for competition to jump up and and take some of the pie u wan transition

to Cisco, he became the company's VP of Engineering in charge of collaboration software. And Uan stated in interviews that he met with several Cisco customers over the course of his tenure with the company, and he heard from many of them that they found WebEx to be clunky, hard to use, and expensive. He could tell that these weren't outlying opinions, but rather indicated some real areas of opportunity

to improve the service. One thing he felt very strongly about was that the service was anchored in a more traditional approach, a client a kind of approach, and Yuan felt that a cloud based service would be more suitable. He argued that Cisco should let him rebuild the WebEx product as a cloud based product, reinvigorating it, and his efforts to do so were met with resistance within Cisco. So by two thousand and eleven he had had enough.

Yuan resigned from Cisco so that he could go and found his own web conferencing company, and around thirty to forty engineers from Cisco, some of them in China, would follow him and join his new venture, which would become Zoom. Between the time he left Cisco and the time Zoom actually launched, two years would pass. So what was going on in those two years, well pretty much what you'd expect. Yuan was meeting with investors raising money to fund his

new company. At the same time, his team of engineers were building out the service with certain goals in mind. Two of the big ones were really key to Zoom's survival, and those were making sure the service would work on pretty much any platform, including mobile devices, and making sure latency was as low as possible. Latency is lag or delay, and it's an incredibly frustrating thing to encounter with technology.

In communication, it makes things even more challenging. You have to ask was that a pause or is the person done speaking? Is it time for me to speak up? If you're video conferencing with me, I'm likely to think you have nothing to say, so I'll just keep on going because I'm a total chatterbox. This comes as news to nobody. I know that. But we humans are really good at picking up on latency, even unconsciously, and this makes developing certain technologies a real challenge, such as really

good virtual reality. If you have noticeable latency with VR, it creates a sort of swimmy experience and it tends to lead to motion sickness, and while you might feel nauseated on some video calls. That's not really due to latency. Most times it's usually just due to the content of the call, But it's still difficult to have a natural

conversation if there's latency involved. Over on the website protocol, David Pierce wrote that when he asked about latency and communication, he found that a lag of just one hundred fifty milliseconds or point one five seconds, is long enough for us to pick up on it. So the service needed to deliver video and audio at a lower latency than point one five seconds. Combining these two goals created a

real engineering challenge. The team needed to come up with solutions that would work on multiple devices and not contribute to latency. Some services that cater to multiple platforms take a pretty straightforward route. The service will cater to whichever device or connection is the slowest. So this you could call the weakest link strategy. You deliver the experience at the fastest speed that the slowest connection can handle, and

everybody has to deal with that. But that means everyone and gets a pretty lousy experience, or at least not as good as what it could be. The team instead wanted to create an approach in which their service would be adaptable. It would be able to deliver an optimized

experience for each and every participant in a session. This would require a flexible approach in which the service could do things like downscale video quality or audio quality in order to stay synchronized with people on more capable devices and faster connections. It required a lot more programming on the back end for the service to identify what people

were using and how to best serve them. By the end of two thousand twelve, Yuan's group had a beta version of the Zoom service and it could host around a dozen or so people at once. It was only a hint of what the service would become, but it was a handy tool when meeting with potential investors. So for two years, Un and his team build out Zoom

and secure funding with rounds of investment. It must have been pretty challenging, since, as I mentioned earlier, there was already a host of video conferencing services using the internet back in those days, but he managed it. Yuan boared a lot of his own money into the venture himself.

CBS Insights reports that Yuan held an estimated eighteen point five percent steak in the company, so nearly twenty percent steak, and that was when it would go public just in two thousand nineteen, so the company wouldn't hold its Series A round of funding until two thousand thirteen when it would first launch. As part of this fundraising approach, Uan had investors used the Zoom product and he would hold

meetings in Zoom. He reportedly would only show up in person for the first time to make sure investors had access to the service and had signed up for it, and then he held all other meetings on the service itself. It's reported that over the course of five years he had fewer than ten work related trips, so averaging out to two work trips per year. Man I envy that schedule, But he was using this product that his company was

providing to hold virtual meetings instead. He was practicing what he was preaching, and it was an effective way to get buy in from investors and later on customers. In fact, there's a story that he would personally contact customers who were canceling subscription services and he would reach out to them himself. People thought there was an automated service, but no, it was actually Yuan himself. The founder of the company writing to them to say, hey, would you reconsider, which

is kind of a crazy level of dedication. He could only keep that up for so long, because, as it turns out, it would get pretty popular. See the product launched in two thousand thirteen and by the end of the first month had nearly half a million users, so keeping up with that many as a little tricky. By half a year, it was hitting a million users, and

growth just exploded from there. Was Zoom making strategic partnerships both to enhance the services features and to become the preferred video conferencing an online meeting solution for several companies. Skipping ahead to two thousand nine team that's when Zoom would hold its initial public offering and it became a publicly traded company. At the market's open, the price per

share of stock was thirty six dollars. By the end of the day, the price had climbed to a whopping sixty two dollars per share, And with Yuan's steak in the company, that would mean that his personal wealth would be pushed somewhere between two point nine and three point to billion dollars billion with a B. So yeah, that

I p o made him a billionaire. Now when we come back, I'll talk a little bit more about what actually makes Zoom tick in the background, and then we'll conclude with some stories about some trouble waters for Zoom. So let's talk a little about the tech that makes a service like Zoom possible. At the heart of this is the cloud infrastructure. And I've been doing this long enough to remember a time when cloud computing was a term that was just starting to make its way into

the mainstream. And typically you get pretty high level explanations for what cloud computing is, and they can range from their services that exist online, which that's not terribly helpful, or the stuff you are accessing, whether it's storage or a program or whatever, lives on someone else's computer, which is more accurate but not very satisfying. So let's talk about cloud computing, and we'll start with that second definition

we're gonna build on that. Cloud computing refers to a system in which a computer, or really a network of computers, sometimes a network of computers that can dynamically add more machines to support a service in times need. This network hosts something that remote users can access. Uh in the case of cloud storage. You're talking about a computer a network that serves as a kind of you know, file repository for users. People can access it through some online portal.

Cloud computing usually refers to systems in which applications themselves are running on a network of machines, and end users access those applications through some sort of client interface or portal. And it might be a dedicated app that exists on top of a desktop computer or a smartphone or something, or it might just be a web client that exists

in a special web page or whatever. The programs are running on this computer network, and usually it's designed for that purpose, and therefore it does a really good job, like a better job at running that application than a more general purpose computing machine would be able to do, you know, like a personal computer. The real beauty of cloud computing is that it shifts the burden of the work off the end users machine, whether that's a laptop, a desktop, a table computer, or a smartphone, and it

moves it to these dedicated computer systems or servers. Users don't have to upgrade their devices or by the latest and greatest computers in order to use these services, because

the hard work is really happening elsewhere. We say that the hard work is happening in the cloud, but really what we mean is that the work is going on in some data centers filled with servers, and a person with a state of the art system and a person using a smartphone could have a fairly comparable experience with the same cloud based service, assuming that both users also have a decent Internet connection, and the Internet connection can

become the new bottleneck with this model of computing. So a couple of decades ago, the limiting factor was the end users hardware, like was the machine that the end user had good enough to run the program. Well, that was where the concern was. These days now we tend to worry about the end users internet connection. Folks who have fiber connect ativity and high speeds tend to have a better experience than those who have tighter bandwidth restrictions.

In addition to being cloud based, Zoom can create and leverage peer to peer networks. This particular network strategy got a really bad rap abound a decade ago or so when some people were using peer to peer networks to pass around pirated copies of stuff like music and TV shows and movies and pretty much anything else that could be copied digitally, But the actual concept of a peer to peer network is agnostic towards anything that is shared

on top of that network. P two P structures are a legitimate way to distribute files or services to multiple users. So what is it? Well, basically, it's a decentralized network in which all the machines, which can be called peers or nodes join the network play a pivotal role within that network. This is in contrast with the traditional client server model and which numerous clients all connect to one

centralized server. These peers or nodes have special software running on them that allow them to connect to other nodes on that network, and they also share some portion of their own capabilities with the other nodes on the network. That might be storage, so you might have computers on the network storing files on behalf of other computers on the network, or it might be processing power or bandwidth, that kind of thing. So why does Zoom make use

of P twop networks? In some cases, the local P two P structure might work just as well to facilitate an online meeting as a Zoom server proxy. So in those cases, the computers that connect to the meeting make up this network and they share some resources, and Zooms cloud servers don't really have to do very much outside of initiating the meeting, keeping track of who is in there, and some other load demand basic tasks and the mainstream

tasks are offloaded onto the Zoom users computers. But in other cases, the Zoom server figures out that p TP network really isn't a viable option, and so it will shift all those online meeting functions to a more conventional

cloud server based approach. To determine which way it's gonna go, Zoom goes through a very technical process, but I can simplify it a little bit, and it does become important later on the host of the meeting launches the app and starts the meeting within it or within the web client or whatever. But the host chooses to start a meeting that sends a message to Zooms servers over t

c P or Transmission Control Protocol. This is one of the basic Internet standard communication protocols, and a protocol is essentially a set of rules or instructions. The Zoom server notifies the invitees to the meeting also through TCP, and that manifests itself to users as a message that's says, hey, your meeting is starting, you need to join it, and

it allows those users to join the meeting. The server then does a P two P check among the host and all the invitees of this meeting, and it evaluates the peered connections between these different computers. If that evaluation passes a threshold of acceptable performance, then the server says, all right, you guys are good to go. I'm going to hand over the streaming duties to this peer to peer network and I'll just keep an eye on what's

going on. But if it doesn't meet that threshold, then the Zoom server steps in and says, all right, we're gonna have a Zoom proxy server step in and handle all those duties because the peer to peer network wouldn't be able to do it otherwise. And the streaming is sent over a different protocol, not TCP. Instead, it's a protocol called User Data Gram Protocol or u d P. And now we need to talk about packets because this

is also important. So the NATE sure the Internet means the machines are popping on and off the Internet all the time, right, So if you think about the Internet as being this interconnected web of UH servers that allow information to pass from point A to point B. Some of those servers are coming online, some of them servers are going offline, which means you cannot predict which pathway is going to be reliable, right, So that makes communication

really tricky. It means that sometimes a pathway that existed at the beginning of a transfer may go offline in the middle of a transfer, So you need a backup plan if something goes wrong, and the protocols and packets are meant to deal with this. They are the style of backup plan. So packets are bundles of data. Rather than sending a file through the Internet entirely whole, computers will divide files up into more manageable packets or bundles.

And this is easy to under stand if you think about what could happen if you were to try and send a file and it's a huge file. Let's say it's like a two hour high resolution video file. Well, you're trying to send this from one machine to another. Now imagine that some server along that pathway goes offline in the middle of that transfer. Maybe you're halfway through sending this file. And that server goes offline, you'd be back at square one, because now you have a useless file.

You only got half of it to its destination. And it's even possible you wouldn't even know that something wrong had happened and that the file didn't go through, and that would be even worse than being at square one.

So instead, what computers do is they divide those big files into packets, and those packets have information in them about what file they belong to, where they're supposed to go, how they fit in with all the other packets, kind of like a puzzle, and they all go across the Internet, and they don't necessarily all take the same pathway from point A to point B. They may take very different pathways in order to get to point B. Information that's sent over t c P means that that that protocol,

that set of rules requires stuff like error correction, and it accounts for all packets in order to process a file on the other end, So it's a little slower, a little more painstaking, a little more concerned with precision and accuracy. It's really all about being confident that your file is getting to where it needs to go. Now, Someday I'm going to have to go through all the

various Internet protocols and explain what each one does. But the important thing to know in this case is that while TCP is a reliable means of delivering information over the Internet, u d P is faster. And this is because u d P does a weigh with some of those pesky error checking processes, and it doesn't worry about dropped data packets. In fact, according to Zoom, you could drop as much as the data packets and you would still get video and audio quality that would be decent.

So u DP gets stuff done fast, even if not everything goes as planned, if it's a little on the sloppy side, you could say, but stuff like streaming video, streaming audio, and streaming applications like gaming typically rely pretty heavily on u d P because of that speed. Now, some of you might be wondering why even bother talking about this, and the answer is because all of this is going to come back to play a part when I talk about Zoom and security and privacy issues later

on that right, there's what we call foreshadow. And now computer services in general, not just Zoom, also have to work with end devices to get permission to use certain peripherals, namely stuff like webcams and microphones. And because Zoom is a service that aims to be available on pretty much any platform, it means that the developers had to account for the various permissions the service would need to accommodate. Defining permissions is something that typically falls to the companies

that create operating systems. There are Android permissions, Windows permissions, iOS permissions, etcetera. And understanding what this means requires us to take a little step back and consider the dreaded layers of computing. You can think of layers as a way to envision the various operational components required for a computer to work. It's pretty clear that when you strip everything away, when you take everything away from the computer that is running on top of stuff. At its core,

computers are running on electricity that passes through circuits. This is a layer of hardware, and we can think of it as being concrete in the sense that it has a form, and that form doesn't change, at least not without you adding in or swapping out components. The hardware is like the concrete slab for a building. It's the layer on top of which everything else has to exist now.

In the olden days of programming, like the earliest computers, computer programmers would actually have to change the hardware layout of a machine every time they wanted to run a different operation. And I'm talking about physically unplugging cables from one part of the machine, plugging them into another part, or toggling switches, that kind of thing. In modern terms, this would be like requiring you to open up your computer or your smartphone and physically change the circuitry every

time you needed it to run a different operation. And keep in mind, I'm saying an operation, not a process. I mean some processes, like a like a program might consist of multiple operations. Fortunately, in the years since those early computers, some very smart people were able to develop additional layers to interface directly with the hardware that was at the foundation, but also allow programmers to run applications

higher up a level of abstraction. So these middle layers can send commands lower down so that the hardware can run the programs and and provide the sets that are needed, and the layers on top, the application layers let you do the stuff that you actually want to do with your computer. Permissions are part of this picture. Permissions are

part of operating systems. Developers build applications for various operating systems and they communicate with the OS through what's called an application programming interface or a p I. The a

p I sort of sets the rules for developers. The API defines how applications can call for the assets they need in order to run, kind of like the rules of how to requisition computer processing power and stuff, and it includes things not just like processing power, but also access to computer memory, to storage, and how the program

can tap into stuff like peripherals, including webcams and microphones. Typically, modern operating systems include a requirement in a p I s that will send an alert to an end user whenever an app wants to, at least for the first time, make use of stuff like microphones and cameras. This is meant to help protect security and privacy. Clearly, you wouldn't want some random program to be able to activate your

computer or smartphones camera without your permission. Once the user grants permission, the app can make use of those assets, and typically the app assumes permission continues for subsequent uses, which in turn can be a little problematic, but that's neither here nor there. The Zoom team developed apps for Windows based machines, Linux machines, Max, Android and iOS devices. In addition, Zoom has a web based client and that does not require users to download any sort of app

to their desktop or computer. They could access it straight through the web. However, the feature set on the web client is a bit threadbare when compared to the app versions, and it's not even the same across all browsers. For example, if you're in the web client version of Zoom and you want to share video, you better not be using

Internet Explorer because it doesn't have that capable ability. But let's be honest, you shouldn't be using Internet Explorer anyway, as that browser is essentially obsolete and all versions apart from the latest one, which I believe is Internet Explorer eleven, no longer even received support from Microsoft. If you wanted to share your computer's screen with a group, then you'd

best not be using Safari, as that browser lacks that function. Now, I'm not going to go through every feature and call out each browser, but i will say, according to Zoom itself, the browser with the greatest compatibility with Zoom's features is Google Chrome and I'm not gonna go through all the different features because this isn't an ad for Zoom. Suffice

it to say the app versions give more options. And when I come back, I'll talk about Zoom's revenue model and then get into some of the problems that the company has run into recently. But first let's take another quick break. Okay, so the basic Zoom service is free, but it has some limitations. In fact, Zoom falls into

a category of services typically called freemium. You get a base level of services without having to pay anything, but to gain access to more robust features, you have to subscribe. With a free account, you can have unlimited one on one meetings. If you hold a group meeting, you're limited to forty minutes or less. You can hold a meeting with up to one participants in it. And then you've

got three levels of paid membership. You've got the Pro level that's at fourteen dollars a month here in the US, that allows for longer meetings and more user features in general. But you've also got Business and Enterprise level memberships. Those offer larger capacity meetings and of course more features. Both of those are priced at nineteen dollars and nine cents per month here in the US, but the business level has a minimum requirement of ten hosts, so you multiply

that by ten. The enterprise level requires a minimum of one hundred hosts, and so you multiply that price by a hundred per month. There's also plans for mobile users. It's called Zoom Phone. There are more recent editions such as a conference room Zoom set up Zoom Rooms, that's what they're called. They're cloud storage add on so that you can record meeting proceedings for future reference. So it records everything involved in the meeting, the entire uh audio

and video, plus any notes that were shared. And there are other services as well, all based around these same concepts. Recent articles like the one I mentioned earlier by David Pierce that actually has the title Zoom Conquered Video Chat Now it has even bigger plans in the quote anyway, That article lays out that the long term strategy for Zoom is to create a full suite of services that empower companies to work in a more decentralized way, essentially

eliminating the need for a physical office space. Right now, millions of people have to do this out of necessity but Zoom is banking on this being more than just a temporary change and how we do things, and it will be more of a sign of how things will be in days to come. Perhaps the offices of the future will really be fully decentralized, with more and more people working from their homes. Zoom is building out the

services that are meant to meet that kind of future. Meanwhile, there's some other things I really want to talk about before I close out this episode, and one of those is that Zoom has become a sort of meme generator all by itself. For example, Zoom has a feature called virtual background, and that allows users to replace whatever is behind them, you know, like an office wall or something with an image or even a video. It works best

if the user has a green screen. I actually tried this with my setup at home, but I don't have a green screen, and I can tell you the results were horrifying because the wall color behind me and the color of my face are close enough that I got some weird video artifacts that will haunt me to the end of my days. But my favorite version of the virtual background was a guy who used the distracted boyfriend

meme as his Zoom background. Which mean, man, it looked like the distracted boyfriend was looking back at the zoom user. I thought that was pretty clever. But there's been a flood of creative backgrounds that have popped up due to more people using Zoom. Then there are the numerous examples of zoom meetings gone wrong. And I'm gonna be honest with you, guys, I can't watch these videos. I know about the woman who apparently didn't think about the fact that her camera was on while she went to the

restroom while also on a call. Um, haven't watched it, can't do it? Uh? They these these videos almost always feature one or more participants being caught in some sort of compromising way, and it's all because they were unaware of how zoom arked, or they weren't paying enough attention. And that's hard to live down. But then so many of these are making their way into compilations and YouTube videos and articles and stuff that they're going to live

on forever. And I guess it's a sign of my age because I grew up in a time where you could do something really dumb, but typically there wasn't a public, permanent record of the dumb thing you did. That the world could witness at any time, at least not in

most cases, so yikes. I've also seen clever stories about Zoom, such as a young student, an elementary school student, and she figured out how to fool her teacher into thinking she was paying attention by replacing her video feed with just a still picture of her sitting at her computer. And because her teacher was actually looking at a full classroom of participants, not just one student, it was easy to overlook that one of those students had not blinked

for like hours. And here I thought drawing eyeballs on your eyelids was brilliant so you could snooze in class. This young lady has definitely surpassed my clever ability to avoid schoolwork. But beyond the memes, there are more serious matters that we need to discuss, and some of that falls into the realm of privacy. For example, Zoom has a chat feature, and this allows users within a session to instant message one another. This is useful if you're

setting up the next speaker at a meeting. Let's say there's multiple people who are going to present, and you might have an administrator who is coordinating behind the scenes and chatting with people privately to prep prep them so that they're ready to be the next person to step forward and take on the microphone essentially, but it's also a useful feature if users want to talk some serious smack with one another privately during a Zoom session, such

as I don't know, critically evaluating their boss is attire when said bosses on camera. But beware Zoom users, you see, hosts can record Zoom sessions. I mentioned this earlier, and those recordings can either be sent to the cloud or they could be recorded locally on the host's own computer. So the air settings for the host to opt for whichever feature they want to use. And as part of this process, messages that are sent during the Zoom session

are saved within the meetings minutes. Now the host is recording to the cloud, only public messages are retained. No private messages will be included, But if the host is recording locally to their own machine, all messages public and private get saved. So those private messages where you are snarking on the boss might come back to haunt you. Now.

I gave a pretty tame version of what could happen, but you can imagine much worse outcomes, such as someone sharing stuff that the host shouldn't see due to corporate policies or whatever. Let's say it's a meeting with multiple division heads and one division head isn't supposed to see a specific report for whatever reason. That could be a real issue with this way that messages can ultimately be shared in meeting minutes, So this is something to be

aware of. In addition, Zoom's privacy policy raised some eyebrows once people really looked at those policies more closely, because, as I mentioned many times before on this show, most of us never bothered to read the darned things. We just scroll past and clicked the little box that says we read it, but we didn't really. Kato Flaherty of Forbes actually wrote about this a few times and has

some great articles on the subject. So, according to the previous policy, users would give Zoom permission to collect user info and potentially share it with third parties, you know, like advertisers. The privacy policy seemed to indicate that the data could even include stuff like the contents of meetings themselves, not just user data, but the content of user meetings. So not only would the typical information like your email

address or your name get put on a market. Potentially you could see more targeted data show up about your business or your interests, perhaps even stuff that you know shouldn't be shared outside a specific group because of corporate

security concerns. When asked to comment, Zoom reps said the company was not selling any user data, but experts were wary because the policy as written was giving Zoom an awful lot of permission to do stuff with that data going across its service, and while the company might not currently be pursuing any actions that would be questionable, it's looked like they had the permission to do it in

the future. The company has since revised its privacy policy in order to make things a little more transparent, but the concern was enough to get some folks in government interested in learning more about Zoom's practices, you know, kind of like how the US government got interested in Facebook, the bad kind of interest did. Zoom also has some nanny features that people might find irritating, such as an

attention tracking feature. This alerts the host of a meeting of a participant has clicked away from the meeting session for more than thirty seconds, So if that little student was actually using her computer to do other stuff, then her teacher might notice. Even if it looks like the young lady is staring into the camera, she's really you know, playing a game or or watching a video or something that could end up giving the whole gigaway. And then

there's zoom bombing. Zoom Bombing also has made the news, and as the name suggests, this describes the practice of an uninvited attendee or someone at a public Zoom meeting essentially taking it over, being disruptive, making sure that the meeting can't actually continue as planned. Sharing a Zoom meeting link publicly tends to be the main way that the uninvited find their way into a meeting, which makes some sense, and some features on Zoom make it way easier for

people to really be disruptive. For example, there is a join before host option, which allows guests to join into a meeting session before the host has actually started the meeting. That's not a great one to have on and you should probably turn it off. Uh Disabling the ability for anyone but the host to screen share is a good idea.

There have been stories about people who jumped into a Zoom meeting turned on screen sharing because the host had not enabled it just for themselves and then shared incredibly offensive material into a public meeting. So that's a good

one to check off. Another one is disabling the option that allows removed participants to rejoin, because if that option is clicked on, then if you boot someone that could just bounce right back in, and then you're just constantly booting them, So turning that option off is also important.

And of course a host can choose to set up private meetings and not do a public meeting at all, and thus require every single participant to include a password and then distribute that password in a way that's more responsible, so people can't just join that meeting willy nilly. But

that's not ideal for every situation. A lot of people want to hold public meetings for various reasons, so it's not always a practical solution, but it is definitely one you want to use if you are wanting to hold a private meeting, you don't want to switch that over to public and then invite this kind of mischief. One other vulnerability I do want to mention was covered in a medium post by David Wells. This one was titled

remotely hijacking Zoom clients. And this goes back to the t c P and U d P stuff I mentioned earlier and said it was going to come back into play. So Zoom uses TCP for important stuff like verifying hosts and things and bringing in commands and stuff. Remember t c P is the more methodical one, the more secure and reliable approach to sending data. It uses u DP for streaming video and audio because u DP is fast,

but the trade off is it's not as reliable. But Wells found out that the Zoom service doesn't necessarily discriminate between commands that were sent over U d P versus TCP. So while a t CP command would have a verification that it came from a reliable source, a u d P command would not, and the service was interpreting both

equally with equal importance. So a hacker who knows about this vulnerability could potentially hijack a Zoom session by sending commands over u DP to hand over desktop control to the hacker. And it gets super technical, and it's not the type of thing that the average Zoom user is going to do. And more to the point, Zoom has it's patched this vulnerability, so the whole thing is moot

now anyway. But it wouldn't surprise me that now, with Zoom taking an even more prominent place in the wake of physical isolation, that we're going to hear about other exploits. Hopefully we'll hear about it from the good guys, and only after the vulnerabilities have been patched, and not as a result of bad guys discovering it and taking advantage of them. In the end, Zoom is popular because it's affordable,

it's versatile, and it performs its basic functions well. There are numerous concerns, many of which I would argue are extremely valid, about this service, so it's good to do your research, and what the company does in response to all this scrutiny will no doubt determine its future course. I hope the decisions lead to greater transparency, better privacy protection,

better security. That's what I want to see, because I think it does have a lot of great use, but it needs to be designed in such a way that people can't turn it to bad purposes, or that the company itself can't exploit user information. Those are very important things that need to happen well, that wraps up this episode of text Stuff. If you guys have things to suggest, then I highly recommend you do what these Twitter users did. They reached out to me on Twitter. You can also

reach out to me on Facebook. The handle for both of those is text Stuff HSW. So send me ideas of what you would like me to cover in future episodes. I've got a little list growing right now, but I'd always like more submissions, and I'll talk to you again really soon. Text Stuff is an I Heart Radio production. For more podcasts from my Heart Radio, visit the i Heart Radio app, Apple Podcasts, or wherever you listen to your favorite shows.