Zoom’s paying customers can now blacklist data centres, after privacy concerns raised

Zoom’s paying customers can now blacklist data centres, after privacy concerns raised

Zoom is now allowing its paying customers to select which data centres they want to route their calls through, after some users complained about participants receiving encryption keys from China, despite not being located in the region. 

Users will be able to choose from numerous regions, with Zoom having colocation data centres in the United States, Canada, Europe, India, Australia, China, Latin America, and Japan/Hong Kong. The company says that customers won’t be able to opt-out of their default regions, however, which are based on where the user is based. 

The ability to blacklist and whitelist certain regions comes as some companies have criticised the video conferencing software for its lax security. One company noticed that participants to its video calls were given encryption keys from China, which due to local laws could have been given to the local government. That’s despite none of the participants being located in the Middle Kingdom. 

At the time, Citizen Lab, a research group within the University of Toronto, noted, “A company primarily catering to North American clients that sometimes distributes encryption keys through servers in China is potentially concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China.”

The company concedes that in this case users shouldn’t have received keys from China, blaming the issue on its recent rapid growth. 

"Zoom's systems are designed to maintain geo-fencing around China for both primary and secondary data centres - ensuring that users outside of China do not have their meeting data routed through Zoom's mainland China data centres (which consist of infrastructure in a facility owned by Telstra, a leading Australian communications provider, as well as Amazon Web Services)," Zoom CEO Eric Yuan said.

"In February, Zoom rapidly added capacity to our Chinese region to handle a massive increase in demand.

"In our haste, we mistakenly added our two Chinese data centers to a lengthy whitelist of backup bridges, potentially enabling non-Chinese clients to -- under extremely limited circumstances - connect to them (namely when the primary non-Chinese servers were unavailable)."

While the ability to whitelist and blacklist servers will be a useful feature for Zoom users, the company has also said that in future not a single connection outside of Mainland China should route through the region. The company hopes that will settle customers who are worried about the service’s security. 

Zoom has already been banned by many organisations around the world, including the US Senate and Google, but the company is working hard to improve the security of its product. Earlier this month it announced a complete freeze on new features while it concentrated on beefing up security.