Zoom is giving paid users more control over where their calls are routed, after it got slammed for 'mistakenly' using data centers in China

Eric Yuan

Carlo Allegri/AP

  • Zoom recently admitted that some video calls via its app were "mistakenly" routed through China, even for users outside the country.
  • Now Zoom has announced an update coming April 18, that will give paid users control over which data center regions their meetings will be routed through.
  • As for those who don't pay for Zoom, the company says that "data of free users outside of China will never be routed through China."
  • Zoom CEO Eric Yuan has said that the mistake was made because the company was scrambling to keep pace with its heightened demand, and didn't follow its usual "best practices" in enforcing its policies around how calls get routed.
  • In an interview with Business Insider on Friday, before the update was announced, Yuan said the company wants to prevent this type of mistake from ever happening again.
  • Visit Business Insider's homepage for more stories.

Zoom recently admitted that some users "mistakenly" had their calls routed through data centers in China, even if they were outside the country, sparking privacy and security concerns. While the company quickly issued a fix, it added to the privacy and security issues that have plagued the video conferencing company in recent weeks.

Starting April 18, paid Zoom users will be able to have control over which data centers are used to route their calls, while free users outside of China will never have their calls routed through the country, the company said in a blog post on Monday. Advertisement

When the issue became known a little over a week ago, Zoom CEO Eric Yuan said the problem stemmed from how it quickly added server capacity to support its huge influx of new users. It had 200 million daily active users, free and paid, at the end of March - a huge leap from the 10 million it had at the end of December, as more people rely on Zoom to stay in touch during the coronavirus crisis.

Yuan said Zoom first added servers in China, where the outbreak began. Zoom lifted the 40 minute time limit on Zoom's free product for users in China. "In that process, we failed to fully implement our usual geo-fencing best practices. As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect," Yuan said in a blog post on April 3.

With the update, users will know which region their meeting data is routed through. Free users won't be able to choose to switch locations; they will by default be assigned to the region they're based in. Paid users can opt in or out of regions, except their default region. Zoom's data centers are grouped by these regions: the United States, Canada, Europe, India, Australia, China, Latin America, and Japan/Hong Kong.
Advertisement

"For the majority of our free users, this is the United States. Data of free users outside of China will never be routed through China," Zoom explained.

In an interview with Business Insider on Friday, before the update was announced, CEO Eric Yuan said the important thing here is that Zoom has all the data about who participates in calls and where those calls are routed. Even so, the company wants to prevent this type of mistake from ever happening again, he said."It's very rare, random. We also have all the data, so which meeting, which participants...so we take a big step back, we already remove those servers but also want to make sure what we can do to make sure this kind of thing never, never, ever happen again," Yuan told Business Insider on Friday. Advertisement

Those servers Yuan referred to are "HTTPS tunneling servers in China" which Zoom removed on April 3 "to prevent any inadvertent connection through China," the blog post said.

Yuan will elaborate on this data routing update in his weekly webinar on Wednesday, which is part of his 90-day commitment to fixing the privacy and security of Zoom's platform before it ships new features or significant updates.

Got a tip? Contact this reporter via email at pzaveri@businessinsider.com or Signal at 925-364-4258. (PR pitches by email only, please.) You can also contact Business Insider securely via SecureDrop.Advertisement

{{}}