clock menu more-arrow no yes

Zoom tries to buy its way out of its security problems

The videoconferencing service has acquired Keybase to beef up its encryption offerings.

A woman looks at Zoom on a laptop.
Zoom now boasts 300 million daily meeting participants, after seeing a surge in popularity in the pandemic.
Maja Hitij/Getty Images
Open Sourced logo

Zoom has bought Keybase, a small New York-based startup that offers various encryption products. This is Zoom’s first major acquisition in a campaign to reverse the company’s many security woes. Zoom did not disclose the terms of the deal, but it could be a bargain if it gets Zoom out of trouble.

You might know Zoom as the once-enterprise-focused video chat service that emerged as a hero in the early days of the coronavirus pandemic. Then, seemingly overnight, a spate of “Zoombombings” and privacy debacles cast it as a sort of villain, and just as quickly, tech giants like Facebook and Google swept in to swallow up Zoom’s customer base with their own competing products.

The Keybase acquisition seems like a good next move for Zoom. The acquisition comes just over a month after Zoom was widely criticized following an Intercept report that revealed that its end-to-end encryption claims weren’t exactly true. While text chats within video meetings were encrypted, the video chats themselves were not. Zoom now intends to fix that with Keybase’s technology.

The company has scrambled lately to fix this and a number of other problems. After Zoom became one of the most popular apps in the world — it currently boasts 300 million meeting participants a day — the company was also beset by numerous reports over its substandard or lax security measures. Children being “Zoombombed” by Nazi imagery and porn in their own virtual classrooms is not a good look. By the end of March, New York Attorney General Letitia James announced an investigation into the platform’s privacy practices and a few class action lawsuits followed.

So Zoom brought on former Facebook chief security officer Alex Stamos as a security adviser, announced a 90-day plan to shore up its security practices, and has rolled out multiple improvements. In the meantime, Facebook announced Messenger Rooms, and Google has expanded its Meet video chat service. Both companies stressed that the security of their products can be trusted, but with its Keybase acquisition, Zoom will have a few more security credentials to brag about, too. The same day Zoom announced its Keybase acquisition, the New York attorney general’s office announced it had reached an agreement with Zoom, and that the company would institute multiple security measures, privacy controls, and enforce anti-abuse policies to avoid further legal action.

If you were a fan of Keybase’s encrypted messaging and file-sharing services, by the way, the future may not be so bright. Keybase’s immediate plans do not appear to include anything but Zoom.

“Initially, our single top priority is helping to make Zoom even more secure,” Keybase said in a statement. “There are no specific plans for the Keybase app yet. Ultimately Keybase’s future is in Zoom’s hands, and we’ll see where that takes us.”

This might be especially galling to Keybase’s users, who are typically security-savvy — that’s why you’d use Keybase in the first place — and whose information is now likely owned by Zoom, as is standard with company acquisitions and spelled out in Keybase’s privacy policy.

The Zoom encryption service, whenever it becomes available, will only be offered to paying customers, Zoom said. So if you want your virtual happy hours with friends to be end-to-end encrypted, not to be accessed even by Zoom or law enforcement, you’ll have to pay for the privilege.

Update, May 7, 2020, 3:20 pm: Added new information about the New York Attorney General’s investigation.

Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.