- Zoom will soon let paid customers to choose which data centres their calls are routed from.
- The announcement comes days after Zoom was found routing North American calls to Chinese data centres.
- Zoom also issued an apology and announced 90-day feature freeze.
Zoom has announced that it will start allowing its paid customers to choose the data centre region their calls should be routed through. Starting April 18, Zoom customers who are on a paid tier opt-in or opt-out of a data centre region of their choice for "real-time meeting traffic." The announcement follows the recent discovery by the security researchers at Citizen Lab wherein Zoom was found routing some calls from North America through the China servers. Later, Zoom admitted that some calls were sent to the data centres in China.
In a blog post, Zoom said either a paid user opt-in or opt-out of "specific data centre regions", which means that the paying customer will not be able to change the choice later and their default region will be locked. "The default region is the region where a customer's account is provisioned. For the majority of our customers, this is the United States," said Zoom. Zoom's data centres are located in the major regions, including the US, Canada, Europe, India, Australia, China, Latin America, and Japan/Hong Kong.
For a majority of users who are on the free tier, Zoom will lock the United States region as the default. The data of Zoom non-paying users outside of China "will never be routed through China." Similarly, the users in China also need to opt-in for the China data centre latest by April 25, or else their account "will not be able to connect to our mainland China data centre for data transit."
Earlier this month, the researchers at the University of Toronto's Citizen Lab claimed in a report that Zoom had been generating encryption keys for some calls that were made in North America but routed through the Chinese data centres. In the absence of E2E (end-to-end) encryption on video calls, Zoom could be asked by the Chinese government to hand over the encryption keys for undisclosed purposes. Zoom later admitted and explained that in the cases of a surge in call traffic, Zoom connectors offload some calls to the nearest data centre with the maximum available capacity.
Zoom CEO Eric Yuan said, "we failed to fully implement our usual geofencing best practices" while adding data centres to meet the surging traffic generated by video calls. In his apology, Yuan also mentioned the issue has been "corrected". Later, Zoom announced a 90-day freeze on feature updates and using that window to focus on the privacy and security of the app. There has been a myriad of controversies involving Zoom's dubious privacy and security norms, impacting users at large, in several ways that include what is called "zoom-bombing". Even the FBI has cautioned Zoom users against the increasing cases of "zoom-bombing" and said there will be legal implications for its practice.