Hello and welcome back to Startups Weekly, a weekend newsletter that dives into the week’s noteworthy startups and venture capital news. Before I jump into today’s topic, let’s catch up a bit. Last week, I noted the big uptick in VC spending in 2019. Before that, I struggled to understand WeWork’s growth trajectory.
Anyways, onto today’s topic. Venture capitalist’s favorite company, Zoom, endured its first high-profile scandal this week.
After security researcher Jonathan Leitschuh published a Medium post detailing a major security vulnerability within Zoom’s technology platform, the company patched its Mac video conferencing client to remove a rogue web server that allowed any website to join a video call without permission. Users can now update their client or download the new version from Zoom’s website. Apple has also pushed a silent update for Mac users removing the vulnerable component, a move meant to protect users both past and present from the undocumented web server vulnerability without affecting or hindering the functionality of the Zoom app itself.
Zoom only made the call to remove the insecure web server after intense pushback. I’m not here to share my own opinions on Zoom’s security or lack thereof, what I’d like to point out is the company’s poor reaction to the PR nightmare. Yes, Zoom ultimately provided a fix, but initially, it failed to solve the underlying issue.
Zoom’s major hiccup comes shortly after users and onlookers attacked the exclusive email service Superhuman. Superhuman tracks email you send and receive and gives you tools to help manage it. They do this on your behalf, but without the permission of the recipient of your emails.
Superhuman was much faster than Zoom to offer an official response amid complaints. Just a couple of days after a blog post outlining security flaws within the service went viral, Superman announced it was going to remove location logging altogether, get rid of all existing location data, turn off read receipts by default and make them an opt-in feature for users. This is all nice and good and definitely shifted attention away from the key issue: Pixel-tracking (embedding the commonly used advertising tool of a “pixel” in emails to report back to senders info like whether an email’s been opened or not). Superhuman still has the exact same pixel-tracking capabilities, what’s changed is that users just need to turn on the feature.