Zoom Will Only Offer End-To-End Encryption to Paid Users

A Zoom video call with four people.
Zoom

When you’re on a Zoom video conference all, your data isn’t end-to-end (e2e) encrypted. While Zoom does encrypt the calls, it does so using the same technology as your browser, and the company can decrypt your call at-will. Zoom previously promised to move to e2e encryption, but now the company says it will only do so for paying users.

The difference between e2e encryption and Zoom’s current encryption is pretty stark. With e2e encryption, the company facilitating the call doesn’t have access to your data. Instead, that protection runs from user to user. But Zoom’s use of TLS encryption is similar to what you get with a protected site like Gmail or Twitter, and the company has full access to your data.

When the Intercept first pointed this out, the news spread like wildfire, and Zoom quickly promises to shift to e2e encryption. But now, on an earnings call Zoom’s CEO, Eric Yuan told analysts that only paid users would enjoy that protection. As reported by Bloomberg technology reporter, Nico Grant in a tweet, the CEO stated:

Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose.

The implication is, bad actors could use Zoom for terrible or illegal purposes, and by not encrypting free users, Zoom can partner with the FBI to track them down. However, Yuan didn’t address the fact that nothing stops those bad actors from merely paying for the service and gaining access to e2e encryption.

Alex Stamos, a security consultant for Zoom, tried to clarify the company positions in a Twitter thread, along with a defense for the company’s use of AES encryption for free users.

But it didn’t take long for security researchers to come in force against Stamos’s reasoning, and understandably so, since Stamos didn’t address several concerns with Zoom’s choice.

In comparison, Facebook protects its Messenger program with e2e encryption yet still incorporates a built-in abuse report mechanism. Given that fact, it seems Zoom could do more to protect its free users while also preventing its video chat software from being used for malicious means.

via TechCrunch

Josh Hendrickson Josh Hendrickson
Josh Hendrickson has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smarthome enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »

The above article may contain affiliate links, which help support Review Geek.


Our Readers' Favorite Products This Week





















Show More