Morioh
Login
Destiny Volkman

Destiny Volkman

3 years ago

Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE) next week.

Zoom has faced various controversies around its encryption policies over the past year, including several lawsuits alleging that the company falsely told users that it offers full encryption. Then, the platform came under fire in May when it announced that it would indeed offer E2EE — but to paid users only. The company later backtracked after backlash from privacy advocates, who argued that security measures should be available to all. Zoom will now offer the feature to free/”Basic” users.

The first phase of the E2EE rollout aims to solicit feedback when it comes to its policies. Users will be able to weigh in during the first 30 days. Of note, users will need to turn on the feature manually (see below for details).

“We’re pleased to roll out Phase 1 of 4 of our E2EE offering, which provides robust protections to help prevent the interception of decryption keys that could be used to monitor meeting content,” said Max Krohn, head of security engineering with Zoom, in a Wednesday post.

End-To-End Encryption Errors

The topic of encryption is critical for Zoom as it ramps up its security and privacy measures – particularly after various security flaws and privacy issues exposed weaknesses in the online meeting platform, as its user base spiked during the coronavirus pandemic.

Zoom previously said that it offered E2EE, but that marketing claim came into question after a March report from The Intercept said that Zoom’s platform actually uses transport layer security (TLS) encryption, providing only encryption between individual users and service providers, instead of directly between the users of a system.

While “encryption” means that in-transit messages are encrypted, true E2EE occurs when the message is encrypted at the source user’s device, stays encrypted while its routed through servers, and then is decrypted only at the destination user’s device.

On the heels of this backlash, Zoom in May acquired a small startup called Keybase, with the aim of providing more robust encryption for Zoom calls.

In the case of next week’s rollout, Zoom’s E2EE offering will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers).

#cloud security #vulnerabilities #web security #coronavirus #covid-19 #e2ee #encryption #end to end encryption #pandemic #remote work #security #transport layer security encryption #video conferencing security #zoom #zoom meeting #zoom-bombing

Zoom Rolls Out End-to-End Encryption After Setbacks

threatpost.com

Zoom Rolls Out End-to-End Encryption After Setbacks

After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Then, the platform came under fire in May when it announced that it would indeed offer E2EE — but to paid users only.

1.20 GEEK