After backlash over false marketing around its encryption policies, Zoom will finally roll out end-to-end encryption next week. Then, the platform came under fire in May when it announced that it would indeed offer E2EE — but to paid users only.
Video-conferencing giant Zoom is rolling out a technical preview of its end-to-end encryption (E2EE) next week.
Zoom has faced various controversies around its encryption policies over the past year, including several lawsuits alleging that the company falsely told users that it offers full encryption. Then, the platform came under fire in May when it announced that it would indeed offer E2EE — but to paid users only. The company later backtracked after backlash from privacy advocates, who argued that security measures should be available to all. Zoom will now offer the feature to free/”Basic” users.
The first phase of the E2EE rollout aims to solicit feedback when it comes to its policies. Users will be able to weigh in during the first 30 days. Of note, users will need to turn on the feature manually (see below for details).
“We’re pleased to roll out Phase 1 of 4 of our E2EE offering, which provides robust protections to help prevent the interception of decryption keys that could be used to monitor meeting content,” said Max Krohn, head of security engineering with Zoom, in a Wednesday post.
The topic of encryption is critical for Zoom as it ramps up its security and privacy measures – particularly after various security flaws and privacy issues exposed weaknesses in the online meeting platform, as its user base spiked during the coronavirus pandemic.
Zoom previously said that it offered E2EE, but that marketing claim came into question after a March report from The Intercept said that Zoom’s platform actually uses transport layer security (TLS) encryption, providing only encryption between individual users and service providers, instead of directly between the users of a system.
While “encryption” means that in-transit messages are encrypted, true E2EE occurs when the message is encrypted at the source user’s device, stays encrypted while its routed through servers, and then is decrypted only at the destination user’s device.
On the heels of this backlash, Zoom in May acquired a small startup called Keybase, with the aim of providing more robust encryption for Zoom calls.
In the case of next week’s rollout, Zoom’s E2EE offering will use public-key cryptography, meaning that the keys for each Zoom meeting are generated by participants’ machines (as opposed to Zoom’s servers).
cloud security vulnerabilities web security coronavirus covid-19 e2ee encryption end to end encryption pandemic remote work security transport layer security encryption video conferencing security zoom zoom meeting zoom-bombing
Privacy commissioners worldwide urged video conferencing systems like Microsoft, Cisco and Zoom to adopt end-to-end encryption, two-factor authentication and other security measures.
If you weren’t familiar with web conferencing platforms before the pandemic, I bet you know all about them now. Web Conferencing Boom: COVID-19’s Effect on the Video Call Market
Cyberattacks have caused several school systems to delay students' first day back – and experts warn that new COVID-related delays could be the new "snow days."
Threatpost editors break down the top themes, speakers and sessions to look out for this year at Black Hat 2020 – from election security to remote work and the pandemic.
Gear from Secomea, Moxa and HMS Networks are affected by remote code-execution flaws, researchers warn.