Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Zoom meetings are actually not end-to-end encrypted

By Cookie Monster - on 1 Apr 2020, 12:00am

Zoom meetings are actually not end-to-end encrypted

Video conferencing app Zoom is coming under fire for its misleading marketing on end-to-end encryption. 

The Intercept reports that Zoom is using its own definition of "end-to-end encryption" on its website and marketing materials. It is actually using transport encryption, where the connection between the Zoom app running on consumers' devices and Zoom's server is encrypted. Below is a response from a Zoom's spokesperson on the question whether video meetings are actually end-to-end encrypted:

“Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients. “The content is not decrypted as it transfers across the Zoom cloud” through the networking between these machines.

Zoom is actually using TLS, the same technology that web servers use to secure HTTPS websites. The video and audio content will stay private from anyone who try to intercept the connection, but it won't stay private from Zoom.

True end-to-end encryption means that only participants in the meeting have the ability to decrypt the content. A service provider who supports true end-to-end encryption only helps to send encrypted data between users, but does not possess the encryption keys to decrypt and access the data. In response to The Intercept's report, the Zoom's spokesperson provided the following statements:

“Zoom takes its users’ privacy extremely seriously. Zoom only collects data from individuals using the Zoom platform as needed to provide the service and ensure it is delivered as effectively as possible. Zoom must collect basic technical information like users’ IP address, OS details and device details in order for the service to function properly.

Zoom has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including — but not limited to — the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.”

Source: The Intercept