Zoom finally gets full encryption on all devices after months of criticism
Zoom has announced that its end-to-end encrypted communications have arrived for Macs, PCs, iPhones, iPads, and Android devices.
Both free and paid users are now able to keep their conversations more secure in rooms of up to 200 participants.
End-to-end encryption (E2EE) works via two digital keys, one public, one private. The public key can be shared by anyone, while the private key is kept by the user.
The public key encrypts the message – or video call – while the private key encrypts it when it is received.
This means the servers and companies facilitating the conversation, whether that’s through chatting apps like WhatsApp or Signal or video calling software like Zoom, are unable to monitor what is being said.
While Zoom’s new security feature will be coming to most devices – its iOS app is currently pending Apple App Store approval – it will not secure its web client or third-party apps.
“In typical meetings, Zoom’s cloud meeting server generates encryption keys for every meeting and distributes them to meeting participants using Zoom clients as they join”, Zoom said in its announcement.
“With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.
“Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key.”
Account administrators are able to turn on end-to-end encryption in their web dashboard at the account, group, and user level.
Zoom previously did not feature end-to-end encryption after CEO Eric Yuan said that it would interfere with law enforcement accessing its calls.
It had also shut down the account of a Tiananmen Square activist, who had a paid account, at the behest of the Chinese government. The account was later reinstated.
That led to a flurry of criticism from activists and privacy groups who argued that the app was unnecessarily endangering conversations.
Following petitions, Zoom said it would add end-to-end encryption, and purchased encrypted messaging platform Keybase to built the security feature into its platform.
However, a recent report from Buzzfeed suggests that Zoom shut down a series of video events discussing the company’s “censorship”, following Zoom, YouTube, and Facebook stopping the talk of hijacker and member of the Popular Front for the Liberation of Palestine (PFLP) Leila Khaled at San Francisco State University.
“Zoom is committed to supporting the open exchange of ideas and conversations and does not have any policy preventing users from criticizing Zoom,” a company spokesperson told Buzzfeed.
“Zoom does not monitor events and will only take action if we receive reports about possible violations of our Terms of Service, Acceptable Use Policy, and Community Standards.
"Similar to the event held by San Francisco State University, we determined that this event was in violation of one or more of these policies and let the host know that they were not permitted to use Zoom for this particular event.”
Read more
WhatsApp update brings new feature that could see it rival Zoom
