Update 1 (6/17/20 @ 1:55 PM ET): Zoom will be bringing end-to-end encryption to free users in July

It's no secret that Zoom is having its moment in the spotlight. While the COVID-19 pandemic has been hard on countless companies, video calling apps have seen an influx of users. In a few short months, Zoom has become nearly synonymous with video calling. All of this attention has not come without its fair share of scrutiny, though. Zoom has been heavily criticized for its security practices, and now the company has confirmed that free users won't get end-to-end encryption for video calls.

Last week, it was reported that Zoom will be adding stronger encryption to video calls for paid customers only. Today, Zoom CEO Eric Yuan confirmed this report, and security consultant Alex Stamos is explaining the company's position. In short, Zoom wants to be able to stop abuse and prevent harm from people who "use Zoom for bad purpose[s].”

Yaun said Zoom wants to be able to "work it together with FBI and local law enforcement," which was a controversial statement. Stamos, however, says Yaun's statement was not clear and he went on to further explain the company's decision. He says Zoom is facing a "difficult balancing act" of trying to improve privacy while also “reducing the human impact of the abuse of its product.”

Currently, Zoom's Trust and Safety team can enter a meeting visibly and report it if it's abusive. End-to-end encryption would prevent Zoom employees from being able to do that. There would not be a backdoor to allow it, either, as that would defeat the entire purpose of E2E encryption. Stamos also talks about how a large portion of meetings use features that are incompatible with end-to-end encryption.

The current system is to offer end-to-end encryption to business and enterprise users, but there is one important distinction. Organizations that are on business plans but aren't paying, such as schools, will also get end-to-end encryption for video calls. Stamos adds that this stance won't eliminate abuse, but it will reduce harm. Zoom has not given a release date for the new encryption features.

Via: Engadget


Update: Free Users in July

Zoom is flipping on its announcement from earlier this month that free users would not get end-to-end encryption. Users will be able to enable end-to-end encryption with a beta next month and it won't be limited to paid enterprise. The company caught a lot of flak for the reasoning behind keeping end-to-end encryption from free users, so it's nice to see it change course.

One of the problems Zoom mentioned was not being able to verify the identity of some free users. The workaround they are using now will ask users who want to enable end-to-end encryption to participate in a one-time process to verify their identity, such as a phone number. Zoom will be using AES 256 GCM transport encryption as its default.

The beta is launching in July and users can enable E2EE with a simple toggle in the settings.

Source: Zoom | Via: The Verge