Zoom app on phone and screen

Zoom Introduces End-to-end Encryption for All Accounts

Last edited: July 1, 2020
Reading time: 2 minutes, 51 seconds

There’s good news for Zoom users. Initially, Zoom announced that they would be rolling out end-to-end encryption for payed accounts only. The company didn’t think they could offer that feature to free users because then people might use the platform for unlawful activity. This decision was criticized and the company has now found a way to make it happen for all users anyway. They announced this in a blog earlier today.

End-to-end Encryption

End-to-end encryption ensures a secure data transfer without governments or security agencies being able to intercept any of that data. Only the person who sends the message and the person receiving it can read its contents. Communication apps such as WhatsApp, Signal, and Wickr use it to ensure the privacy of their users. If a security service would ask these companies to hand over certain communications they couldn’t. The companies don’t have to decryption key to decrypt the messages.

Zoom will launch a beta version of their platform that will offer end-to-end encryption in July. This will be available for both paid and free accounts. Initially, the company stated that they weren’t sure they could offer this extra layer of protection to everyone using the platform. So there were rumors that only paid accounts would get this extra security.

The reason behind this was quite clear. Zoom wanted to avoid enabling misuse of the platform. If they offer end-to-end encryption to everyone, it might be used for illegal activities. They could use the platform for hate speech, discrimination, the spread of copyrighted material, or even child sex abuse. So if only registered accounts can use the extra layer of security these activities are less likely to take place.

Avoiding Misuse

Zoom started conversations with civil rights movements, activists, child protection services, governments, and security experts as soon as the upcoming end-to-end encryption was announced. The company has also taken comments from the community into account. The blog describes that a balance was found between security and safety. That is why everyone will be able to enjoy end-to-end encryption.

Users with a free account will have to provide additional information to use this protection. They will have to register their phone number and verify it in a text message. Zoom says that this extra step is necessary to prevent a rise of fake accounts. Eric S. Yuan, Zoom’s CEO, writes in the blog that the company is “confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse”.

Improvements

Zoom has faced a lot of criticism in the previous months, because the company has had issues concerning security and it couldn’t guarantee privacy for its users. Since then, Zoom has been working to solve these issues. The platform launched Zoom 5.0, which included several new security features, at the end of April. These features included AES 256-bit GCM encryption. And every user has to set a password for their meeting since the beginning of May.

At the end of last month Zoom removed the option to send gifs through the Giphy platform. This coincided with the announcement that Facebook bought Giphy, so Zoom might have wanted to make sure that Facebook couldn’t get its hands on its users’ information somehow. All these measures were taken by Zoom to ensure the privacy of the platform’s users.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of VPNoverview.com. Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.

More articles from the ‘News’ section

Comments
Leave a comment
Leave a comment