This article supports my previous suspicions about the ZOOM application security and privacy issues – turns out its’ worse than before!!
Video meetings on the popular platform don’t seem to offer end-to-end encryption as advertised.
01 April, 2020
Despite claims, Zoom’s video and audio meetings don’t support end-to-end encryption, according to a recent report from The Intercept.
End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it’s decipherable only to the sender and receiver.
Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
Zoom, the video conferencing platform, has become wildly popular as millions of people have switched to remote work during the COVID-19 pandemic. The platform offers high-quality streaming, an easy-to-use interface, and end-to-end encryption (E2E), which scrambles data so that it’s decipherable only to the sender and receiver. In theory, end-to-end encryption would prevent the government, internet providers, and even Zoom itself from eavesdropping on users’ meetings.
But a new report from The Intercept shows that Zoom’s audio and video meetings don’t seem to actually support end-to-end encryption, at least as that term is commonly defined.
“Currently, it is not possible to enable E2E encryption for Zoom video meetings,” a Zoom spokesperson told The Intercept. “Zoom video meetings use a combination of TCP [Transmission Control Protocol] and UDP [User Datagram Protocol]. TCP connections are made using TLS [Transport Layer Security] and UDP connections are encrypted with AES [Advanced Encryption Standard] using a key negotiated over a TLS connection.”
In other words, Zoom does encrypt video meetings, but it does so through transport encryption. This means Zoom has the ability to access users’ private meetings. One concern among privacy advocates is that the government could someday compel Zoom to hand over recordings of users’ meetings, which were advertised as being encrypted end to end…