On its website and security white paper, Zoom claims users are able to conduct meetings with “end-to-end encryption”. But it turns out this may not be completely true, at least not in the way you’d think.
The Intercept recently reached out to Zoom and asked whether its meetings are end-to-end encrypted. In response, a spokesperson for the American firm said: “Currently, it is not possible to enable E2E encryption for Zoom video meetings.
“Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”
Essentially, Zoom uses TLS encryption for its video conferences, meaning data is only available to the user and Zoom itself. That’s not a completely foreign way of doing things – both Facebook and Gmail work in a similar manner.
When questioned on why the firm uses the words “end-to-end encryption” on its website and in its security white paper, the spokesperson said that is used to reference the end point of the user and Zoom.
The Zoom spokesperson continued: “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.”
Of course, this isn’t exactly what end-to-end encryption means. As fans of iMessage and WhatsApp might already know, true end-to-end encryption is when only the end user or users are able to access the data in question. That means if you’re sending texts to your friends on iMessage, not even Apple is able to see the exact conversations in any level of detail.
Naturally, the wording from Zoom on its website and white paper can be seen as misleading, given its response to The Intercept. That said, Zoom has iterated that it takes user privacy “extremely seriously” and only collects essential data to improve the service, such as IP addresses.
Zoom denies that it is misleading any of its users with the wording on its website and security white paper.
In a statement to The Intercept, the American firm said: “Zoom takes its users’ privacy extremely seriously. Zoom only collects data from individuals using the Zoom platform as needed to provide the service and ensure it is delivered as effectively as possible. Zoom must collect basic technical information like users’ IP address, OS details and device details in order for the service to function properly.
“Zoom has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including — but not limited to — the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.”
It’s worth noting Zoom does seem to offer end-to-end encryption if you’re using its text chat service. However, this does not translate to its video conferencing functionality.
Source: Read Full Article