Zoom states on its web site and in its safety white paper that it helps end-to-end encryption for its conferences. However new research from The Intercept reveals that’s not precisely true.
The Intercept requested a Zoom spokesperson whether or not video conferences that happen on the platform are end-to-end encrypted, and the spokesperson mentioned that “At the moment, it’s not doable to allow E2E encryption for Zoom video conferences.”
Zoom does use TLS encryption, the identical normal that internet browsers use to safe HTTPS web sites. In apply, that implies that knowledge is encrypted between you and Zoom’s servers, much like Gmail or Fb content material. However the time period end-to-end encryption usually refers to defending content material between the customers solely with no firm entry in any respect, much like Sign or WhatsApp. Zoom doesn’t provide that degree of encryption, making the usage of “end-to-end” extremely deceptive.
Zoom, nevertheless, denies that it’s deceptive customers. The corporate advised The Intercept, “After we use the phrase ‘Finish to Finish’ in our different literature, it’s in reference to the connection being encrypted from Zoom finish level to Zoom finish level,” and that “content material is just not decrypted because it transfers throughout the Zoom cloud.”
Zoom’s in-meeting textual content chat does seem to assist E2E; Zoom mentioned it doesn’t have the keys to decrypt these messages.
Zoom additionally advised The Intercept that it solely collects consumer knowledge that it wants to enhance its service, together with IP addresses, OS particulars, and system particulars, and doesn’t enable staff to entry the precise content material of conferences. It additionally mentioned that it doesn’t promote consumer knowledge of any type. Nevertheless, it’s doable that the corporate may very well be compelled at hand over assembly recordings for authorized proceedings.
Zoom didn’t reply to a request for remark.