Zoom opens up end-to-end encryption for both free and paid users
There are some caveats thoughBy David Matthews
Why it matters: End-to-end encryption is the bedrock of many messaging apps such as WhatsApp and iMessage. Zoom is finally adding the feature for its video calls for both paid and free users, which should make it much harder to anyone (including Zoom) to snoop on company and classroom meetings.
Zoom has been criticized for not offering encryption to free users amid numerous security and privacy issues that have cropped up in the course of the year. The company has now launched end-to-end encryption (E2EE) for both free and paid users around the world, although the feature isn't necessarily fully baked.
Encryption is currently available as a "technical preview," in order to gather feedback from users for the next 30 days. Additionally, while E2EE is supported on most desktop and mobile platforms, the web client and third-party clients that use Zoom's SDK are not supported.
Our new end-to-end encryption (E2EE) feature is now available to users globally, free and paid. ?https://t.co/ssGanYn4fB--- Zoooooom ? (@zoom_us) October 26, 2020
Previously, Zoom servers would generate the encryption keys and distribute them to meeting attendees once they joined. Now, the meeting host has the private key while distributing the public key to the meeting participants. Zoom says that their servers simply act as "oblivious relays" and never see the encryption keys and all encrypted data is indecipherable by Zoom itself.
There's one more catch to using E2EE, however. Some features such as Zoom's cloud recording, live transcription, one-to-one chat, and meeting reactions will not be available. People who prefer to join via telephone will also be out of luck.
The increasing use of teleconferencing due to the ongoing pandemic propelled Zoom to 200 million users in April. That led to the phenomena of "Zoom bombing" in which uninvited guests would crash the meeting.
The company responded by enabling waiting rooms and forced passwords. The addition of E2EE is a welcome one despite some caveats and should heavily bolster security for everyone involved.