Zoom Developing End-to-End Encryption Feature for Paying Users

[MacRumors]

Videoconferencing service Zoom says it is developing end-to-end encryption for the platform, but the feature will only be available to paying users.

Speaking to Reuters, Zoom security consultant Alex Stamos confirmed the plan, which had been based on "a combination of technological, safety and business factors."

Zoom has attracted millions of free and paying customers amid the global health crisis, with stay-at-home measures causing a surge in the number of people working remotely.

However, lax security, such as the ability for unregistered users to join meetings, has led to zoom-bombing pranks and caused alarm amongst safety experts and privacy advocates.

"Charging money for end-to-end encryption is a way to get rid of the riff-raff," Jon Callas, a technology fellow of the American Civil Liberties Union, told Reuters. Callas said it would deter spammers and other malicious users who take advantage of free services.

End-to-end encryption ensures no one but the participants and their devices can see and hear what is happening in a meeting, but it would also have to exclude people who call in to Zoom meetings from a telephone line.

Zoom is currently under investigation by regulators such as the U.S. Federal Trade Commission over previous claims about encryption that have been criticized as exaggerated or false, according to Reuters.

Privacy experts also told the news organization that with the Justice Department and some members of Congress condemning strong encryption, Zoom could draw unwanted new attention by expanding in that area.

Back in April, Zoom was accused of misleading users with claims that calls on the platform are end-to-end encrypted, when in fact videos are secured using TLS encryption, the same technology that web servers use to secure HTTPS websites.

Currently, Zoom's in-meeting text chat is the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Apple already uses end-to-end encryption to protect FaceTime users as call data travels between two or more devices. Even Apple can't decrypt the call and listen in to user's conversations.

Article Link: Zoom Developing End-to-End Encryption Feature for Paying Users

 

[Tech198]

It would also help boost Zoom by "the amoun of paid users" There goes the freedom.

 

[Makosuke]

This is a welcome change, speaking as someone in a small corner of a relatively large organization that pays for Zoom, and therefore is stuck with it. It's been, frankly, embarrassing to have no option but to invite people from other organizations to meetings using the least-secure option on the market--it's so bad that there are some orgs that literally can't join meetings we start because their security bans Zoom entirely.

Several of the large companies I attend meetings with used to use Zoom, and none of them do now. All of them have switched to Microsoft Teams, Cisco Webex, or something else.

I put together a security document as part of the recent work-from-home move, and literally had to tell people to avoid using my org's own video conferencing option when security was important.

 

[gw0gvq]

Is it available to free users that are joined by paid users?

 

[TiggrToo]

It would also help boost Zoom by "the amoun of paid users" There goes the freedom.

What freedom?

 

[M.A.G]

What a ***** company! What a bad bad service! Zoom is terrible.

 

[TiggrToo]

What a ****** company! What a bad bad service! Zoom is terrible.

Totally agree. How dare they try to correct the mistakes of the past? And who do they think they are asking users to pay for a service?

/s

 

[Tech198]

What freedom?

The freedom they stuffed it up in the first place, but now using it to make profits out of. If end to end encryption is as important as Zoom says it is, then it should not be for paid users only. The only reason to do that is so they can come back later and say "look how many paid users we have now" when privacy should have always ben there from the beginning.

 

[TiggrToo]

The freedom they stuffed it up in the first place, but now using it to make profits out of.

See above. You must be one of those people who thinks everything should be free, I guess.

So, naturally you work for free, right?

 

[Tech198]

See above. You must be one of those people who thinks everything should be free, I guess.

So, naturally you work for free, right?

No, but i do learn my lesson

 

[centauratlas]

“Charging money for end-to-end encryption is a way to get rid of the riff-raff," Jon Callas, a technology fellow of the American Civil Liberties Union

Security only for paying users is a pretty poor model.
Of course the kids use Group FaceTime not zoom except for classes, but it is funny to see the ACLU refer to teachers talking to kids as “riff-raff”.

 

[Crowbot]

It would have been better if the article had listed what the paid price is. How much is it?

 

[826317]

Totally agree. How dare they try to correct the mistakes of the past? And who do they think they are asking users to pay for a service?

/s

If they want to charge for a service, that's fine. If they want to charge for a simple piece of implementation (end-to-end encryption) that's where it becomes an absolute joke for me.

 

[I7guy]

I'm glad for the end-to-end encryption, will help the perceived value of the security and maybe should allay the concerns of a couple of large organizations that jumped ship to other methods. Zoom is still far and wide the leader in the post-covid teleconference worlds as far as I can tell.

 

[TiggrToo]

No, but i do learn my lesson

So, what do you call this then? Seems to me that they're learning their lesson here...

 

[B4U]

Is Skype better than them?

 

[Sasparilla]

Is Skype better than them?

From a security standpoint, yes way better. Zoom lied about their encryption multiple times, was caught routing customer calls to China (where their business meetings would be most important), was caught installing a server on the Mac OS application that constantly phoned home information even after you uninstalled Mac Zoom application and the list goes on and on. The execs have most of the development done in China so the devs don't cost anything.

 

[Lucas284]

The downfall of Zoom.

 

[neuropsychguy]

If they want to charge for a service, that's fine. If they want to charge for a simply piece of implementation (end-to-end encryption) that's where is becomes an absolute joke for me.

The beauty is you can use another service that's free and offers end-to-end encryption. You have FaceTime, Google Duo, Skype, and Teams. There could be others.

I like all but Skype (consistently poor video and audio quality but that's not an issue with any of the others in my experience).

 

[5883662]

Just use Jitsi, works very well.

 

[Shirasaki]

I see encryption starts to become a privilege instead of basic human rights, even if the encryption is implemented with open protocols. Backed by multiple dramas between Apple and FBI, I dare not dream what would’ve happened in the next few years.

 

[cmaier]

The beauty is you can use another service that's free and offers end-to-end encryption. You have FaceTime, Google Duo, Skype, and Teams. There could be others.

I like all but Skype (consistently poor video and audio quality but that's not an issue with any of the others in my experience).

In the real world you can only use what the people you are talking to also have access to and are also willing to use.

 

[IceMan30]

I'm a little (not too much?) amazed at how little security really matters to a lot of people. Convenience, usability, compatibility, likability...that is what most of us (myself included) really want in software, and life in general.

That said, wouldn't it have been nice if Apple had better positioned itself with a sort of "FaceTime Pro" for large groups and businesses? Native apps plus webs access for Windows/Android/Linux users. The relative simplicity and wide spread reach of Zoom coupled with MS Skype/Teams type security, all wrapped up in Apple's UI wunderkit.

*TANGENT*
Now that I think about it, with my 1st grader doing online school for the last 3 months, wouldn't it be nice if Apple did more to demonstrate what their online services can offer, particularly for education? My son's school, like so many, is mainly Google-based. And I've read Bill Gates is trying to re-invent on-line learning in his own image. There was a time when Apple ruled the education scene, grade school through college, and for good reason. Oh how times change. But I digress..

 

[Scottsoapbox]

OMG with the Zoom bashing.

The latest version now has better security than any other option. They have leapfrogged Google and Microsoft with end to end encryption, but people still want to use the memes from two months ago. Let it go people. Find a new, better target

 

[icanhazmac]

OMG with the Zoom bashing.

The latest version now has better security than any other option. They have leapfrogged Google and Microsoft with end to end encryption, but people still want to use the memes from two months ago. Let it go people. Find a new, better target

So how do you address these issues from the past when the same ownership/management is in place?

From a security standpoint, yes way better. Zoom lied about their encryption multiple times, was caught routing customer calls to China (where their business meetings would be most important), was caught installing a server on the Mac OS application that constantly phoned home information even after you uninstalled Mac Zoom application and the list goes on and on. The execs have most of the development done in China so the devs don't cost anything.