Zoom Developing End-to-End Encryption Feature for Paying Users

[Shirasaki]

OMG with the Zoom bashing.

The latest version now has better security than any other option. They have leapfrogged Google and Microsoft with end to end encryption, but people still want to use the memes from two months ago. Let it go people. Find a new, better target

Just because they are “supposedly the best” in terms of encryption, doesn’t erase their past terrible management and scandal plagued them in the last few months. I’d argue without this pandemic, Zoom issue would blow up either much later or never.

 

[cmaier]

OMG with the Zoom bashing.

The latest version now has better security than any other option. They have leapfrogged Google and Microsoft with end to end encryption, but people still want to use the memes from two months ago. Let it go people. Find a new, better target

No they haven’t. End-to-end encryption isn’t even available yet. There are many more secure options.

 

[2010mini]

Why only on the paid tier???

 

[TiggrToo]

Why only on the paid tier???

It's not available on free WebEx plans either - at least not without having to deliberately and methodically request it via a support ticket.

 

[justperry]

I like all but Skype (consistently poor video and audio quality but that's not an issue with any of the others in my experience).

Exactly this, I can't believe people like Skype/MS Teams, it's horrible, just last week we started using Teams in a meeting because of Covid, bad Audio, could barely hear half of what was said.
I used Skype a looong time ago, when it was still not consumed by MS, back then it was ok because there weren't many if any others around, not only that, bandwidth was low back then, service was just OK.
Pretty sure Teams use the same codebase as Skype.

 

[cmaier]

Why only on the paid tier???

If you have secrets to protect such that you really need end-to-end encryption, you’re probably willing to pay to keep the secrets. Why should everything be free?

 

[bcjenkins]

Zoom will offer E2EE for paid users, 8x8 and Jitsi (Jitsi is owned by 8x8) will offer freely. Here's a blog post on it from April - https://jitsi.org/blog/e2ee/

If you haven't tried either (8x8 or Jitsi) version, I would suggest doing so.

 

[adamjackson]

Finally, a service that takes our money for improvements to privacy.

 

[I7guy]

Just because they are “supposedly the best” in terms of encryption, doesn’t erase their past terrible management and scandal plagued them in the last few months. I’d argue without this pandemic, Zoom issue would blow up either much later or never.

What terrible management and scandal?

 

[Infinite Vortex]

Speaking to Reuters, Zoom security consultant Alex Stamos confirmed the plan, which had been based on "a combination of technological, safety and business factors."

From what I can tell… that's all well and good until you have one or more free users (those that aren't in meetings all the time where paying for it represents really really really low value) at which point no-one, paid or not, has end-to-end encryption. Sweet!

 

[icanhazmac]

What terrible management and scandal?

The ones listed below were fairly well publicized.

From a security standpoint, yes way better. Zoom lied about their encryption multiple times, was caught routing customer calls to China (where their business meetings would be most important), was caught installing a server on the Mac OS application that constantly phoned home information even after you uninstalled Mac Zoom application and the list goes on and on.

 

[luvbug]

Sure they are! I believe them, don't you?? /s Freaking liars. Another charter member of the den of thieves. I wonder when big business and government are going to realize that virtually no one believes anything they say, anymore? They got off the trust bus 20 years ago and never looked back.

 

[I7guy]

The ones listed below were fairly well publicized.

It's not like a laundry list of items where one's calls are available on the dark web. The company was smart enough to address the issues and we move on...some of us move on, some dropped zoom.

But none of this, imo, points to terrible management or scandal.

 

[icanhazmac]

It's not like a laundry list of items where one's calls are available on the dark web. The company was smart enough to address the issues and we move on...some of us move on, some dropped zoom.

But none of this, imo, points to terrible management or scandal.

To each his own I guess, I don't use Zoom but with COVID pushing folks to communicate remotely I did look at it and just found way too much smoke, and where there is smoke..... YMMV

Here is what I felt was a pretty good writeup and again IMHO you can't just chalk all their issues up to miscommunication or just accept "we fixed it" as a valid response. The most egregious being the Mac installer and the "end to end encryption".

Zoom security issues: What's gone wrong and what's been fixed

Here's an updated list of the dozens of security and privacy problems that have been found in Zoom

www.tomsguide.com

 

[I7guy]

To each his own I guess, I don't use Zoom but with COVID pushing folks to communicate remotely I did look at it and just found way too much smoke, and where there is smoke..... YMMV

Here is what I felt was a pretty good writeup and again IMHO you can't just chalk all their issues up to miscommunication or just accept "we fixed it" as a valid response. The most egregious being the Mac installer and the "end to end encryption".

Zoom security issues: What's gone wrong and what's been fixed

Here's an updated list of the dozens of security and privacy problems that have been found in Zoom

www.tomsguide.com

Most of those items in Toms Guide are really not relevant to Zoom security, some are settings, some are phishing.

If Zoom were as full as security holes as is suggested here, many more large regulated companies wouldn’t be using Zoom.

 

[gsurf123]

What a ***** company! What a bad bad service! Zoom is terrible.

Why are they bad? It's free and works. If you want more you have to pay, which I do because the time limits are not conducive to teaching. If I were worried about proprietary secrets or private material I would not use Zoom.

 

[bsmr]

It's not available on free WebEx plans either - at least not without having to deliberately and methodically request it via a support ticket.

That’s the point.

actually Zoom is a service for business. And nearly all businesses pay for it. So they get E2EE included by default.
When using WebEx you have to contact support to get E2EE. Even when paying.

Jitsi can’t compete in business areas (at the moment), as it’s too complicated to announce a meeting (If someone catches your room name it’s over).

 

[subi257]

The downfall of Zoom.

How so ? I think it will be good for them. I work at a major financial company and we are not called to use because of the lack of security. If they fix the security issues, more corporate and businesses might buy into using it. They make more money.

 

[high heaven]

lol so many countries already left Zoom because of the privacy issue that they sent info to China.

 

[Metrosey]

End-to-end encryption with the private key stored in China on Chinese equipment with the CA being Chinese.

 

[cmaier]

From what I can tell… that's all well and good until you have one or more free users (those that aren't in meetings all the time where paying for it represents really really really low value) at which point no-one, paid or not, has end-to-end encryption. Sweet!

Is that true? My understanding is that as long as the meeting host is on the paid plan that the encryption will be e2e?
[automerge]1591032690[/automerge]

End-to-end encryption with the private key stored in China on Chinese equipment with the CA being Chinese.

That’s not how any e2e encryption system works.

 

[Metrosey]

Is that true? My understanding is that as long as the meeting host is on the paid plan that the encryption will be e2e?
[automerge]1591032690[/automerge]


That’s not how any e2e encryption system works.

That’s the joke, Zoom aren’t a typical company when it comes to privacy.

 

[Mosey Potter]

Zoom stock is an excellent candidate for shorting. Nobody will use Zoom once we get past covid-19. Some money to be made for sure. It is very telling to see how much insider selling is going on by the executive team there. You think they are on to something? Nah it’s just a koinkydink 😂

 

[coolfactor]

What they need to do is stop cutting corners and build a proper native Mac app that is memory and CPU-efficient, not a wrapper app that hogs the CPU when screen-sharing.

 

[TiggrToo]

lol so many countries already left Zoom because of the privacy issue that they sent info to China.

What info sent to China. You know that never happened in the US, right?
[automerge]1591052033[/automerge]

End-to-end encryption with the private key stored in China on Chinese equipment with the CA being Chinese.

A blatant lie.