Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading.

zoom logo
Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.

However, an investigation by The Intercept reveals that Zoom secures video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites:

This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won't stay private from the company.

As the report makes clear, for a Zoom meeting to be end-to-end encrypted, the call would need to be encrypted in such a way that ensures only the participants in the meeting have the ability to decrypt it through the use of local encryption keys. But that level of security is not what the service offers.

When asked by The Intercept to comment on the finding, a spokesperson for Zoom denied that the company was misleading users:

"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point… The content is not decrypted as it transfers across the Zoom cloud."

Technically, Zoom's in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Zoom told The Intercept that it only collects user data that it needs to improve its service – this includes IP addresses, OS details, and device details – but it doesn't allow employees to access the content of meetings.

Last week, Zoom's data sharing practices were criticized after it emerged that the service was sending data to Facebook without disclosing the fact to customers. The company subsequently updated the app to remove its Facebook log-in feature and prevent the data access.

Update: As noted by TechCrunch, security researcher Patrick Wardle has revealed two previously undisclosed zero-day vulnerabilities impacting Zoom.

Top Rated Comments

Michael Scrip Avatar
30 months ago
* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Score: 23 Votes (Like | Disagree)
nicho Avatar
30 months ago

Interesting, the company I work for jumped on this solution because our in-house video conf service is unable to cope with everybody working remotely all of a sudden (it wasn't planned for this many people throughout the day and cannot scale up quickly, due to short-sighted decisions).

Zoom is all the rage these days - some of our IT/security folks tried to warn management we shouldn't use it until a full security audit can happen, and they were gently pushed aside due to needing a solution right away, I guess this will only reinforce the need to look into it further.
They operate legally in China. I don't think more needs to be said than that.
Score: 15 Votes (Like | Disagree)
cfdlab Avatar
30 months ago
There are even more shady things they are doing

[MEDIA=twitter]1244737672930824193[/MEDIA]
Score: 12 Votes (Like | Disagree)
himanshumodi Avatar
30 months ago
I wonder if this is technical incompetence, or a deliberate obfuscation.
Score: 10 Votes (Like | Disagree)
batitombo Avatar
30 months ago
Everyone:

End to end.

Zoom:

Well, for us end to end means...
Score: 9 Votes (Like | Disagree)
Unggoy Murderer Avatar
30 months ago


* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Add this: the macOS installer actually installs the application at the "Checking requirements" stage then quits the installer, the user doesn't actually get to press "Install". Very shady.

Quicker people move away from that rancid software the better.
Score: 9 Votes (Like | Disagree)

Popular Stories

top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
13 inch macbook pro m2 mock feature 2

M2 MacBook Pro Much Slower Than Previous Model

Friday July 1, 2022 2:24 am PDT by
Apple's new 13-inch MacBook Pro with the M2 chip features a significantly slower SSD compared to the previous model, resulting in poorer performance in some workflows, it has been discovered. Specifically, it has been found that the $1,299 base model with 256GB of storage has significantly slower SSD read and write speeds compared to the equivalent previous-generation 13-inch MacBook Pro....