Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading.

zoom logo
Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.

However, an investigation by The Intercept reveals that Zoom secures video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites:

This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won't stay private from the company.

As the report makes clear, for a Zoom meeting to be end-to-end encrypted, the call would need to be encrypted in such a way that ensures only the participants in the meeting have the ability to decrypt it through the use of local encryption keys. But that level of security is not what the service offers.

When asked by The Intercept to comment on the finding, a spokesperson for Zoom denied that the company was misleading users:

"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point… The content is not decrypted as it transfers across the Zoom cloud."

Technically, Zoom's in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Zoom told The Intercept that it only collects user data that it needs to improve its service – this includes IP addresses, OS details, and device details – but it doesn't allow employees to access the content of meetings.

Last week, Zoom's data sharing practices were criticized after it emerged that the service was sending data to Facebook without disclosing the fact to customers. The company subsequently updated the app to remove its Facebook log-in feature and prevent the data access.

Update: As noted by TechCrunch, security researcher Patrick Wardle has revealed two previously undisclosed zero-day vulnerabilities impacting Zoom.

Top Rated Comments

Michael Scrip Avatar
15 months ago
* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Score: 23 Votes (Like | Disagree)
nicho Avatar
15 months ago

Interesting, the company I work for jumped on this solution because our in-house video conf service is unable to cope with everybody working remotely all of a sudden (it wasn't planned for this many people throughout the day and cannot scale up quickly, due to short-sighted decisions).

Zoom is all the rage these days - some of our IT/security folks tried to warn management we shouldn't use it until a full security audit can happen, and they were gently pushed aside due to needing a solution right away, I guess this will only reinforce the need to look into it further.
They operate legally in China. I don't think more needs to be said than that.
Score: 15 Votes (Like | Disagree)
cfdlab Avatar
15 months ago
There are even more shady things they are doing

[MEDIA=twitter]1244737672930824193[/MEDIA]
Score: 12 Votes (Like | Disagree)
himanshumodi Avatar
15 months ago
I wonder if this is technical incompetence, or a deliberate obfuscation.
Score: 10 Votes (Like | Disagree)
batitombo Avatar
15 months ago
Everyone:

End to end.

Zoom:

Well, for us end to end means...
Score: 9 Votes (Like | Disagree)
Unggoy Murderer Avatar
15 months ago


* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Add this: the macOS installer actually installs the application at the "Checking requirements" stage then quits the installer, the user doesn't actually get to press "Install". Very shady.

Quicker people move away from that rancid software the better.
Score: 9 Votes (Like | Disagree)

Top Stories

prosser macbook air colors stacked

Images Reveal Colorful New MacBook Air Design

Tuesday May 11, 2021 5:06 am PDT by
Apple's next MacBook Air will feature a completely new design and come in a range of colors like the 24-inch iMac, according to leaker Jon Prosser, who has now released supposedly accurate renders of the new machines based on leaked images. In a new video uploaded to YouTube channel Front Page Tech, Prosser elaborated on his previous prediction that Apple's next-generation MacBook Air models ...
iPhone 13 Camera Backs

iPhone 13 Models Will Be Slightly Thicker and Will Have Larger Camera Bumps

Monday May 10, 2021 10:41 am PDT by
Apple's upcoming iPhone 13 models will be slightly thicker than the iPhone 12 models and will also feature larger, thicker camera bumps with lenses that protrude less, according to iPhone 13 schematics seen by MacRumors. The new iPhone 13 and 13 Pro models are expected to feature a thickness of 7.57mm, up from 7.4mm in the iPhone 12 models. That's an increase of 0.17mm, which won't be hugely ...
3d printed airtag case siri remote

3D-Printed Case Lets You Attach an AirTag to Your Apple TV Remote

Monday May 10, 2021 8:11 am PDT by
Apple recently released a redesigned Siri Remote with a physical clickpad, but if you have an original Siri Remote laying around that you still plan on using, you may be interested in getting an AirTag case for the remote. Etsy user PrintSpiredDesigns has capitalized on the opportunity with a new 3D printed, made-to-order AirTag case for the original Siri Remote. The remote slides into the...
airtag hacked

AirTag Successfully Hacked to Show Custom URL in Lost Mode

Monday May 10, 2021 1:52 am PDT by
The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware. Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph— stacksmashing ...
zoom app icon

Apple Gave Zoom Access to Special API to Use iPad Camera During Split View Multitasking

Sunday May 9, 2021 2:00 am PDT by
Zoom, a hallmark platform used by millions during the global health crisis, has been given access to a special iPadOS API that allows the app to use the iPad camera while the app is in use in Split View multitasking mode. This case of special treatment was first brought to attention by app developer Jeremy Provost, who, in a blog post, explains that Zoom uses a special API that allows the...
tracking disabled ios 14 5

Analytics Suggest 96% of Users Leave App Tracking Disabled in iOS 14.5

Friday May 7, 2021 1:51 am PDT by
An early look at an ongoing analysis of Apple's App Tracking Transparency suggests that the vast majority of iPhone users are leaving app tracking disabled since the feature went live on April 26 with the release of iOS 14.5. According to the latest data from analytics firm Flurry, just 4% of iPhone users in the U.S. have actively chosen to opt into app tracking after updating their device...
Top Stories 59 Feature

Top Stories: Epic Games vs. Apple, Hidden AirTag Mode, Apple Music Hi-Fi, Colorful MacBook Air?

Saturday May 8, 2021 6:00 am PDT by
While we wait for the newly introduced iMac, iPad Pro, and Apple TV models to launch later this month, this week saw the kickoff of the big Epic Games v. Apple trial, with lots of juicy tidbits coming out as the two sides make their arguments. This week also saw some rumors about a Hi-Fi tier for Apple Music, more biometric sensing capabilities for Apple Watch, and timing for the...
Apple 5G Modem Feature

Kuo: Apple-Designed 5G Modem May Debut in iPhones as Early as 2023

Sunday May 9, 2021 10:02 pm PDT by
Apple plans to adopt its own custom-designed 5G baseband chip starting with the 2023 iPhones, meaning it'll no longer need to rely on Qualcomm to supply the 5G cellular modem for the iPhone, Apple analyst Ming-Chi Kuo said today in an investors note obtained by MacRumors. According to Kuo, Apple plans to include its own custom-designed 5G baseband chip starting with the launch of the 2023...
maxresdefault

Video: Make Your iPhone Last Longer With These Battery Preserving Tips

Monday May 10, 2021 1:23 pm PDT by
Maximizing battery life is something that many iPhone users deal with on a regular basis as we all want our iPhones to last as long as possible. Sometimes there are bugs in iOS that make the battery drain faster, and sometimes we just need to eke out as much as possible on a long day out and about. Subscribe to the MacRumors YouTube channel for more videos. In our latest YouTube video, MacRumo...
m1 ipad pro chip

M1 iPad Pro Over 50% Faster Than Previous Generation in Early Benchmarks

Tuesday May 11, 2021 11:56 am PDT by
Last month, Apple introduced a new iPad Pro with the same M1 chip found in the latest Macs, and early benchmark results indicate that the M1 iPad Pro is over 50% faster than the previous-generation iPad Pro. Based on five legitimate Geekbench 5 results (here's the fifth) for the fifth-generation 12.9-inch iPad Pro with the M1 chip, the device has average single-core and multi-core scores of...