Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading.

zoom logo
Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.

However, an investigation by The Intercept reveals that Zoom secures video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites:

This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won't stay private from the company.

As the report makes clear, for a Zoom meeting to be end-to-end encrypted, the call would need to be encrypted in such a way that ensures only the participants in the meeting have the ability to decrypt it through the use of local encryption keys. But that level of security is not what the service offers.

When asked by The Intercept to comment on the finding, a spokesperson for Zoom denied that the company was misleading users:

"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point… The content is not decrypted as it transfers across the Zoom cloud."

Technically, Zoom's in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Zoom told The Intercept that it only collects user data that it needs to improve its service – this includes IP addresses, OS details, and device details – but it doesn't allow employees to access the content of meetings.

Last week, Zoom's data sharing practices were criticized after it emerged that the service was sending data to Facebook without disclosing the fact to customers. The company subsequently updated the app to remove its Facebook log-in feature and prevent the data access.

Update: As noted by TechCrunch, security researcher Patrick Wardle has revealed two previously undisclosed zero-day vulnerabilities impacting Zoom.

Tags: Security, Apple Privacy, Encryption

Top Rated Comments

Michael Scrip Avatar
Michael Scrip
60 months ago
* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Score: 23 Votes (Like | Disagree)
nicho Avatar
nicho
60 months ago

Interesting, the company I work for jumped on this solution because our in-house video conf service is unable to cope with everybody working remotely all of a sudden (it wasn't planned for this many people throughout the day and cannot scale up quickly, due to short-sighted decisions).

Zoom is all the rage these days - some of our IT/security folks tried to warn management we shouldn't use it until a full security audit can happen, and they were gently pushed aside due to needing a solution right away, I guess this will only reinforce the need to look into it further.
They operate legally in China. I don't think more needs to be said than that.
Score: 15 Votes (Like | Disagree)
cfdlab Avatar
cfdlab
60 months ago
There are even more shady things they are doing

[MEDIA=twitter]1244737672930824193[/MEDIA]
Score: 12 Votes (Like | Disagree)
himanshumodi Avatar
himanshumodi
60 months ago
I wonder if this is technical incompetence, or a deliberate obfuscation.
Score: 10 Votes (Like | Disagree)
batitombo Avatar
batitombo
60 months ago
Everyone:

End to end.

Zoom:

Well, for us end to end means...
Score: 9 Votes (Like | Disagree)
Unggoy Murderer Avatar
Unggoy Murderer
60 months ago


* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Add this: the macOS installer actually installs the application at the "Checking requirements" stage then quits the installer, the user doesn't actually get to press "Install". Very shady.

Quicker people move away from that rancid software the better.
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

M4 iMac With Magic Accessories

Apple Announces iMac With M4 Chip, Upgraded Camera, Nano-Texture Display Option, and More

Monday October 28, 2024 8:01 am PDT by
Apple today announced that it has updated the 24-inch iMac with the M4 chip, which debuted in the iPad Pro earlier this year. This upgrade comes around one year after the previous iMac with the M3 chip was released. Subscribe to MacRumors on YouTube for more videos! As expected, the M4 chip in the iMac is available with up to a 10-core CPU and up to a 10-core GPU. Apple says the iMac with the ...
Read Full Article253 comments
m3 mbp space black

What to Expect From Apple's 'Exciting Week of Announcements'

Thursday October 24, 2024 10:36 am PDT by
Apple's marketing chief Greg Joswiak today teased that the company has an "exciting week of announcements" planned next week. Joswiak said to "Mac" your calendars, and the post includes an animated icon for the Finder app on the Mac, so it is clear that at least some of next week's announcements will be related to the Mac. Subscribe to MacRumors on YouTube for more videos! Below, we have...
Read Full Article116 comments
apple wallet drivers license feature iPhone 15 pro

Apple Says iPhone Driver's Licenses Coming to These U.S. States Next

Wednesday October 23, 2024 1:41 pm PDT by
In select U.S. states, residents can add their driver's license or state ID to the Wallet app on the iPhone and Apple Watch, providing a convenient and contactless way to display proof of identity or age at select airports and businesses, and in select apps. Below, we outline which U.S. states offer the feature, and additional states that have committed to rolling it out in the feature in...
Read Full Article
maxresdefault

Apple Releases iOS 18.1 and iPadOS 18.1 With Apple Intelligence

Monday October 28, 2024 8:07 am PDT by
Apple today released iOS 18.1 and iPadOS 18.1, the first major updates to the iOS 18 and iPadOS 18 updates that came out in September. iOS 18.1 and iPadOS 18.1 come six weeks after the release of iOS 18 and iPadOS 18. Subscribe to the MacRumors YouTube channel for more videos. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General >...
Read Full Article212 comments
apple oct 2024 mac tease

Apple Teases M4 Mac Announcements Next Week

Thursday October 24, 2024 9:19 am PDT by
Apple's Greg Joswiak today made it clear that Apple plans to reveal new products next week, teasing refreshed Macs. In a social media post, Joswiak said to "Mac your calendars" because there's an exciting week of announcements that start on Monday morning. With Joswiak's announcement, it appears that there will not be a dedicated October event for Macs this year, with Apple instead...
Read Full Article236 comments
M4 iMac With Magic Accessories

Apple Updates Magic Mouse, Magic Keyboard, and Magic Trackpad With USB-C Ports

Monday October 28, 2024 8:02 am PDT by
Alongside the new iMac, Apple announced updated versions of the Magic Mouse, Magic Keyboard, and Magic Trackpad. The accessories are now equipped with USB-C charging ports, whereas the previous models used Lightning. Apple includes the Magic Mouse and Magic Keyboard in the box with the iMac, and the Magic Trackpad is an optional upgrade. "Every iMac comes with a color-matched Magic Keyboard...
Read Full Article182 comments
iPhone SE 4 Thumb 1

iPhone SE 4 Mass Production Timeframe Revealed as Launch Gets Closer

Wednesday October 23, 2024 9:38 am PDT by
Apple suppliers will begin mass production of the fourth-generation iPhone SE in December, supply chain analyst Ming-Chi Kuo said today in a blog post. The fourth-generation iPhone SE is expected to have a similar design as the base iPhone 14, with rumored features including a 6.1-inch OLED display, Face ID, a newer A-series chip, a USB-C port, a single 48-megapixel rear camera, 8GB of RAM...
Read Full Article49 comments
apple oct 2024 mac tease

Apple Promises Two More Mac Announcements This Week Following New iMac Today

Monday October 28, 2024 11:18 am PDT by
Apple introduced a new iMac today with the M4 chip and more, but that's not all, as it still has two more Mac announcements planned this week. "This is a huge week for the Mac, and this morning, we begin a series of three exciting new product announcements that will take place over the coming days," said Apple's hardware engineering chief John Ternus, in a video announcing the new iMac....
Read Full Article95 comments