Zoom finally gets full encryption on all devices after months of criticism

The update comes to Macs, PCs, iPhones, iPads, and Android devices

Adam Smith
Tuesday 27 October 2020 13:40 GMT
Comments
(AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Zoom has announced that its end-to-end encrypted communications have arrived for Macs, PCs, iPhones, iPads, and Android devices.

Both free and paid users are now able to keep their conversations more secure in rooms of up to 200 participants.

End-to-end encryption (E2EE) works via two digital keys, one public, one private. The public key can be shared by anyone, while the private key is kept by the user.

The public key encrypts the message – or video call – while the private key encrypts it when it is received.

This means the servers and companies facilitating the conversation, whether that’s through chatting apps like WhatsApp or Signal or video calling software like Zoom, are unable to monitor what is being said.

While Zoom’s new security feature will be coming to most devices – its iOS app is currently pending Apple App Store approval – it will not secure its web client or third-party apps.

“In typical meetings, Zoom’s cloud meeting server generates encryption keys for every meeting and distributes them to meeting participants using Zoom clients as they join”, Zoom said in its announcement.

“With Zoom’s new E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents.

“Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key.”

Account administrators are able to turn on end-to-end encryption in their web dashboard at the account, group, and user level.

Zoom previously did not feature end-to-end encryption after CEO Eric Yuan said that it would interfere with law enforcement accessing its calls.

It had also shut down the account of a Tiananmen Square activist, who had a paid account, at the behest of the Chinese government. The account was later reinstated.

That led to a flurry of criticism from activists and privacy groups who argued that the app was unnecessarily endangering conversations.

Following petitions, Zoom said it would add end-to-end encryption, and purchased encrypted messaging platform Keybase to built the security feature into its platform. 

However, a recent report from Buzzfeed suggests that Zoom shut down a series of video events discussing the company’s “censorship”, following Zoom, YouTube, and Facebook stopping the talk of hijacker and member of the Popular Front for the Liberation of Palestine (PFLP) Leila Khaled at San Francisco State University.

“Zoom is committed to supporting the open exchange of ideas and conversations and does not have any policy preventing users from criticizing Zoom,” a company spokesperson told Buzzfeed.

“Zoom does not monitor events and will only take action if we receive reports about possible violations of our Terms of Service, Acceptable Use Policy, and Community Standards. 

"Similar to the event held by San Francisco State University, we determined that this event was in violation of one or more of these policies and let the host know that they were not permitted to use Zoom for this particular event.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in