What you need to know
- Zoom's video conferencing calls aren't actually end-to-end encrypted.
- That's because Zoom itself is able to access unencrypted video and audio from meetings.
- The revelation could severely undermine Zoom's claims about privacy.
A report claims that video-conferencing service Zoom does not actually use end-to-end encryption as it's normally defined because Zoom is still able to access unencrypted audio and video.
According to The Intercept:
As the report notes, the standard definition of E2E encryption means that no outside party is able to access a conversation. According to the report, whilst Zoom claims to use E2E encryption, its security is more accurately described as "transport encryption":
In several instances within Zoom's security white paper, it mentions E2E encryption, and when you enable E2E, you can hover over the green padlock in the top left corner of a meeting and see the popup "Zoom is using an end to end encrypted connection." However, The Intercept claims that when it reached out to Zoom for comment a spokesperson stated:
This means that whilst your call is protected by security measures, "the Zoom service itself can access the unencrypted video and audio content of Zoom meetings". So whilst no one trying to snoop on you can access the meeting data, Zoom itself can see all of it. As the report notes, true end-to-end encryption would mean that only the participants of a Zoom call would have access to the video and audio content of the meeting, and have the ability to decrypt it. If Zoom could access encrypted content without decrypting it, that would still be E2E encryption. But that's not what's going on here. In response Zoom stated:
Zoom fell foul of privacy concerns last week after it emerged user data was being sent to Facebook even if the user did not have a Facebook account, an issue that has since been rectified.
Regarding this latest revelation the report notes:
Thank you for signing up to Android Central. You will receive a verification email shortly.
There was a problem. Please refresh the page and try again.