Zoom has finally rolled out end-to-end encryption (E2EE) for free and paid users around the world, keeping a promise made at the start of the pandemic. In an E2EE-secured system, communication between meeting participants is encrypted using cryptographic keys stored only on users' devices. This means that no third party, including Zoom, has access to the keys to decrypt the private meeting data. Initially, the company said end-to-end encryption would be reserved for paying customers only, but it was making a quick U-turn after facing backlash from users. The feature is immediately available to all Zoom users in technical preview (which means the company is actively seeking feedback) in client version 5.4.0 for Windows and Mac, Zoom for Android, and Zoom Rooms. The service will also appear on Zoom for iOS soon, once Apple has turned on the updated app.
End-to-End Encrypted Zoom
In April, Zoom found itself in trouble when it emerged that claims that meeting participants were protected by full end-to-end encryption were unfounded. Instead, the researchers found that the service implemented some form of less encryption using the Transport Layer Security (TLS) protocol. The company was forced to issue a public apology, pledging to spend the next three months solely improving the security of its platform. During this period, Zoom acquired secure messaging and file sharing service Keybase, whose team was involved in developing a full E2EE for video conferencing service. Thus, the arrival of end-to-end encryption for all users finally fulfills a promise made more than six months ago. "We are very proud to bring Zoom's new end-to-end encryption to Zoom users around the world," said Jason Lee, Zoom CISO. “This feature has been in high demand from our customers and we are excited to make it a reality. Congratulations to our encryption team who joined us from Keybase in May and developed this amazing security feature. " Under the new system, which uses 256-bit AES-GCM encryption, meeting hosts generate encryption keys that are distributed to other participants using public-key cryptography. The encrypted information is "uncrackable" by Zoom, whose servers simply they act as "unaware relays. While many will welcome the arrival of the new security feature, it's important to note that E2EE protection does not apply to all Zoom meetings. The feature must be enabled by the host, attendees they must join the appropriate Zoom clients and the meeting must contain no more than 200 attendees Enabling E2EE will also result in decreased functionality, preventing users from accessing features such as cloud recording, polling, meeting rooms and live transcription.