'Misleading marketing': Zoom video meetings may not be as secure as you think
Video meetings on the popular platform don't seem to offer end-to-end encryption as advertised.
- Despite claims, Zoom's video and audio meetings don't support end-to-end encryption, according to a recent report from The Intercept.
- End-to-end encryption is an especially strong form of security that, in theory, scrambles online data so that it's decipherable only to the sender and receiver.
- Zoom also faces a class-action lawsuit after a Motherboard report showed how the platform passed on user data to third parties.
The video conferencing platform Zoom has become wildly popular as millions of people have switched to remote work during the COVID-19 pandemic. The platform offers high-quality streaming, an easy-to-use interface, and end-to-end encryption (E2E), which scrambles data so that it's decipherable only to the sender and receiver. In theory, end-to-end encryption would prevent the government, internet providers, and even Zoom itself from eavesdropping on users' meetings.
But a new report from The Intercept shows that Zoom's audio and video meetings don't seem to actually support end-to-end encryption, at least as that term is commonly defined.
"Currently, it is not possible to enable E2E encryption for Zoom video meetings," a Zoom spokesperson told The Intercept. "Zoom video meetings use a combination of TCP [Transmission Control Protocol] and UDP [User Datagram Protocol]. TCP connections are made using TLS [Transport Layer Security] and UDP connections are encrypted with AES [Advanced Encryption Standard] using a key negotiated over a TLS connection."
In other words, Zoom does encrypt video meetings, but it does so through transport encryption. This means Zoom has the ability to access users' private meetings. One concern among privacy advocates is that the government could someday compel Zoom to hand over recordings of users' meetings, which were advertised as being encrypted end to end.
Speaking to The Intercept, a Zoom spokesperson described the platform's definition of "end to end":
"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point...The content is not decrypted as it transfers across the Zoom cloud."
Although Zoom might not decrypt data as it transfers across the platform's cloud, it certainly has the ability to do so. "They're a little bit fuzzy about what's end-to-end encrypted," Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, told The Intercept. "I think they're doing this in a slightly dishonest way. It would be nice if they just came clean."
In a recently published open letter, the human rights group Access Now called on Zoom to publish a transparency report that includes the following information:
- The number of government requests for user data you receive by country, with compliance rates, and your procedures for responding to these requests
- The circumstances when you provide user information to government authorities
- Policies on notice to potentially affected users when their information has been requested or provided to government authorities, or exposed by breach, misuse, or abuse
- Policies and practices affecting the security of data in transit and at rest, including on multi-factor authentication, encryption, and retention
Other privacy concerns
Zoom is also facing criticism for passing user data on to third parties. Last week, Motherboard published a report showing that the Zoom iOS app was sharing user data with Facebook — even if Zoom users didn't have a Facebook account. On Monday, a Zoom user filed a class-action lawsuit against the company, alleging:
"Upon installing or upon each opening of the Zoom App, Zoom collects the personal information of its users and discloses, without adequate notice or authorization, this personal information to third parties, including Facebook, Inc. ("Facebook"), invading the privacy of millions of users."
Looking for a video-conferencing platform that does offer end-to-end encryption? Consider looking into Microsoft Teams, Signal, Clickmeeting, and Wire.
- You're Being Spied on by ISPs. Time to Set Up a VPN and Fight Back. ›
- 4 no-brainer security measures we rarely take - Big Think ›
Universities claim to prepare students for the world. How many actually do it?
- Many university mission statements do not live up to their promise, writes Ben Nelson, founder of Minerva, a university designed to develop intellect over content memorization.
- The core competencies that students need for success—critical thinking, communication, problem solving, and cross-cultural understanding, for example—should be intentionally taught, not left to chance.
- These competencies can be summed up with one word: wisdom. True wisdom is the ability to apply one's knowledge appropriately when faced with novel situations.
This is what the world will look like, 250 million years from now
To us humans, the shape and location of oceans and continents seems fixed. But that's only because our lives are so short.
A new study may help us better understand how children build social cognition through caregiver interaction.
Researchers at UT Southwestern noted a 47 percent increase in blood flow to regions associated with memory.
- Researchers at UT Southwestern observed a stark improvement in memory after cardiovascular exercise.
- The year-long study included 30 seniors who all had some form of memory impairment.
- The group of seniors that only stretched for a year did not fair as well in memory tests.