Zoom, a video call service who’s popularity has spun out of the COVID-19 crisis, is now being placed in the hot seat. As the company claims to support end-to-end encryptions, protecting user video conferences online, there may be a bit of wiggle room in their phrasing.
On the Zoom website, it states that end-to-end encryptions are a security feature users will have access to when hosting an online video conference call. This is reiterated in the company’s security white paper as well. However, The Intercept has investigated those claims and discovered that Zoom video calls use TLS encryptions, the same as encryption browsers use for HTTPS websites. In most cases, TLS encryptions still allow company access to content through servers. End-to-end encryptions, on the other hand, protects content between users without company access.
When speaking to a Zoom representative, The Intercept was told: “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP.” The representative continued to state: “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.. The content is not decrypted as it transfers across the Zoom cloud.”
As of now, it appears only the text messaging portion of the app supports end-to-end encryptions. Zoom told The Intercept that it only collects user data to improve its services. While that may be true, the technical side still opens the door to the collection of video records to hand over to governing bodies and law enforcement upon request. Companies such as Google and Facebook, offer transparency reports for users indicating as such.
Zoom has already been facing criticism after it was discovered the company was sending data to Facebook without user disclosure. The company has since removed the Facebook login feature.