The Zoom CEO stated at an Analysts Conference that they planned to introduce End to End Encryption (E2E) for their paying customers. At the moment, zoom does not do E2E encryption, they are encrypted between the user device and Zoom’s servers, but zoom’s servers can be tapped. This means that GCHQ can’t see what’s happening, but the NSA & FBI can. (This assumes that GCHQ can’t break properly configured TLS.) In the end, doing zoom rather than skype or google hangouts, if you believe them to be more secure, is like going to a meeting and trying to spot the special branch cop, preferably before you’ve fucked them. The rest of this blog discusses the issues of the device security, technical complexity, and the problem of user identity. See below/overleaf … 

If using android or windows as your device operating system you are equally vulnerable no matter what communications carrier you use and of course using voice over GSM in the UK, you know that the police are listening. (I have a phone case with a Faraday cage woven into it, but rarely use it; I am sure that if they are interested in me, then they’ll use another device to listen into me, although given the complaints I had at my last conference call about sound signal quality, I’d be surprised if they used my phone to bug me.)

Implementing E2E on video conferencing is hard and computationally quite expensive; I am not sure who offers it for conferencing but the lack of E2E is one of the reasons that companies, governments  and NGO’s are dropping it. Even some of the most sophisticated user organisations have been the victims of zoom bombing.

This is what Zoom say,

“Zoom does not proactively monitor meeting content, and we do not share information with law enforcement except in circumstances like child sex abuse. We do not have backdoors where participants can enter meetings without being visible to others. None of this will change, … Zoom’s end-to-end encryption plan balances the privacy of its users with the safety of vulnerable groups, including children and potential victims of hate crimes. We plan to provide end-to-end encryption to users for whom we can verify identity, thereby limiting harm to these vulnerable groups. Free users sign up with an email address, which does not provide enough information to verify identity.”

This is also quite interesting  and balanced – https://arstechnica.com/information-technology/2020/06/zoom-defenders-say-there-are-legit-reasons-to-not-encrypt-free-calls/

E2E & Zoom
Tagged on:                     

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: