Video collaboration platform, Zoom, on Thursday announced that it will provide end-to-end encryption (E2EE) to all its users, free and paid. The company said it will do so to to avoid abuse of its platform.
The move is a turn from what the company had said during its earnings call recently. Chief executive officer (CEO), Eric Yuan, had said the company does not plan to offer E2EE to free users as it wants to work with the law enforcement if someone uses its platform for illegal activities. The company faced criticism from both users and experts for the same.
According to Zoom, users on its free/basic plan who want E2EE access will have to participate in a one-time process that will ask for additional pieces of information. This includes verifying the user’s phone number through a text message. The company will also be implementing risk-based authentication “in combination with the current mix of tools" that includes a function to report users.
The early beta of its E2EE feature will begin next month, though Zoom didn’t announce the exact date for this right now. All users will continue getting access to the AES 256 GCM transport encryption by default on the platform, irrespective of whether they use E2EE or not. The primary difference with E2EE is that it stops man-in-the-middle (MITM) attacks, where a hacker places themselves between the user and the server, allowing them to eavesdrop on conversations. It also means Zoom itself cannot listen to conversations on its platform.
Further, Zoom says E2EE limits some meeting functionalities so it will remain an optional feature. Hosts will be able to toggle the feature on and off and account administrators in enterprises will also have the ability to enable and disable E2EE at the group account level.
Zoom’s meteoric rise during the pandemic had also left it vulnerable to many privacy issues. The company, in turn, had announced a 90-day feature freeze in order to focus all its resources on fixing privacy issues.
The adoption of AES 256 GCM transport encryption was one of the features it added recently, but users still asked for E2EE, which is the industry standard for privacy in instant messaging nowadays. For video communication platforms like Zoom, Google Meet, Cisco Webex etc. though, transport encryption has usually been the go to encryption option.