Zoom will provide end-to-end encryption to everyone, but will ask for data in return
After criticism from activists and users about Zoom's decision to provide end-to-end encryption for paid users only, the company announced its intention to make it available to all users, including free ones.
In early June, the company began work on introducing end-to-end encryption into the service, but it was planned to provide access to the service only to users of the paid version of Zoom. Soon, the Mozilla Foundation and the Electronic Frontier Foundation (EFF), together with 19,000 users, sent an open letter to the company urging it not to make "security and privacy a luxury." Digital rights organizations such as Fight for the future and MPower Change also expressed similar concerns in their letter.
“After we released the draft Zoom End-to-End Encryption (E2EE), we worked with civil rights organizations, the CISO, child safety advocates, encryption experts, government officials, our users and others to gather their feedback on the feature. We have also researched new technologies and are ready to offer E2EE to all users, ”said Zoom CEO Eric Yuan.
As noted by company representatives, free users will have to verify their account by phone number. This measure will help in the fight against cybercriminals who create multiple accounts.
Encryption has certain limitations: if enabled, participants with traditional PSTN phone lines will not be able to join the conversation. Since it is an optional feature, the user can manually enable or disable encryption.
Recall that earlier information security experts in the course of researching the service discovered multiple security problems, one of which was related to encryption. For example, Zoom sent encryption keys to a server in China, where, according to the country's law, they could be requested by the Chinese authorities. In addition, the developers of the application ambiguously interpreted the term "end-to-end" encryption, which misled users.
