Zoom is facing fresh scrutiny today following a report that the videoconferencing app's encryption claims are misleading.

zoom logo
Zoom states on its website and in its security white paper that the app supports end-to-end encryption, a term that refers to a way of protecting user content so that the company has no access to it whatsoever.

However, an investigation by The Intercept reveals that Zoom secures video calls using TLS encryption, the same technology that web servers use to secure HTTPS websites:

This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won't stay private from the company.

As the report makes clear, for a Zoom meeting to be end-to-end encrypted, the call would need to be encrypted in such a way that ensures only the participants in the meeting have the ability to decrypt it through the use of local encryption keys. But that level of security is not what the service offers.

When asked by The Intercept to comment on the finding, a spokesperson for Zoom denied that the company was misleading users:

"When we use the phrase 'End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point… The content is not decrypted as it transfers across the Zoom cloud."

Technically, Zoom's in-meeting text chat appears to be the only feature of Zoom that is actually end-to-end encrypted. But in theory, the service could spy on private video meetings and be compelled to hand over recordings of meetings to governments or law enforcement in response to legal requests.

Zoom told The Intercept that it only collects user data that it needs to improve its service – this includes IP addresses, OS details, and device details – but it doesn't allow employees to access the content of meetings.

Last week, Zoom's data sharing practices were criticized after it emerged that the service was sending data to Facebook without disclosing the fact to customers. The company subsequently updated the app to remove its Facebook log-in feature and prevent the data access.

Update: As noted by TechCrunch, security researcher Patrick Wardle has revealed two previously undisclosed zero-day vulnerabilities impacting Zoom.

Tags: Security, Apple Privacy, Encryption

Top Rated Comments

Michael Scrip Avatar
Michael Scrip
56 months ago
* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Score: 23 Votes (Like | Disagree)
nicho Avatar
nicho
56 months ago

Interesting, the company I work for jumped on this solution because our in-house video conf service is unable to cope with everybody working remotely all of a sudden (it wasn't planned for this many people throughout the day and cannot scale up quickly, due to short-sighted decisions).

Zoom is all the rage these days - some of our IT/security folks tried to warn management we shouldn't use it until a full security audit can happen, and they were gently pushed aside due to needing a solution right away, I guess this will only reinforce the need to look into it further.
They operate legally in China. I don't think more needs to be said than that.
Score: 15 Votes (Like | Disagree)
cfdlab Avatar
cfdlab
56 months ago
There are even more shady things they are doing

[MEDIA=twitter]1244737672930824193[/MEDIA]
Score: 12 Votes (Like | Disagree)
himanshumodi Avatar
himanshumodi
56 months ago
I wonder if this is technical incompetence, or a deliberate obfuscation.
Score: 10 Votes (Like | Disagree)
batitombo Avatar
batitombo
56 months ago
Everyone:

End to end.

Zoom:

Well, for us end to end means...
Score: 9 Votes (Like | Disagree)
Unggoy Murderer Avatar
Unggoy Murderer
56 months ago


* Installing a secret web server on your computer that remained even after you uninstalled the program
* Sharing data with Facebook without disclosing it to customers
* Misleading Users With 'End-to-End Encryption' Claims

Any guesses on the next Zoom scandal? :p
Add this: the macOS installer actually installs the application at the "Checking requirements" stage then quits the installer, the user doesn't actually get to press "Install". Very shady.

Quicker people move away from that rancid software the better.
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article136 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
Read Full Article492 comments
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Read Full Article66 comments
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
Read Full Article38 comments
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...
Read Full Article133 comments