The application, Zoom has become quite popular recently as more and more businesses are moving towards work from home. However, many employees are worried whether their boss can monitor most of their activities on the system or not. Previous researches have revealed Zoom to be an unsafe platform but due to lack of options, people are forced to use it for work and online learning.
The policy of privacy on the website and in its security white paper states that Zoom has end-to-end encryption for the meetings so people should not be worried about the security of the application. However, new research from The Intercept proved it to be a lie.
A spokesperson from Zoom was questioned by The Intercept about the security of the video conferences and whether they support end-to-end encryptions or not. The spokesperson said, “Currently, it is not possible to enable E2E encryption for Zoom video meetings.” Well, so why does it say the opposite on the website?
Source: The Intercept
Basically, the application uses TLS encryptions that have a similar approach to those that companies use to secure HTTP websites. This means that whatever data is exchanged between you and other Zoom’s servers is protected just like the content on Gmail and Facebook.
However, end-to-end encryption means that your information is not even visible to the company itself like WhatsApp states on its website and in every chatbox. So this particular feature is not supported by Zoom and this is why using the term “end-to-end encryption” is quite unethical.
However, unsurprisingly, Zoom stresses that they are not misleading the users. A spokesperson said, “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom endpoint to Zoom endpoint,” and that “content is not decrypted as it transfers across the Zoom cloud.”
Source: The Intercept
The in-meeting text chat on Zoom does support end-to-end because according to the company, they cannot decrypt the messages exchanged between the users. The spokesperson also said that the data collected from the users usually resolves around IP addresses, OS details in device details and this is done solely to optimize performance.
So, employees do not have any contact with the information that users transfer in their chat boxes and therefore, there is no chance of any sort of data being sold. However, when they were questioned about being forced to share the information for legal proceedings by the authorities, Zoom refused to give a statement.