
Zoom End-to-End Encryption Whitepaper - ceohockey60
https://github.com/zoom/zoom-e2e-whitepaper
======
MintelIE
How can they offer E2E while still complying with Chinese laws?

~~~
frenchy
Quite easily. They just need to make it so that one of the "ends" is Zoom
itself.

~~~
kerkeslager
Zoom isn't an end. That's not what "end" means in the context of "end to end".

~~~
frenchy
It shouldn't be, but if you don't control the software and the encryption
algorithm, there's no reason why zoom couldn't just sign the content so that
could evesdrop on everything.

~~~
dependenttypes
Signing has nothing to do with eavesdropping.

~~~
kerkeslager
That's simply not correct. If you don't have authentication you don't have
encryption.

------
m3kw9
It seems to me they have a way to do E2E without sacrificing quality with many
participants.

~~~
kerkeslager
It seems more like they didn't implement E2E encryption.

~~~
m3kw9
How so?

------
dougwbrunton
At [https://team.video](https://team.video) instead of lying to you and saying
we do end to end encryption, we tell you that we do point to point encryption:
[https://team.video/pages/security](https://team.video/pages/security)

This allows us to identify the active speaker, keep some statistics on who
spoke in the meeting, and rely on mediasoup's fantastic media router ("e.g.
hey, we missed a keyframe there, can you give one to me?")

(edit: omit needless words)

~~~
m3kw9
So we should try your service just because you say you won’t lie? What do you
think of this white paper anyway?

~~~
kerkeslager
Compare:

1\. Zoom: is actively lying right now, has lied in the past, and has had
numerous security breaches which were easily avoidable.

2\. Team.video: This Doug W. Brunton fellow may be lying, but at least is not
currently taking an opportunity to lie, and seems to have a decent grasp of
the tradeoffs involved in end-to-end versus point-to-point.

~~~
m3kw9
So we should use your service because you don't lie, correct?

~~~
logie17
I don't think he's trying to convince you he's not lying, but rather we should
promote services that encourage transparency and open standards.

