
Zoom still claims ability to “secure a meeting with end-to-end encryption” - tonyztan
https://zoom.us/security
======
franciscop
The website does not just say "end-to-end" and leave it open to
interpretation. It goes into some detail of how it works:

> End-to-End Chat Encryption allows for a secured communication where only the
> intended recipient can read the secured message. Zoom uses both asymmetric
> and symmetric algorithms to encrypt the chat session. Session keys are
> generated with a device-unique hardware ID to avoid data being read from
> other devices.

This contradicts their previous statement[1] that end-to-end encryption means
from the client to the browser. Surely the "recipient" of the communication is
not zoom, but the other person you are talking to, right?

[1] [https://theintercept.com/2020/03/31/zoom-meeting-
encryption/](https://theintercept.com/2020/03/31/zoom-meeting-encryption/)

~~~
kerng
Your comment above mentions chat encryption- not video..

~~~
franciscop
You are right, then my case is weaker since they do not define _video_ end-to-
end encryption explicitly. But still this shows that they do know what end-to-
end encryption means as opposed to what was claimed previously.

~~~
kerng
Correct - but it also shows that they continue to actively mislead people.

------
upofadown
It appears that the stuff about there only being TLS as far as the servers is
wrong. There is encryption and it goes all the way to the ends. That's all you
need these days to claim e2ee it seems. It doesn't matter that the company
making the claim can easily decrypt the data.

It's all a black box all the way down to the closed source clients. This whole
discussion seems kind of pointless. Crap is crap.

------
slovenlyrobot
Entirely shoot from the hip comment, but at this point I feel it's warranted..

What is with all the Zoom hate? The company have been around for a decade,
enjoyed relatively mediocre success until the outbreak of Covid, and suddenly
apparently since they're experiencing huge demand and press coverage, every
man and his dog is finding reasons to write a blog post complaining about
them.

I've read some article splitting hairs over the nuances of "end to end
encryption" and how Zoom is so horrible, evil and wrong because they, like
almost every telecommunication provider under the sun, can intercept your
calls. What makes Zoom so special?

What's driving all this hate? Because it's a far more interesting question
than what technical flaws Zoom, or any other product in this category, almost
certainly suffer from.

Has someone done any security analysis of Houseparty? It's experienced surge
growth in the same period. But in the time I've seen maybe 20 Zoom-hate
articles on HN I haven't seen a single mention of Houseparty. What about
Google Hangouts: is it "end"-to-"end" "encrypted"? What about its recording
feature? Where are the articles? Where is all the hate?

Why?

~~~
sneak
It’s quite simple: Zoom are lying. They’ve doubled down on their lies.

End to end encryption means something. Zoom isn’t that. Zoom is claiming to be
that.

There’s not much to it.

They set the stage for it previously, too: they’ve done all sorts of shady
things with computers onto which their client is installed. Zoom singled
themselves out of the pack by being some of the only name-and-address provided
software to use these techniques; everything else that does so is criminal
malware.

Apple even pushed an OS malware detection update to remove Zoom’s backdoor.

They stand alone because of their own choices.

------
empressplay
Fake it 'till you make it!

~~~
mladen5
And when you make it there is no reason fix anything

------
kerng
They are behind with their responses, what about the ECB usage?

[https://citizenlab.ca/2020/04/move-fast-roll-your-own-
crypto...](https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-
quick-look-at-the-confidentiality-of-zoom-meetings/)

That by itself might render encryption claims from Zoom as meaningless.

