
Zoom Falsely Claims Its Group Video Can Be End-to-End Encrypted - lladnar
https://daringfireball.net/linked/2020/03/31/zoom-e2e
======
bgentry
Link to the source article: [https://theintercept.com/2020/03/31/zoom-meeting-
encryption/](https://theintercept.com/2020/03/31/zoom-meeting-encryption/)

Dupe of
[https://news.ycombinator.com/item?id=22735746](https://news.ycombinator.com/item?id=22735746)

~~~
owenwil
It feels like the URL shouldn't be an aggregator but the actual source in this
case for sure...

------
gfodor
FYI, it's currently _impossible_ to support end to end encryption in WebRTC
based video that is browser based (if using a SFU, ie a central server), given
the protocols supported in the browser. Zoom isn't, obviously, but that's
another red flag if you see such claims.

------
kaffeemitsahne
Where did Zoom come from all of a sudden? I had never heard of it before the
pandemic but now all my lecturers at two different universities are using it.
They must be doing something right at least.

(edit: not to be apologetic for the issue at hand, of course)

~~~
skizm
From what I gather, they're one of the few video conference solutions that
"just work", you don't need to install anything if you don't want (works in
the browser), and their user pricing is pretty cheap and straightforward
($15/mo/user). Also, they've scaled well as there haven't been too many (any?)
major outages, even though their usage has gone up probably 50x (complete
guess) in the last 1-3 months.

------
jcwayne
Maybe I'm missing something, but it seems like they're misusing the term in
the same way that Apple does with iMessage.

~~~
olliej
??

iMessage is fully E2E - Apple does not have any ability to decrypt messages,
only the recipient can.

There's a full white paper explaining how iMessage works, and how it achieves
full E2E. Same for FaceTime. And iMessage group messages.

~~~
alasdair_
>iMessage is fully E2E - Apple does not have any ability to decrypt messages,
only the recipient can.

This is not true.

Apple is deliberately deceptive with their claim that iMessage has "full E2E"
as you put it. While it's true that Apple can't decrypt iMessage traffic _in
transit_ Apple can absolutely decrypt your messages.

For a simple explanation, think about how an iCloud restore works for a brand
new iPhone that you've just purchased. All your messages magically appear on
the device! But they were all encrypted and Apple claims to use E2E encryption
- how is this possible?

It's simple - iCloud backup also backs up the encryption key used to read your
messages. A restore wouldn't work without it. So in practice, Apple is
deceptive when it claims that it can't read your messages (or give them to law
enforcement, etc.) - if you are a normal user with iCloud backup turned on and
you haven't explicitly taken the extra steps to disable message backups, Apple
can read every one of your "E2E" messages.

~~~
bjtitus
> iMessage is fully E2E

To be fair, this part is 100% true, unlike Zoom's claims.

The iCloud Backups issue is separate and should probably be made more clear by
Apple but the technology is certainly E2E encryption.

~~~
olliej
agreed. Ideally everything would be e2e :-/

------
meritt
Another Zoom article, and it's a dupe with one already on the front page! This
is insane. I haven't seen HN so virulent over a topic since their blind faith
defense on any criticism of Tesla.

~~~
dang
It happens all the time with follow-up posts on hot topics. Maybe we're
getting slower or something.

~~~
meritt
Yeah, just shouldn't be solely a moderator job. You'd think the userbase would
stop upvoting the same damn story and/or not flagging the dupes.

~~~
dang
Alas, statistical clouds don't work that way. No matter how many times
something has been posted, the set of users who saw it seems to have measure
zero.

------
pixiemaster
marketing mis-uses a buzzword. that’s news now.

~~~
dewey
It's news if you have a track record of privacy violations as it has been with
Zoom in the past few days.

~~~
middleclick
It's also news if your company is gaining traction and increased usage,
especially with things like this:
[https://twitter.com/BorisJohnson/status/1244985949534199808](https://twitter.com/BorisJohnson/status/1244985949534199808)

