
Does Zoom use end-to-end encryption? - feross
https://blog.cryptographyengineering.com/2020/04/03/does-zoom-use-end-to-end-encryption/
======
dang
It seems like the root node of this article graph is
[https://citizenlab.ca/2020/04/move-fast-roll-your-own-
crypto...](https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-
quick-look-at-the-confidentiality-of-zoom-meetings/), which is being discussed
here:
[https://news.ycombinator.com/item?id=22768494](https://news.ycombinator.com/item?id=22768494)

The Intercept article on it has a discussion here:
[https://news.ycombinator.com/item?id=22767807](https://news.ycombinator.com/item?id=22767807)

------
bgentry
The linked CitizenLab report (titled "Move Fast & Roll Your Own Crypto") is
worth reading on its own for more technical details:
[https://citizenlab.ca/2020/04/move-fast-roll-your-own-
crypto...](https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-
quick-look-at-the-confidentiality-of-zoom-meetings/)

Its key findings:

 _-Zoom documentation claims that the app uses “AES-256” encryption for
meetings where possible. However, we find that in each Zoom meeting, a single
AES-128 key is used in ECB mode by all participants to encrypt and decrypt
audio and video. The use of ECB mode is not recommended because patterns
present in the plaintext are preserved during encryption.

-The AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, appear to be generated by Zoom servers, and in some cases, are delivered to participants in a Zoom meeting through servers in China, even when all meeting participants, and the Zoom subscriber’s company, are outside of China.

-Zoom, a Silicon Valley-based company, appears to own three companies in China through which at least 700 employees are paid to develop Zoom’s software. This arrangement is ostensibly an effort at labor arbitrage: Zoom can avoid paying US wages while selling to US customers, thus increasing their profit margin. However, this arrangement may make Zoom responsive to pressure from Chinese authorities._

~~~
dang
That article is being discussed here:
[https://news.ycombinator.com/item?id=22768494](https://news.ycombinator.com/item?id=22768494).

It's not clear to me whether the threads should be merged, or—if we're to have
only one on the front page—which thread should be the one.

~~~
zenexer
I appreciate seeing multiple articles on the front page. It’s an important
issue right now, and some of the articles can be dense. I like reading
multiple presentations of the same information to see what different authors
emphasize.

------
crazygringo
Now, I don't think Zoom should have been advertising E2EE when it isn't.

But I think some people are still missing the general point that _E2EE is
fundamentally incompatible with general-purpose business /educational
videoconferencing_.

It works for Facetime which is designed for small groups exclusively using a
Facetime app.

But the second you allow phone dial-in (virtually always a hard requirement),
the second you allow cloud recording (which the article acknowledges), E2EE
becomes meaningless, because the server itself necessarily becomes another
endpoint.

For >99.9% of people this is fine.

For the <0.1% who might be the hand-selected targets of government spying,
industrial espionage, or crime enforcement, then no, _you_ shouldn't be using
Zoom. But if that's a top priority for you, you weren't already using Zoom
anyways -- I assume you'd be using auditable open-source encryption. You
wouldn't have trusted Zoom marketing terms in the first place.

~~~
bad_user
I don't understand you.

Being from Romania, in all the companies I worked on, we had the need to
communicate online by voice and video (mostly with Americans and among
ourselves), plus I tended to work in companies with a remote culture. The last
time somebody needed to dial into a call I was in was ... 10 years ago. Given
we have nearly unlimited 4G data plans for cheap and smartphones, being on the
go isn't a problem either.

Since when is this ability to dial-in such a hard requirement?

> " _For >99.9% of people this is fine._"

99.9% of people don't understand what end-to-end encryption is and why it is
needed, because they think their calls are secure, when in fact they aren't.
It is actually our responsibility to make end-to-end encryption mainstream and
to educate people.

~~~
impendia
> 99.9% of people don't understand what end-to-end encryption is and why it is
> needed, because they think their calls are secure, when in fact they aren't.
> It is actually our responsibility to make end-to-end encryption mainstream
> and to educate people.

I'm an academic and a long-time Hacker News reader. It seems that the tech
community has collectively decided that _all internet communication -- of
whatever sort_ \-- should be secure, all the time.

My first thought, is an outsider, is that this is unnecessarily anal-
retentive. But upon reflection, I'm very grateful for this. The more anal-
retentive that developers have to be, the less _I_ have to be. If HN is so up
in arms about this, it's a very good sign for Internet security overall.

What is it that you'd educate me about? That someone could have snooped in on
my departmental meeting? Before Covid-19, these meetings were held in in an
open room, in an unlocked building where people walk in and out all day.
Anyone with the desire to snoop would have had no difficulty.

From what I understand, enough pressure is being placed on Zoom that they are
cleaning up their act. From where I sit as an outsider, the system seems to
mostly be working. I'm not angry at Zoom, but I'm very happy that others are.

~~~
rhizome
If you have an office where random people can walk in off the street and out
again unfettered, that's probably an even greater vulnerability to your
company than anything Zoom is doing.

It's like having a car company and saying, "I don't know why anybody would
want seatbelts in their car, our cars explode when hit at over 5mph."

~~~
impendia
>If you have an office where random people can walk in off the street and out
again unfettered, that's probably an even greater vulnerability to your
company than anything Zoom is doing.

This is my point, in reverse.

I work in a university. Thousands of students come each day, to attend class,
to show up to professors' office hours, to attend special events. Having
physical security in the building would be a huge pain, extremely impractical.
I have never heard anyone call for it.

Are there problems? Yes, but they are either minor or very rare. For example,
sales reps for publishers will walk in and go to professors' offices door to
door. A nuisance to be sure, but not _that_ common.

Occasionally there are more serious problems. For example, in 1978, a Stanford
professor was murdered by a disgruntled former grad student [1]. If this sort
of thing was even _remotely_ common, I expect you'd see some building
security. But it's not.

In the analog world, on average people are just not all that concerned about
security. I'm not terribly convinced that they should be.

[1]
[https://en.wikipedia.org/wiki/Theodore_Streleski](https://en.wikipedia.org/wiki/Theodore_Streleski)

~~~
rhizome
Universities are kind of a special case, I wouldn't generalize on them.

------
unreal37
Relevant to say Zoom has responded to this.

[https://blog.zoom.us/wordpress/2020/04/01/facts-around-
zoom-...](https://blog.zoom.us/wordpress/2020/04/01/facts-around-zoom-
encryption-for-meetings-webinars/)

"In light of recent interest in our encryption practices, we want to start by
apologizing for the confusion we have caused by incorrectly suggesting that
Zoom meetings were capable of using end-to-end encryption."

And

"To be clear, in a meeting where all of the participants are using Zoom
clients, and the meeting is not being recorded, we encrypt all video, audio,
screen sharing, and chat content at the sending client, and do not decrypt it
at any point before it reaches the receiving clients."

As others have said, the moment you have to interact with the public phone
system, decryption has to happen before the "end".

~~~
bad_user
No, that's not a clarification.

What the TFA is saying is that the decryption key is generated by their
servers and even passed through China, even if none of the people in the
conversation are in China.

That's NOT end-to-end encryption, Zoom never does end-to-end encryption
because they have the decryption keys.

And with that clarification they keep deceiving their users.

------
wenc
Of all the Zoom articles I've seen over the past few days, I think this is one
of the more even-keeled and explanatory (vs the hyperbolic and emotional
commentary on HN). I think a level-headed, focused technical discussion (sans
incendiary language) does more to advance the conversation than snarky,
emotional outbursts. From the article:

"Are we being unfair to Zoom?

I want to close by saying that many people are doing the best they can during
a very hard time. This includes Zoom’s engineers, who are dealing with an
unprecedented surge of users, and somehow managing to keep their service from
falling over. They deserve a lot of credit for this. It seems almost unfair to
criticize the company over some hypothetical security concerns right now.

But at the end of the day, this stuff is important. The goal here isn’t to
score points against Zoom, it’s to make the service more secure. And in the
end, that will benefit Zoom as much as it will benefit all of the rest of us."

~~~
smhenderson
I read an article on NPR [1] this morning about a guy giving his doctoral
dissertation over Zoom. It was broken into by someone putting porn up on the
screen and then a few racial epithets as well. I don’t think it’s unfair to
criticize them if this is allowed to happen on their service. Yes we need to
keep it civil and yes acknowledge that they are working on fixing it but,
given the type of service they offer, I think things like security should have
had more focus before they launched rather than dealing with it after the
fact.

[1] [https://www.npr.org/2020/04/03/826129520/a-must-for-
millions...](https://www.npr.org/2020/04/03/826129520/a-must-for-millions-
zoom-has-a-dark-side-and-an-fbi-warning)

~~~
manfredo
But isn't that fundamentally s problem with users not setting passwords? A 6
digit meeting key means that if there's 50,000 meetings running at once, each
code has a 1/20 chance of hitting an active room.

~~~
_jal
> A 6 digit meeting key

But this is the sort of lack of foresight that bothers me about Zoom. Let's be
clear -

\- It isn't that they're being attacked, that happens to any service where
there's a payoff.

\- Is is not that they have vulnerabilities, bugs happen.

Is is that they actively tried to deceive about E2E. It is that they never
anticipated having 1M simultaneous connections, or the problem that would
result before that. It is that they do insecure things to people's machines.

They act like undisciplined malware authors who happen to work on what is
supposed to be a business product. What will the next "bug" be?

Actively looking for something that will work for us that isn't so
untrustworthy.

~~~
uberdru
You nailed it. It is the trust issue. This warning may have absolved them,
"your shared encryption keys may be issued from data centers in China". It
also would have destroyed their business.

~~~
rstuart4133
It strikes me that if trust was a big an issue to most people as it appears to
be to you, the US would have a different president.

I'm not knocking the need for trust, but trusting an closed source code served
up by a central server is a bit of stretch for me. The temptation to monetise
it is huge, and failing the governments around the world are give themselves
permission to order the centralised server to decrypt it and send them a copy,
and keep quiet about it. Finally there is absolutely no visibility to keep the
vendor honest. They can silently update their code at any point without
telling you, include switches that turn any feature off and on without you
being aware of it and with little risk of researchers seeing it.

In circumstances like that any "trust" seems to me to be a huge stretch. About
the best you can hope for competition is going to keep respecting the
customers needs rather than their own need for money. It better to assume it's
sent in the clear - which is what I assume with zoom.

------
bad_user
Zoom is lying in their marketing AND in their recent clarification.

As the article is saying, they always have the decryption key on the server
side, so they always have the capability to decrypt the stream.

Given the current state of affairs I wouldn't have minded Zoom not being end-
to-end encrypted, but by lying about it, my trust in Zoom plummeted.

------
petergatsby
Article dances around and equivocates. Simple answer is "no".

Whole purpose of E2EE is to assume server is untrusted, but build a secure
system anyway.

Zoom can watch & read your content whenever they want to. Full stop.

~~~
m3kw9
All your cell phone calls can be heard at the providers servers too

------
jwr
I wish somebody verified the encryption claims of other companies (like
Whereby or GoToMeeting). Zoom is getting scrutiny because it became The
Popular Thing, but it's not the only tool.

~~~
nix0n
That's part of it, but it's also because E2E is a specific security guarantee
which most cloud meeting providers (including in most cases Zoom) don't
provide.

Contrast with Gotomeeting's claims[0] that data transmitted between their
servers and their users are encrypted using TLS. This is a weaker claim.

[0][https://www.gotomeeting.com/meeting/resources/hipaa-
complian...](https://www.gotomeeting.com/meeting/resources/hipaa-compliant-
video-conferencing) (third table)

------
kemonocode
> I want to close by saying that many people are doing the best they can
> during a very hard time. This includes Zoom’s engineers, who are dealing
> with an unprecedented surge of users, and somehow managing to keep their
> service from falling over. They deserve a lot of credit for this. It seems
> almost unfair to criticize the company over some hypothetical security
> concerns right now.

I'll have all the sympathy for Zoom's employees who are probably having
mandatory overtime in order to keep things running smoothly and to patch
things up in response to all the (very legitimate) concerns being brought up,
but at the end of the day, Zoom _is_ a for-profit company, not a charity. A
for-profit company with links to China [0] that's in a very unusual situation
right now and potentially coming in contact with a lot of sensitive
information as a great deal of people have come to rely on them. I don't think
they deserve to be cut any slack and honestly, the more people find and use
other alternatives, preferably open source ones (Jitsi Meet [1], BigBlueButton
[2], Jami [3], among others) the better.

[0] [https://citizenlab.ca/2020/04/move-fast-roll-your-own-
crypto...](https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-
quick-look-at-the-confidentiality-of-zoom-meetings/)

[1] [https://meet.jit.si/](https://meet.jit.si/)

[2] [https://bigbluebutton.org/](https://bigbluebutton.org/)

[3] [https://jami.net/](https://jami.net/)

------
jedberg
I feel bad for Zoom right now. They had a great product that people loved, and
now all of a sudden they are having an explosion in usage and scrutiny.

And the worst part is that all of this scaling work will be for only a
temporary increase. Once everyone gets called back to the office and people
can see their friends in person, their traffic will go back down.

Usually if you have an explosion of popularity like this you at least know
that your work will be going towards continued growth and revenue.

Having been on the other side of explosive growth, I can empathize with the
engineers at Zoom who have to deal with this.

To their credit, they seem to have built a system that can scale pretty well
given how well the product has just kept working.

~~~
rhizome
People might not get called back to the office for a long time.

------
herf
I think building an iMessage-style PKI might be a wasted effort for them. They
would need to immediately and silently inject server "participants" that
listen in to every conversation (for dial-in or recording), so the permission
model is not much better than a shared ephemeral key. To some extent, the
difference depends on logging--if you log the ephemeral key or throw it away
(or similarly, if you throw away the made-up participant private key or keep
it).

Maybe they should allow small groups to establish on-the-fly OTR-style
conversations when they can.

------
ken
> It indicates that the Zoom client — meaning the actual Zoom software running
> on a phone or desktop computer — is capable of encrypting audio/video data
> to other Zoom clients in the conversation, without exposing your sensitive
> data to Zoom servers.

Maybe I’m bad at English, but I had exactly the opposite interpretation. When
someone says they “don’t” do something, that implies to me that they are able
to, but choose not to. Otherwise, they’d just say they “can’t”.

------
jtxt
At least we can go self hosted now: [https://jitsi.org/](https://jitsi.org/)

~~~
kardos
Has Jitsi received any serious security scrutiny? Are they also making rookie
mistakes?

~~~
jamesaepp
If only people had this type of mindset and attitude _before_ they selected a
communications platform.

~~~
tyingq
I imagine a lot of these decisions were pretty rushed this year. There are a
ton of Universities, businesses, etc, that hadn't previously done any large
scale video conferencing. They didn't have much time to do a thoughtful
selection.

Zoom is under scrutiny largely because it's a suddenly a highly popular
choice. All the hoopla incented skeptics to take a closer look.

~~~
jamesaepp
The fact is that almost none of the communications we use on a daily basis are
end-to-end encrypted. What response would you get if you told staff, partners,
executives, support personnel, etc that the new standard was based on GPG web-
of-trust or hierarchical S/MIME emails and that all plain text emails (or any
not digitally signed) were going to be binned at the mail servers?

For that, I don't blame organizations for doing what they had to do - it's
perfectly reasonable. But the discussion that results from this is mostly
healthy. Zoom will suffer from the PR but I think that will give us better
options as a result going forward.

------
dpwm
Is E2E encryption desirable for video chats with >2 participants?

Let's say I'm talking with two other people: is there a way to do E2E
encryption without having to send out the same stream twice?

edit: Just realised a common key would allow this. But I am still interested
in schemes for deriving a key amongst multiple parties using a middleman
without the middleman knowing the key. It seems like a rather hard problem.

~~~
coder543
> But I am still interested in schemes for deriving a key amongst multiple
> parties using a middleman without the middleman knowing the key. It seems
> like a rather hard problem.

This is exactly what happens when your browser establishes an HTTPS
connection. There are _many_ middlemen between you and the web server, but it
still manages to negotiate a shared symmetric key (the session key) that can
be used for the bulk of the encryption.

The difference is that there is no certificate authority vouching for each
participant in a video call's identity, so you would need to do independent
identity verification if you want to ensure that the call is secure, which
some people would do by reading the public keys of each participant aloud, and
people verifying that everything matches what they see.

~~~
dpwm
> The difference is that there is no certificate authority vouching for each
> participant in a video call's identity, so you would need to do independent
> identity verification if you want to ensure that the call is secure, which
> some people would do by reading the public keys of each participant aloud,
> and people verifying that everything matches what they see.

This is a good point I hadn't considered. It led to me questioning how signal
did it "right," and realising that there is seemingly no way around educating
users to check public keys.[0]

So if video chats were meaningfully E2E encrypted, we would need a way to
verify the public keys, which afaik Zoom doesn't have.

[0]
[https://web.archive.org/web/20160828135326/https://www.inter...](https://web.archive.org/web/20160828135326/https://www.internetsociety.org/sites/default/files/09%20when-
signal-hits-the-fan-on-the-usability-and-security-of-state-of-the-art-secure-
mobile-messaging.pdf)

------
surround
One thing I don’t understand is why Zoom is more popular than Jitsi. Zoom
charges a subscription fee for meetings longer than 40 minutes, where Jitsi is
free for unlimited use. What does Zoom offer that Jitsi doesn’t?

------
boring_twenties
How the fuck does one even arrive at the possibility of using ECB mode? Even
knowing nothing about encryption, I know enough not to do that.

------
kryogen1c
what is there to even say at this point. everyones mad at zoom; we hit
critical volume for mob mentality and now no amount of discussion or reason
matters.

should they have marketed it is e2e when sometimes its not? of course not,
theyre wrong.

do you fucking care? do you need more than one hand to count the number of
products that are e2e encrypted? if you use the definition of e2e in the
article, nothing apple does is e2e either. does anyone else that's not in tech
even understand what encryption is at all, much less e2e?

they use a shitty encryption scheme when they do e2e? theyre wrong and should
do better.

do you care? your threat model is that someone knows your meeting, is in place
beforehand, intercepts the encryption, decodes it, and then spys on your
conference?

this couldn't be more of a penny-wise, pound-foolish scenario. why are we
still talking about this. please stop

~~~
endorphone
Your post seems a little over the top.

Millions are still using Zoom. Its shares are still trading at an enormous
premium.

The technical discussion is something altogether different, and people are
allowed to have that, regardless of your consternation. And hopefully a better
product comes out of it.

"if you use the definition of e2e in the article, nothing apple does is e2e
either"

This bit of sad whataboutism is technical nonsense, though. No, Apple, and a
number of other vendors, actually do this right.

I honestly think Zoom's engineers, who have made a number of rudimentary
serious technical blunders, thought "end-to-end encryption" meant "it's
encrypted during every stage of transport". I've seen a number of companies
make this mistake.

~~~
Judgmentality
> I honestly think Zoom's engineers, who have made a number of rudimentary
> serious technical blunders, thought "end-to-end encryption" meant "it's
> encrypted during every stage of transport". I've seen a number of companies
> make this mistake.

This means they're incompetent, full stop.

I don't think that at all. I think the marketing team is just full of shit.

~~~
betterunix2
I think the engineers told the marketing team that they implemented E2E and
the marketing ran with it. The same engineers who rolled their own crypto
using ECB mode probably thought they were telling the truth. The marketing
team probably asked if they had used blockchain too. Until recently they were
just another a small company trying to build a customer base in a crowded
market.

------
jamesaepp
Short answer: No.

