The website does not just say "end-to-end" and leave it open to interpretation. It goes into some detail of how it works:
> End-to-End Chat Encryption allows for a secured communication where only the intended recipient can read the secured message. Zoom uses both asymmetric and symmetric algorithms to encrypt the chat session. Session keys are generated with a device-unique hardware ID to avoid data being read from other devices.
This contradicts their previous statement[1] that end-to-end encryption means from the client to the browser. Surely the "recipient" of the communication is not zoom, but the other person you are talking to, right?
You are right, then my case is weaker since they do not define video end-to-end encryption explicitly. But still this shows that they do know what end-to-end encryption means as opposed to what was claimed previously.
I can't find that previous statement from Zoom in the linked article. They actually said things were encrypted from end point to end point. The article itself speculated that they actually meant server to server but in light of subsequent testing that is probably wrong.
It appears that the stuff about there only being TLS as far as the servers is wrong. There is encryption and it goes all the way to the ends. That's all you need these days to claim e2ee it seems. It doesn't matter that the company making the claim can easily decrypt the data.
It's all a black box all the way down to the closed source clients. This whole discussion seems kind of pointless. Crap is crap.
Entirely shoot from the hip comment, but at this point I feel it's warranted..
What is with all the Zoom hate? The company have been around for a decade, enjoyed relatively mediocre success until the outbreak of Covid, and suddenly apparently since they're experiencing huge demand and press coverage, every man and his dog is finding reasons to write a blog post complaining about them.
I've read some article splitting hairs over the nuances of "end to end encryption" and how Zoom is so horrible, evil and wrong because they, like almost every telecommunication provider under the sun, can intercept your calls. What makes Zoom so special?
What's driving all this hate? Because it's a far more interesting question than what technical flaws Zoom, or any other product in this category, almost certainly suffer from.
Has someone done any security analysis of Houseparty? It's experienced surge growth in the same period. But in the time I've seen maybe 20 Zoom-hate articles on HN I haven't seen a single mention of Houseparty. What about Google Hangouts: is it "end"-to-"end" "encrypted"? What about its recording feature? Where are the articles? Where is all the hate?
It’s quite simple: Zoom are lying. They’ve doubled down on their lies.
End to end encryption means something. Zoom isn’t that. Zoom is claiming to be that.
There’s not much to it.
They set the stage for it previously, too: they’ve done all sorts of shady things with computers onto which their client is installed. Zoom singled themselves out of the pack by being some of the only name-and-address provided software to use these techniques; everything else that does so is criminal malware.
Apple even pushed an OS malware detection update to remove Zoom’s backdoor.
The issue is not that Zoom is lacking end to end encryption. The issue is that Zoom is claiming to be end to end encrypted while lacking end to end encryption.
Yes, that people should have correct information to base their decisions on seems like an important hill. Even if I personally didn't expect Zoom to be end-to-end encrypted, because I as a technical person know that's difficult for what they're offering (and didn't look at their marketing pages).
Are you actually surprised people don’t like being lied to? Zoom behaves like malware in a number of ways (just look at how the installer works!), and the company outright lies about features like this. Yes, people are going to be upset about this behavior.
I think it’s pretty normal to care about truth in advertising. Also, there have been many revelations in the past few years about internet surveillance. And to top it off, the EARN IT act that’s currently being considered in the US Congress is ultimately aiming to ban end-to-end encryption so passions about this topic are running extra hot. Put all that together with millions of people stuck at home being forced to use Zoom meetings, and you have the ingredients for a pretty good rage cocktail!
This seems really disingenuous, like you care more about dissing someone than understanding the pros and cons of using this tool that suddenly is one of the only ways to connect with people.
b) Zoom is a major phenomenon right now, massive user boost, at first positive articles all over the media about how everyone is now using it for all kinds of things etc. That means people are paying attention to it, and if they find something (and apparently there was a bunch of things to find) the same media is going to pick it up, because it's already talked about everywhere, boosting what normally would be a blogpost somewhere only few read, or a private bug report, to something hitting mainstream channels. Which means more people have opinions about it, which means more space to argue about if those opinions are justified or not, ... (Whereas I haven't heard of whatever "Houseparty" is, neither in positive nor in negative)
c) There's no discussion of Google Hangouts being end-to-end encrypted because Google doesn't claim it is, doesn't claim their servers don't decrypt it, ...
d) If someone finds security issues in hangouts, I'd hope they report it, but given the above it likely wouldn't be as widely reflected in the media. If they'd gotten all the positive attention, more people would be digging there now/rolling out the usual anti-Google talking points/...
It's like a friend invited you to a party at Zoom's house, and you go because of your friend. And then you invite a friend to the next party, and your kids are having parties there.
Until you find out that Zoom's been taking advantage of you and all your friends. And Zoom has been going through your coat in the coat closet, and unlocking your car with your car keys.
You started because of your friend, but now you feel used.
This could have been true except probably half of HN have an Android phone in their pocket. So this, like with Android and Google Play Services, is a case study in perception management. Suddenly the perception of Zoom seems to be forced in a particular direction.
My paranoid 4 glasses of wine self can believe nothing other than money being involved.
It’s very simple: with great power comes great responsibility.
Zoom is having explosive growth, and they very much deserve scrutiny, as half of the world is installing their app, and it’s powering now communication from random birthdays, schools to medical support.
Zoom should have just called it 'Autopilot' instead of end-to-end and HN would have defended it to the death, despite that not actually being what was offered.
> End-to-End Chat Encryption allows for a secured communication where only the intended recipient can read the secured message. Zoom uses both asymmetric and symmetric algorithms to encrypt the chat session. Session keys are generated with a device-unique hardware ID to avoid data being read from other devices.
This contradicts their previous statement[1] that end-to-end encryption means from the client to the browser. Surely the "recipient" of the communication is not zoom, but the other person you are talking to, right?
[1] https://theintercept.com/2020/03/31/zoom-meeting-encryption/