This is hardly the first security incident for Zoom; macOS users will remember the massive security bug from last summer, but a considerably greater amount of attention is on the company given its rising popularity. While the company touts end-to-end encryption in its marketing and security white paper, Zoom fails to meet the traditional definition of end-to-end encryption in one crucial way.
Best video conferencing apps and softwareWhere to buy a webcam: In stock at select retailersZoom, Google Hangouts attract phishing and malware hackers: how to protect yourself
Yes, Zoom completely encrypts your video conference while it’s in transit, meaning no one can intercept the stream and view it. However, Zoom has access to your unencrypted video and audio on its end. This means Zoom staff could potentially view your content or Zoom could be compelled to turn your content over to law enforcement. Zoom issued this response to The Intercept: “Zoom takes its users’ privacy extremely seriously. Zoom only collects data from individuals using the Zoom platform as needed to provide the service and ensure it is delivered as effectively as possible. Zoom must collect basic technical information like users’ IP address, OS details and device details in order for the service to function properly.” The company continued, “Zoom has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including — but not limited to — the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.” Clearly, it is in the company’s best interest to keep your data private and secure, but as it stands, there are some circumstances where this would not be possible. Whether this concern is enough for you to stop using Zoom is up to you. Many users will likely shrug this off as not a significant worry as the service runs well and meets their needs. The more troubling aspect is that Zoom was misleading customers with its claims of end-to-end encryption. We hope, at a minimum, to see that language clarified on its website and marketing. Whether the company is also able to address this and move to a true end-to-end encryption model remains to be seen. For those who are worried about the security implications, some other services that we like that do offer true end-to-end encryption include Cisco’s Webex and GoToMeeting.