Zoom has now confirmed that all users will get access to end-to-end encryption, bringing a close to a debate that’s surfaced over the last few weeks and months. With so many working from home, Zoom has become increasingly important in recent months and by the same token, so has the gaps in its security features, with encryption having been one of the most controversial.
With a rise in attacks and the value of user data only increasing, end-to-end encryption is important at any time. However, with the COVID-19 pandemic causing so many to work from home, and in some cases, entire business operations moving online, the need for sufficient levels of protection have never been greater. This is regardless of whether the user (or the company) is a paid or free customer of a platform like Zoom.
While Zoom had previously announced it was readying better security through the addition of end-to-end encryption, at the time, the company also made it abundantly clear that the highest level of protection was being reserved for paid Zoom customers. Those using the free service would get better protection as well, but not an end-to-end level. However, after mounting pressure, the company has since revised it position and announced it will now offer all users end-to-end encryption.
How Free Zoom End-to-End Encryption Works
Although Zoom has now confirmed end-to-end encryption will be available to all users, the important point to note is that it won’t be enabled by default. Instead, the company will automatically use AES 256-bit GCM encryption when it comes to free users. The company says that activating end-to-end encryption limits some of the service’s functionality and therefore, users will have to manually activate the feature as and when required. Essentially, free Zoom hosts will need to turn on end-to-end encryption on a per-meeting basis.
In addition, users will need to first authenticate their account before they are able to use end-to-end encryption. Similar to other services that offer a comparable level of protection, this will include a one-time process that requires users to hand over additional personal data. In explaining this, Zoom uses verifying a phone number as an example.
While a default use of end-to-end encryption is the ideal, at least having the option available is what ultimately matters. The advanced level of protection not only ensures users of the video-conferencing solution can use the service safely, but also without having to feel that they must pay a monthly fee for the protections they should be getting for free. Privacy is not supposed to be something that comes with a price tag, so it is a positive that Zoom has now reversed its previous decision and stance. Although, that in itself is starting to become a concern, considering the company seems to go back on a lot of things. For example, besides the encryption issue, the company also had to explain and change its stance on how it handles international government requests. The number of U-turns Zoom keeps needing to make highlights how this is still a service that’s finding its feet, in spite of the recent spike in users.
