Previously, Zoom said the gold standard of encryption would only be available for paid users of its platform.
When Zoom said this level of security—which means no one including Zoom or law enforcement has the keys to your data—was only available for paying accounts, it was met with anger by many users and security advocates, with some saying the company was asking people to pay for additional security.
As I wrote at the time, Zoom users will have to give up some additional functionality in order to use end-to-end encryption, such as the ability to dial in to calls. Zoom also said it was difficult to manage the Zoom bombing issues that have been plaguing it for some time, as end-to-end encryption would give criminals somewhere to hide.
Now, Zoom thinks it has solved this issue. As Zoom CEO Eric Yuan confirmed the move in a blog, he detailed how free users would have to give up some personal details in order to gain the sought after end-to-end encryption feature. If you don’t want to use it, you can just settle for Zoom’s normal level of encryption.
“Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message.
“We are confident that by implementing risk-based authentication, in combination with our current mix of tools—including our Report a User function—we can continue to prevent and fight abuse.”
Why Zoom’s feature might not be as good as it sounds
But nothing comes for free—Zoom wants you to give up your personal details in exchange for using the feature. And as privacy expert Pat Walshe detailed on Twitter: “How does this really prevent those determined to commit child sexual abuse. They could use an anonymous SIM card for example or online SMS 2FA tools. What’s the scale of the problem? How was it determined this is an appropriate solution to the problem?”
Zoom will start testing the end-to-end encryption function in July. The dramatic turnaround also comes as Zoom releases its end-to-end encryption design on GitHub.
Zoom has the ability to offer this level of security because of its recent purchase of Keybase. But Zoom is able to pull end-to-end encryption off on a platform that hosts large groups of users at once, it’ll certainly be a huge achievement.
At the same time, concerns remain over whether it can balance this level of security with safety and still prevent child exploitation and other abuse of its platform.
Zoom is also battling to gain many users’ trust, leading some to seek a more secure alternative. After the video conferencing app bowed down to China’s demands last week, and with a sometimes chaotic method of communication to users, Zoom still has a long way to go.