It’s a brand new day for famous video chatting app Zoom, with a brand new privacy problem. Yesterday, the Intercept released a report highlighting that Zoom’s argument for its meetings to provide end-to-end encryption is not valid.
The video conferencing business talks on their website about end-to-end encryption, and in a separate white paper related to surveillance. However, the documentation from The Intercept finds that instead, the operation uses transportation cryptography.
The organization has explained that the reference in the literature to “end-to-end” applies to Zoom endpoints or Zoom server, which sits between clients. So, it will look at the data in technological terms. Although the company disputes that it will access or sell consumer data to third parties, it would have been easier to state explicitly the encryption standards it employs
Transport encryption is a protocol for Transport Layer Security (TLS), which secures the link between you and the server to which you are connected. This is the same encryption used in a secure HTTPS protocol link between you and any website. The key distinction between transport encryption and end-to-end encryption is that you should be able to access the data by zoom (or the computer you are attached to).
To this end, the ball is in the court of the video conferencing company to restore its credibility, enforcing solid, consistent privacy policies. Otherwise people will quickly turn to alternatives which are readily accessible and more stable.