Zoom's New, Stronger Encryption May Only Protect Paying Clients (newsweek.com) 21
"Zoom plans to strengthen the encryption of its service for paying customers," reports Newsweek, "but the upgrade will not be available to users of its free service."
Zoom security consultant Alex Stamos later confirmed the details of the reported move in an interview with Reuters, which first reported the changes on Friday. But he also told the news outlet that Zoom's plans could still change. "The CEO is looking at different arguments," Stamos said.
"The current plan is paid customers plus enterprise accounts where the company knows who they are." In the wake of privacy concerns, he added that Zoom was making significant efforts to upgrade safety and trust on its platform. In an emailed statement to Newsweek, a Zoom spokesperson said: "Zoom's approach to end-to-end encryption is very much a work in progress — everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to." The tech company's plans to boost the encryption of video calls on its platform have been revealed a month after it was reported that half a million Zoom account credentials were being sold on the Dark Web.
Zoom's increased usage during lockdowns brought increase scrutiny, reports CNET, which "revealed several Zoom security problems and the fact that an earlier Zoom boast of end-to-end encryption was baseless."
"The current plan is paid customers plus enterprise accounts where the company knows who they are." In the wake of privacy concerns, he added that Zoom was making significant efforts to upgrade safety and trust on its platform. In an emailed statement to Newsweek, a Zoom spokesperson said: "Zoom's approach to end-to-end encryption is very much a work in progress — everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to." The tech company's plans to boost the encryption of video calls on its platform have been revealed a month after it was reported that half a million Zoom account credentials were being sold on the Dark Web.
Zoom's increased usage during lockdowns brought increase scrutiny, reports CNET, which "revealed several Zoom security problems and the fact that an earlier Zoom boast of end-to-end encryption was baseless."
Zoom has had encryption for paying customers (Score:1)
Hospitals are using this for patient encounters, they've had US-based data center and end to end encryption for a long time.
The fact that the free version doesn't have it doesn't make it insecure, it makes you a cheapskate. Free/trial versions never have the full feature set.
Re: Zoom has had encryption for paying customers (Score:2)
Re: (Score:1)
Hospitals are using this for patient encounters, they've had US-based data center and end to end encryption for a long time.
The fact that the free version doesn't have it doesn't make it insecure, it makes you a cheapskate.
Yes, I am. I have no need for Zoom unless someone else insists on me using it to communicate.
Free/trial versions never have the full feature set.
Well now, isn't that the truth. Which means I am basing my opinion of the service on a crippled version. Great marketing there, Lou! And after the whole privacy issue [vox.com] with them, it is another black mark against them. (I do not give a shit what the CEO says. I will not trust them until it is PROVEN that it is true and the burden of proof is on them.)
I have become incredibly cynical with current online services. W
Re: Zoom has had encryption for paying customers (Score:2)
1) full version with tons of ads
2) full version short term non-renewable demo
3) full vs. paid versions with different features
You're not getting a fully featured version with no ads and no payment for life for free. Makes no sense.
Re: Zoom has had encryption for paying customers (Score:1)
Binary (Score:2)
Either it's E2E-encrypted or it isn't. That statement means it isn't.
Technically true, but also technically challenging (Score:2)
Either it's E2E-encrypted or it isn't. That statement means it isn't.
For two parties true. Much more challenging when there are more than two people on the call because you have to define what the "ends" are. If you have three people, you either have a hub and spoke data transmission model where three ends that share a common encryption key (not technically end "end to end" as more then two parties share a key) or each party has a separate end to end channel with the other two endpoints (doubling the bandwidth for each party and gets way worse as you scale up the number of p
Re: (Score:2)
Re: (Score:2)
Public Key Encryption:
Everyone in a meeting encrypts to host, host encrypts to attendees.
Re: (Score:2)
Re: This is one of the issues with capitalism (Score:1)
Re: (Score:2)
Do all participants need to pay? (Score:3)
If the host of the meeting is a paying customer, will all participants get E2E encryption?
At least, with the other perks for paying customers (time limit on meetings, maximum number of participants), only the host needs to pay.
Is this still true? (Score:2)
As of today (May 31), Zoom [support.zoom.us] states:
"Beginning May 30, 2020, all Zoom clients must be on 5.0+ in order to join any meeting, as GCM Encryption will be fully enabled for all Zoom meetings. This also applies to Zoom Rooms."
"Do I need to be a paid user to have GCM encryption? No, all accounts will use GCM encryption once enabled on May 30."
"Can I opt out of GCM? No, this is a required change for all accounts on the Zoom backend."
So if these statements are accurate every account, paid or unpaid, will have GC
Re: (Score:2)
I never used Zoom (Score:1)
Safety (Score:1)