On its website and in a security white paper, the US-based video conferencing company boasts of end-to-end encryption. However, The Intercept discovered that the service actually uses transport encryption.
Transport encryption is a Transport Layer Security (TLS) protocol that secures the connection between a user and the server to which they are connected. TLS is also used to help secure connections between users and any website they visit using HTTPS.
However, the main difference between transport encryption and end-to-end encryption is that even if others will not be able to access your data, Zoom will still be able to.
In a statement to Interception, a Zoom spokesperson revealed that the service is unable to provide end-to-end encryption at this time, stating:
“Currently, it’s not possible to enable E2E encryption for Zoom video conferences. Zoom video meetings use a combination of TCP and UDP. TCP connections are established using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection. “
Basically, the company clarified that its use of the term “end-to-end” in its white paper refers to the encrypted connection between Zoom endpoints. This means that other people cannot access the shared data during Zoom video calls, but the company itself still can.
Despite its recent surge in popularity, a number of privacy issues have surfaced around the service, such as how it has been found that its iOS application is sending data to Facebook without explicit user consent. Fortunately, Zoom recently removed the code that was sending data to the social network.
In addition, a new report by Sleep computer revealed that it is possible for hackers to steal passwords through Zoom’s Windows client.
- We have also highlighted the best VPN services