Even if it is arguably the most popular video conferencing app right now, there have also been a lot of criticism leveled at Zoom. It is mostly connected to their security and privacy lapses that created the term “zoom bomb” which is funny at best but dangerous at worst. When they announced that they were looking into end-to-end encryption, initially they said they could not include free users. But now that they’re readying beta testing, they will include free users after all.
Zoom announced that both paid enterprise and free users will eventually get end-to-end encryption or E2EE. The updated design has actually been released on GitHub, if you’re into that sort of thing. They have been able to find a way to balance the right of users to privacy and the safety of all those who are using the platform. Their initial decision was that they could not offer it to free users because it might be used for “unlawful activity”.
If you’re using Zoom for free but you want to avail of the E2EE, you will have to undergo a one-time process where they will ask you for additional information. For example, you will be asked to verify a phone number through text message, just to make sure you are a legit person that will be using the app. This risk-based authentication and their existing tools like the “Report a User” function will help mitigate and fight abuse.
Currently, all Zoom users have AES 256 GCM transport encryption as the default, which they say is one of the strongest standards out there. Well, some might beg to disagree. But in any case, when E2EE eventually rolls out, it will be optional since there are some functions that will be limited. The one who hosts the meetings or events will be able to toggle it on or off on a per meeting basis.
Zoom says they will begin early beta testing of the end-to-end encryption starting this July. No timeline yet as to when they expect it to roll out to all users, free and paid alike.