Zoom plans encryption upgrade just for paid users

Posted:
in General Discussion edited May 2020
Video conferencing tool Zoom is planning to improve its security with stronger encryption, but only for paying customers and not those using the free version of the service.




Zoom has become a prominent player in the video conferencing industry in recent months, driven by a surge of clients prompted by the coronavirus pandemic. Its use for work-from-home purposes, as well as for education and by families and friends, has led to increased scrutiny of the app, including its security.

An advisor to the companyadvised to Reuters on Friday that it would be working to strengthen the encryption of video calls made on its service, but it wouldn't be available to all users. Under current plans, free users would be stuck with existing encryption and security features, while enhanced offerings will be provided to paid clients and institutions.

Zoom security consultant Alex Stamos advised the plan was still subject to change, but that the limitation of availability was the current course of action. He also confirmed the company has been in talks with to civil liberties groups and organizations fighting child-sex abuse, to determine what kinds of non-profit groups and specific types of user should also qualify for the increased protections.

Views on the proposal were mixed for organizations Zoom contacted. While Electronic Frontier Foundation researcher Gennie Gebhart told the company she hoped it would make protected video more widespread, American Civil Liberties Union technology fellow Jon Callas suggested it was a reasonable compromise.

"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," according to Callas. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."

Zoom's system allows people to join in meetings for free, without having to register their details with the company beforehand. While this helped raise Zoom's usage, the free and relatively anonymous nature also means there's fewer checks on people infiltrating meetings they aren't meant to attend, as well as attracting criminal elements.

A Zoom spokesperson told AppleInsider "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."

The discussion of encryption enhancements for paid users follows almost a month after the release of Zoom version 5.0, which added AES 256-bit GCM encryption, which will be available to all users on May 30 regardless of their license, and fixed a number of privacy and security issues. Zoom's problems, including "Zoombombing," has led to measures including public warnings from the FBI and a ban on teacher's use of the tool by the New York City Department of Education.

Zoom has, since May 6, become an approved platform for the NYC DOE.

Comments

  • Reply 1 of 15
    lkrupplkrupp Posts: 9,452member
    The church my wife and I attend has been using Zoom for over two months now since the lockdown. We usually AirPlay to the living room ATV to watch on the big screen. The macOS client, since v5.0, has had a problem with AirPlay in that the video shows on the ATV but not the audio. I have no idea why or whether this is a known issue. Point being every other app (like YouTube for example) works fine. It's just the Zoom client and only the Mac client. If I AirPlay (mirroring) from my iPad both the video and the audio are fine on the ATV.  The church also broadcasts live on Facebook and that AirPlays fine too.

    Who knows.
    edited May 2020 cornchipwatto_cobrapscooter63
  • Reply 2 of 15
    When is Apple going to buy Zoom to make FaceTime universal, and then own the world with respect to video conferencing? :)
    edited May 2020 cornchipwatto_cobrapujones1
  • Reply 3 of 15
    rob53rob53 Posts: 2,638member
    The title should have said Zoom will continue to be unsecured unless you pay for it. I have lots to say about the organization who think people wanting secure free software are riff-raff but I'll leave it to others to yell at these idiots. As far as NYC's Dept of Education, I presume they are paying for licenses for the schools but are they also paying for licenses for the students to use at home on their own computers?

    FaceTime is free software, as long as you're using Apple products, and it along with Messages uses end-to-end encryption. It's about time Apple stands up and ports Messages and FaceTime to other platforms. iTunes is available for Windows (through the Microsoft Store) but "the relatively small number of users and the cost to port and support programs on Linux, it's highly doubtful iTunes will make the leap to that platform" (ref: lifewire). Porting to Android could be done but we know Apple doesn't want to do it, making sure it's a product that will make people convert to iPhones. Apple used to be huge in the educational market but left when netbooks and cheap laptops/tablets were forced upon schools. Apple continues to be one of the few companies that think security first and if they want everyone to have secure products, they should suck it up and port FaceTime and Messages to Windows (desktop/laptop) and Android (even though there are tons of versions that would need to be supported).

    StrangeDayskitatitwatto_cobra
  • Reply 4 of 15
    When is Apple going to buy Zoom to make FaceTime universal, and then own the world with respect to video conferencing? :)
    Zoom's current market cap is about $50Billion. Keep dreaming...
  • Reply 5 of 15
    StrangeDaysStrangeDays Posts: 11,565member
    rob53 said:
    The title should have said Zoom will continue to be unsecured unless you pay for it. I have lots to say about the organization who think people wanting secure free software are riff-raff
    Agreed. This is absurd. 
    kitatitwatto_cobrapscooter63
  • Reply 6 of 15
    chasmchasm Posts: 2,391member
    Agreed on the headline.

    While Zoom has improved the quality of the encryption used in free videoconferences, it is very important to note that it is not end-to-end, meaning that while your meeting is encrypted between you and Zoom, it can be decrypted, seen, stored, scanned for marketing, and whatever other abuses you can imagine by Zoom employees and contractors.

    While I understand why end-to-end encryption might be considered a "premium" feature for a company like Zoom (hey, they need to make money like everyone else), a high percentage of people having Zoom meetings probably don't care about this (any more than they care about what Facebook and Google are doing with their data), and are not likely to discuss truly sensitive material, so for them there's very little incentive to move from the free tier. Business and other types of clients will feel differently, and will be glad to pay, presuming they also get other "premium" features.

    To give credit where it is due, some of the changes made by Zoom in the past weeks has reduced or eliminated "zoombombing" to a large degree, though this is like congratulating Microsoft for stopping a virus -- when the only reason the virus existed is because their OS is a putt-put golf course full of holes that make it possible.
    edited May 2020 cornchipwatto_cobra
  • Reply 7 of 15
    braytonakbraytonak Posts: 13member
    Zoom’s target audience is not the free users and never has been. The service caters to enterprise use, so I don’t have a problem with them withholding a feature for their target audience. 

    Zoom has made a lot of improvements recently for security. I think Zoom wanted to be as frictionless as possible for user satisfaction and now they’ve had to tighten things up. The continuing issues stem from users choosing not to use features like meeting passwords and waiting rooms. 

    It’s mentioned above that FaceTime and iMessage should be cross-platform. Apple isn’t making money on those services. They’re the carrot-on-the-stick that helps draw people to Apple’s ecosystem, and keep them there. The same could be said of Zoom withholding encryption for paid users.
  • Reply 8 of 15
    mdriftmeyermdriftmeyer Posts: 7,502member
    When is Apple going to buy Zoom to make FaceTime universal, and then own the world with respect to video conferencing? :)
    Zoom's current market cap is about $50Billion. Keep dreaming...

    And absurdly overvalued by about $49 billion.
    agilealtitudecornchipkitatitchasmRayz2016watto_cobrapscooter63logic2.6
  • Reply 9 of 15
    dewmedewme Posts: 3,809member
    This is a very sleazy move in my opinion. 

    This company should take a look at some of the open source communities for a lesson in how to treat all customers, paid or otherwise, with respect, integrity, and dignity.  

    No self respecting software development organization would give away a piece of software, with their name on it no less, that has known security problems. Being charitable doesn't allow you to give away tainted/spoiled meat. It's not just totally classless, it's fundamentally wrong.  

    Bad move Zoom, very bad move.


    agilealtitudecornchipkitatitwatto_cobrasvanstrompscooter63
  • Reply 10 of 15
    bonobobbonobob Posts: 307member
    I wonder what sort of encryption will be used when there is a mix of paid and unpaid meeting participants.  A lot of meetings have one paid user to get unlimited time, and everyone else piggybacking along for free.
    watto_cobrapscooter63
  • Reply 11 of 15
    mac_dogmac_dog Posts: 909member
    People have filed class action lawsuits for much less. 
    watto_cobra
  • Reply 12 of 15
    chasmchasm Posts: 2,391member
    bonobob said:
    I wonder what sort of encryption will be used when there is a mix of paid and unpaid meeting participants.  A lot of meetings have one paid user to get unlimited time, and everyone else piggybacking along for free.
    I can answer that one. Having a paid user as the host should then give all other participants the benefit of the end-to-end encryption when it is implemented. The host gets the benefits of their paid sub, and some of those benefits (currently just time limits) affect all other participants.
    Rayz2016watto_cobra
  • Reply 13 of 15
    sflocalsflocal Posts: 5,728member
    I suspect that once this story hits mainstream, and Zoom gets enough bad publicity from it they will change their tunes.
    watto_cobraagilealtitudecornchip
  • Reply 14 of 15
    FatmanFatman Posts: 513member
    Zoom, an easy to use simple interface, good variety of setup options, runs on many platforms, reliable connections, incredible brand recognition, but ... not end to end encrypted (communications can be intercepted), Chinese owner and communications routed through Chinese servers, company is not trust worthy to those that have been following their ‘missteps’.

    Most users will only look at the benefits not the cons. I’ve noticed Google has been quickly updating its service to match the usability of Zoom. Blue Jeans is a great alternative too. FaceTime needs two major changes to be a force - cross platform compatibility and functions for scheduling business video meetings - it already has the security nailed.
    svanstromcornchip
  • Reply 15 of 15
    TRAGTRAG Posts: 25member
    rob53 said:
    The title should have said Zoom will continue to be unsecured unless you pay for it. I have lots to say about the organization who think people wanting secure free software are riff-raff but I'll leave it to others to yell at these idiots. As far as NYC's Dept of Education, I presume they are paying for licenses for the schools but are they also paying for licenses for the students to use at home on their own computers?

    FaceTime is free software, as long as you're using Apple products, and it along with Messages uses end-to-end encryption. It's about time Apple stands up and ports Messages and FaceTime to other platforms. iTunes is available for Windows (through the Microsoft Store) but "the relatively small number of users and the cost to port and support programs on Linux, it's highly doubtful iTunes will make the leap to that platform" (ref: lifewire). Porting to Android could be done but we know Apple doesn't want to do it, making sure it's a product that will make people convert to iPhones. Apple used to be huge in the educational market but left when netbooks and cheap laptops/tablets were forced upon schools. Apple continues to be one of the few companies that think security first and if they want everyone to have secure products, they should suck it up and port FaceTime and Messages to Windows (desktop/laptop) and Android (even though there are tons of versions that would need to be supported).

    It seems to me that they only make their software cross-platform when they can monitise it e.g. iTunes, Apple Music, Apple TV+ etc. I would really like it if FaceTime were free so I could stop using Zoom for conversations with Windows and Android users but I can’t see it happening as I can’t see the benefit to Apple.
    cornchip
Sign In or Register to comment.