Zoom plans encryption upgrade just for paid users
Video conferencing tool Zoom is planning to improve its security with stronger encryption, but only for paying customers and not those using the free version of the service.
Zoom has become a prominent player in the video conferencing industry in recent months, driven by a surge of clients prompted by the coronavirus pandemic. Its use for work-from-home purposes, as well as for education and by families and friends, has led to increased scrutiny of the app, including its security.
An advisor to the companyadvised to Reuters on Friday that it would be working to strengthen the encryption of video calls made on its service, but it wouldn't be available to all users. Under current plans, free users would be stuck with existing encryption and security features, while enhanced offerings will be provided to paid clients and institutions.
Zoom security consultant Alex Stamos advised the plan was still subject to change, but that the limitation of availability was the current course of action. He also confirmed the company has been in talks with to civil liberties groups and organizations fighting child-sex abuse, to determine what kinds of non-profit groups and specific types of user should also qualify for the increased protections.
Views on the proposal were mixed for organizations Zoom contacted. While Electronic Frontier Foundation researcher Gennie Gebhart told the company she hoped it would make protected video more widespread, American Civil Liberties Union technology fellow Jon Callas suggested it was a reasonable compromise.
"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," according to Callas. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."
Zoom's system allows people to join in meetings for free, without having to register their details with the company beforehand. While this helped raise Zoom's usage, the free and relatively anonymous nature also means there's fewer checks on people infiltrating meetings they aren't meant to attend, as well as attracting criminal elements.
A Zoom spokesperson told AppleInsider "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."
The discussion of encryption enhancements for paid users follows almost a month after the release of Zoom version 5.0, which added AES 256-bit GCM encryption, which will be available to all users on May 30 regardless of their license, and fixed a number of privacy and security issues. Zoom's problems, including "Zoombombing," has led to measures including public warnings from the FBI and a ban on teacher's use of the tool by the New York City Department of Education.
Zoom has, since May 6, become an approved platform for the NYC DOE.
Zoom has become a prominent player in the video conferencing industry in recent months, driven by a surge of clients prompted by the coronavirus pandemic. Its use for work-from-home purposes, as well as for education and by families and friends, has led to increased scrutiny of the app, including its security.
An advisor to the companyadvised to Reuters on Friday that it would be working to strengthen the encryption of video calls made on its service, but it wouldn't be available to all users. Under current plans, free users would be stuck with existing encryption and security features, while enhanced offerings will be provided to paid clients and institutions.
Zoom security consultant Alex Stamos advised the plan was still subject to change, but that the limitation of availability was the current course of action. He also confirmed the company has been in talks with to civil liberties groups and organizations fighting child-sex abuse, to determine what kinds of non-profit groups and specific types of user should also qualify for the increased protections.
Views on the proposal were mixed for organizations Zoom contacted. While Electronic Frontier Foundation researcher Gennie Gebhart told the company she hoped it would make protected video more widespread, American Civil Liberties Union technology fellow Jon Callas suggested it was a reasonable compromise.
"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," according to Callas. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."
Zoom's system allows people to join in meetings for free, without having to register their details with the company beforehand. While this helped raise Zoom's usage, the free and relatively anonymous nature also means there's fewer checks on people infiltrating meetings they aren't meant to attend, as well as attracting criminal elements.
A Zoom spokesperson told AppleInsider "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."
The discussion of encryption enhancements for paid users follows almost a month after the release of Zoom version 5.0, which added AES 256-bit GCM encryption, which will be available to all users on May 30 regardless of their license, and fixed a number of privacy and security issues. Zoom's problems, including "Zoombombing," has led to measures including public warnings from the FBI and a ban on teacher's use of the tool by the New York City Department of Education.
Zoom has, since May 6, become an approved platform for the NYC DOE.
Comments
Who knows.
FaceTime is free software, as long as you're using Apple products, and it along with Messages uses end-to-end encryption. It's about time Apple stands up and ports Messages and FaceTime to other platforms. iTunes is available for Windows (through the Microsoft Store) but "the relatively small number of users and the cost to port and support programs on Linux, it's highly doubtful iTunes will make the leap to that platform" (ref: lifewire). Porting to Android could be done but we know Apple doesn't want to do it, making sure it's a product that will make people convert to iPhones. Apple used to be huge in the educational market but left when netbooks and cheap laptops/tablets were forced upon schools. Apple continues to be one of the few companies that think security first and if they want everyone to have secure products, they should suck it up and port FaceTime and Messages to Windows (desktop/laptop) and Android (even though there are tons of versions that would need to be supported).
And absurdly overvalued by about $49 billion.
This company should take a look at some of the open source communities for a lesson in how to treat all customers, paid or otherwise, with respect, integrity, and dignity.
No self respecting software development organization would give away a piece of software, with their name on it no less, that has known security problems. Being charitable doesn't allow you to give away tainted/spoiled meat. It's not just totally classless, it's fundamentally wrong.
Bad move Zoom, very bad move.
Most users will only look at the benefits not the cons. I’ve noticed Google has been quickly updating its service to match the usability of Zoom. Blue Jeans is a great alternative too. FaceTime needs two major changes to be a force - cross platform compatibility and functions for scheduling business video meetings - it already has the security nailed.