Zoom is including end-to-end encryption (E2EE) to its widespread videoconferencing platform, in keeping with a post on the company’s website. The rollout will start throughout the week of Oct. 19 and will add options created by a company it acquired in May, Keybase.
“We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” wrote Max Krohn, head of safety for the company.
“Zoom users — free and paid — around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”
The firm initially deliberate to offer E2EE only to paying customers.
Customer outcry clearly modified these plans, and now free customers could have access to E2EE options in addition to id controls that may guarantee customers can’t make “abusive” accounts.
“Zoom’s E2EE offering uses public-key cryptography,” wrote Krohn. “ In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.”
Unfortunately, added safety comes at a price. Krohn wrote that customers who allow E2EE will be unable to make use of “certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.” Updates to the system will allow additional access to those features.
All customers wishing to make use of E2EE must provide private data together with phone numbers. Future updates ought to roll out in 2021.
Users will see a green padlock on their screen if they’re in an E2EE conversation. The remainder of the experience shall be invisible to the consumer after the preliminary verification steps—simply as most security should be.