Zoom has enabled end-to-end encryption (E2EE) of its video meeting platform for all users, adding an extra layer of protection to their calls.
The company, which has surged in popularity as millions of people work from home during the coronavirus pandemic, had previously offered encryption between each meeting participant and Zoom's servers, rather than between participants.
- Telegram adds video calls to compete with Zoom and WhatsApp
- Zoom buys Keybase to shore up its security issues
The update adds extra security to video calls, which is important given how Zoom has become the go-to video meeting platform for millions of consumers, companies and even government departments.
Zoom says E2EE is available for all users, whether they use the free or paid-for service, and the encryption works on its PC, Mac, iOS and Android applications, as well as Zoom Rooms. End-to-end encryption doesn't work on its web client or through third-party apps that use Zoom's service. Users of Zoom's free service can use E2EE, but need to have a valid billing option associated with their account and a verified phone number.
End-to-end encryption comes eight months after Zoom was sued for allegedly overstating its video chat security standards. Zoom also suffered earlier in 2020 with so-called 'Zoombombing', where pranksters would join the video chats of strangers and share inappropriate or offensive material on their screens. The company then paused development of all new features for 90 days to focus exclusively on improving its security.
Although E2EE is available now, it isn't compatible with every Zoom feature just yet, as it is operating as what the company calls a "technical preview". It will remain in this state for 30 days, during which time users can submit feedback on how it is working. Zoom says E2EE will remain active after the 30-day period, however, so this isn't a limited-time trial.
For now, enabling E2EE causes certain features of Zoom to stop working. These include join-before-host, cloud recording, streaming, live transcription, breakout rooms, polling, 1:1 private chat, and meeting reactions.
End-to-end encryption is rolling out for all Zoom usersZoom
How to enable Zoom end-to-end encryption
Switching on E2EE isn't as simple as clicking a button. At least not yet, anyway. Instead Zoom asks that users follow these instructions:
- Sign in to the Zoom web portal.
- In the navigation panel, click Settings.
- Click the Meeting tab.
- Under Security, verify that 'allow use of end-to-end encryption' is enabled.
- If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
Note: If the option is grayed out, it has been locked at either the group or account level. You need to contact your Zoom admin.
- Under Security, choose the default encryption type.
- Click Save.
If you run a Zoom account on behalf of other users, you will need to click the lock icon between steps five and six, which makes E2EE mandatory for all users in your account.
Due to the current limitations of E2EE, Zoom recommends that users opt for the pre-existing 'enhanced encryption' option for their calls, and only use the more secure E2EE "where additional protection is required."
Zoom adds that E2EE "is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content."
In other words, your Friday evening Zoom chat with friends probably doesn't need the enhanced protection of E2EE, but if you are holding a government meeting, you should have the extra security enabled and work around not having access to all features.
Participants can check their encryption security code matchesZoom
How to tell Zoom E2EE is enabled
Once E2EE has been enabled you will see a green shield icon in the upper-left corner of the meeting window. Another way to check that E2EE is enabled for everyone in a meeting is a 40-digit code displayed to all participants (above). The host can read their code aloud and ask everyone on the call to confirm that their code is the same.
How is Zoom's end-to-end encryption created?
Zoom explains how its system uses public key cryptography, adding: "The keys for watch Zoom meeting are generated by participants' machines, not by Zoom's servers. Encrypted data relayed through Zoom's servers is indecipherable by Zoom, since Zoom's servers do not have the necessary decryption key."
Logitech C922x Pro Stream Webcam – Full 1080p HD Camera