Zoom has launched end-to-end encryption on its platform for all users — free and paid — and for meetings with up to 200 participants. This adds a greater level of security to Zoom calls as it prevents unauthorised users, and the company itself, from peeping into conversations. As of now, the feature is available as a technical preview, and the company has invited comments on it for the next thirty days, in line with a company announcement from earlier this month.
However, there is one caveat — if users want to use Zoom features such as cloud recording, streaming, live transcription, breakout rooms, polling, one on one private chat, and meeting reactions, then they won’t be able to use end-to-end encryption.
For now, Zoom’s end-to-end encryption is an opt-in feature, meaning that users will have to enable it in their Zoom accounts. Once enabled, call participants will see a padlock icon within a green shield, which denotes that the feature is active. Also, the feature won’t work for Zoom calls on a browser — only Zoom’s PC and Mac apps, its Android app, and Zoom Rooms get it, with its iOS app pending App Store approval.
Free users will have to go through a one-time verification: Account admins can enable feature in their web dashboard at the account, group, and user level. If enabled, the host will be able to toggle the feature on and off for any given meeting. Additionally, free users who wish to use end-to-end encryption will have to participate in a one-time verification process by verifying their phone number via text message, something the company says will reduce the mass creation of abusive accounts
Zoom said this was the first phase in enabling end-to-end encryption on its platform, and it is planning to roll out better identity management, and support for single sign-on, as part of phase two, tentatively roadmapped for 2021.
Zoom’s patchy history with end-to-end encryption, and security
The COVID-19 pandemic, which forced people to stay indoors, propelled Zoom towards popularity. However, it then emerged that the service was incorrectly claiming to use end-to-end encryption, as Zoom could still access conversations. The company apologised, and initially promised to offer end-to-end encryption only to paying users, but later budged and promised to offer it to all users following criticism. Along the way, it also acquired Keybase, a startup that focuses on end-to-end encrypted communications.
In India, the government deemed the service unsafe, and it also faced pushback from the Confederation of All India Traders, following which it had to assure CAIT that it was not a Chinese company, and that call traffic would not get routed through China.