Zoom will offer end-to-end encryption for all its users at the end of the day, after they said that that would be an exclusive feature for its premium users They have a paid subscription, according to a blog post by the company CEO Eric Yuan, released on Wednesday, June 17.
The videoconferencing service has seen a massive increase in users caused by sanitary measures taken worldwide due to the coronavirus pandemic which has encouraged more and more people to work and socialize without leaving home. However, the increased attention that the platform caused also revealed several security issues with the Zoom service, and the fact that in a previous assertion the company claimed to have unsupported end-to-end encryption.
Zoom’s original decision not to add end-to-end encryption (which secures connections from one device to the other) for free users of the service was aimed at keep open the possibility of cooperation with police agencies can told analysts in a conference call earlier this month. However, its new end-to-end encryption design, released today on GitHub, will be available to everyone.
“We are pleased to share that we have identified a path that balances the legitimate right of all users to the privacy and security of users on our platform,” Yuan explained in the post. “This will allow us to offer E2EE [cifrado de extremo an extremo, por su acrónimo en inglés] as an extra advanced feature for everyone our users around the world – free and paid – to maintain the ability to prevent and combat abuse on our platform. ”
To avoid massive creation of abusive accounts, users who with free access to basic accounts who want to access Zoom’s end-to-end encryption will need to provide information to verify their account, such as a verification phone number via message of text.
Zoom plans to launch an early beta version of the end-to-end encryption feature in July. Meanwhile, all users will continue to use AES 256 GCM transport encryption by default, one of the strictest encryption standards available today, according to the company.
Once available, end-to-end encryption will be an optional feature, as it limits some meeting functionality, such as the ability to include traditional phone lines or hardware systems for SIP / H.323 conferences, Yuan explained in the publication. Meeting hosts can enable or disable end-to-end encryption per event, while account administrators can enable or disable it at the group level.