Zoom relents and agrees to give free users end-to-end encryption
When video conferencing company Zoom acquired Keybase, there was a great deal of excitement about the impending arrival of the much-needed end-to-end encryption. But then there was disappointment when it was announced that only paying customers would be granted access to the extra security feature.
Zoom CEO Eric S Yuan said at the time that free customers were not getting end-to-end encryption "in case some people use Zoom for a bad purpose" -- something many users found insulting. But now the company has backtracked, announcing that users of free accounts will in fact get end-to-end encryption... but there is a slight catch.
- Zoom isn't giving non-paying users end-to-end encryption because they could be criminals
- You need to take action if you want to avoid being cut off from Zoom
- Zoom is gaining end-to-end encryption following acquisition of Keybase
In a blog post Yuan says that the company has "identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform". He goes on to explain that this means end-to-end encryption will be offered to everyone as an add-on.
So what's the catch?
Well, the path that has been identified by Zoom lets the company "maintain the ability to prevent and fight abuse on our platform". How is this possible? By verifying user identities.
To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message. Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools -- including our Report a User function --- we can continue to prevent and fight abuse.
At the moment the plan is to offer a beta version of the end-to-end encryption feature some time next month. Zoom says that everyone will be able to access the same 256-bit AES level of security by default, but end-to-end encryption can be enabled to lock things down further.