New day, new privacy problem for the popular Zoom application. Last night, The Intercept published a report highlighting that the claim of the Zoom application that it has end-to-end encryption for its sessions is not true.
The video conferencing company boasts end-to-end encryption on its website, but the Intercept's publication proves that the service uses encryption only in data transfer.
Transfer encryption is a Transform Layer Security (TLS) protocol that secures the connection between your computer and the server to which you are connected. This same encryption is used for secure connections between any HTTPS site and your browser.
The main difference between transfer encryption and end-to-end encryption is that the Zoom application (or the server to which you are connected) can see your data.
In a comment on The Intercept, application development company Zoom confirmed that the service does not provide end-to-end encryption at this time:
Currently, it is not possible to activation της κρυπτογράφησης E2E για συνεδρίες video with Zoom. Live video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections that are encrypted with AES using a key negotiated over a TLS connection.
The company clarified that the "end-to-end" report it uses refers to Zoom endpoints on the Zoom server, which is located among the customers. Thus, it can technically control your data, while the company denies that it can access end-user data or that it sells data to third parties. It would be much fairer of course to clearly state the encryption standards they use.
This is not the first time Zoom policies have provoked reactions. A post by Bleeping Computer published today states that hackers can steal passwords users through the Windows application.
Last week found the iOS app of the service sends data to Facebook without the explicit consent of the user.
The company immediately after the disclosure removed the code that sent data to social network. Last month, the non-profit Electronic Frontier Foundation (EFF) reported that using Zoom's products could have serious implications for your privacy.
Yesterday, the Tor browser suggest Avoid the Zoom app and use an open source app called Jitsi Meet.