New day, new privacy issue for the popular Zoom app. Last night, The Intercept published a report that highlights that the claim of the Zoom application that it has end-to-end encryption for its sessions is not true.
The video conferencing company can boast of end-to-end encryption on its website, but the publication of Intercept proves that the service only uses encryption in data transfer.
Transport encryption is one protocol ασφάλειας μετασχηματισμού (Transport Layer Security ή απλά TLS), το οποίο εξασφαλίζει τη σύνδεση μεταξύ του υπολογιστή σας και του διακομιστή στον οποίο είστε συνδεδεμένοι. Αυτή η ίδια κρυπτογράφηση χρησιμοποιείται και στις ασφαλείς connections between any HTTPS website and your browser.
The main difference between transfer encryption and end-to-end encryption is that the Zoom application (or the server to which you are connected) can see your data.
In a comment on The Intercept, application development company Zoom confirmed that the service does not provide end-to-end encryption at this time:
E2E encryption for Zoom video sessions cannot be enabled at this time. Live video conferencing uses a combination of TCP and UDP. TCP connections are made using AES encrypted TLS and UDP connections using a key that is traded through a TLS connection.
The company clarified that the "end-to-end" report it uses refers to Zoom endpoints on the Zoom server, which is located among the customers. Thus, it can technically control your data, while the company denies that it can access end-user data or that it sells data to third parties. It would be much fairer of course to clearly state the encryption standards they use.
This isn't the first time Zoom's policies have sparked backlash. A post by Bleeping Desktop published today states that hackers can steal passwords of users through the app for Windows.
Last week found the iOS app of the service sends data to Facebook without the explicit consent of the user.
The company immediately after the disclosure removed the code that sent data to the social network. Last month, the non-profit foundation Electronic Frontier Foundation (EFF) reported that using Zoom products can have serious implications for your privacy.
Yesterday, the Tor browser suggest Avoid the Zoom app and use an open source app called Jitsi Meet.