Zoom lied to users about end-to-end encryption for years, FTC says

[GDRRiley]

Summary

 

zoom claimed they were using end to end 256bit encryption but kept the keys on their servers, this has been going on sense at least 2016. They claimed to be during 2016 and 2017 HIPAA complaints guides. (medical privacy laws)

 

Quotes

Quote

"In fact, Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC complaint said.

 

The FTC announcement said that Zoom also "misled some users who wanted to store recorded meetings on the company's cloud storage by falsely claiming that those meetings were encrypted immediately after the meeting ended. Instead, some recordings allegedly were stored unencrypted for up to 60 days on Zoom's servers before being transferred to its secure cloud storage."

 

To settle the allegations, "Zoom has agreed to a requirement to establish and implement a comprehensive security program, a prohibition on privacy and security misrepresentations, and other detailed and specific relief to protect its user base, which has skyrocketed from 10 million in December 2019 to 300 million in April 2020 during the COVID-19 pandemic," the FTC said.

 

My thoughts

Not a big shock, they aren't using end to end while claiming they do. I don't trust almost any of the video calling providers but signal.

 

Sources

https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/

[Letgomyleghoe]

and this is why i wont use anything except telegram...

[Lurick]

18 minutes ago, GDRRiley said:

Not a big shock, they aren't using end to end while claiming they do. I don't trust almost any of the video calling providers but signal.

Zoom isn't supposed to be a video calling app like facetime, signal and whatnot, it's targeted for meetings among groups of people. Sure just two people can use it for meetings and it's like facetime at that point but that's not the intended purpose.

 

Edit:

If you group Zoom as a video call service like Telegram, Signal, etc. then you might as well call WebEx, Jitsi, Microsoft Teams, GoToMeeting, etc. video calling services too but that's not what they are used for because that's not their target market or function.

[Helpful Tech Witch]

Wait, your telling me that Zoom, the company with more data breaches than the US Government, ISNT VERY SECURE!?!?!??!

[GDRRiley]

39 minutes ago, Lurick said:

Zoom isn't supposed to be a video calling app like facetime, signal and whatnot, it's targeted for meetings among groups of people. Sure just two people can use it for meetings and it's like facetime at that point but that's not the intended purpose.

 

Edit:

If you group Zoom as a video call service like Telegram, Signal, etc. then you might as well call WebEx, Jitsi, Microsoft Teams, GoToMeeting, etc. video calling services too but that's not what they are used for because that's not their target market or function.

thing is I expect them all to decent security, and often time it is less than 5 people which almost all video calling services can do

[Lurick]

1 minute ago, GDRRiley said:

thing is I expect them all to decent security, and often time it is less than 5 people which almost all video calling services can do

That's a fair enough assessment, I guess I'm more focused on corporate environments so I've got a skewed view of what they do and should do

I do agree 100% on the security front though, regardless of target, they shouldn't falsely advertise capabilities and compliance.

[DildorTheDecent]

46 minutes ago, Letgomyleghoe said:

telegram...

I mostly use it for stickers tbh. Sure encryption is nice but animated stickers tho.

[GDRRiley]

2 minutes ago, Lurick said:

That's a fair enough assessment, I guess I'm more focused on corporate environments so I've got a skewed view of what they do and should do

I do agree 100% on the security front though, regardless of target, they shouldn't falsely advertise capabilities and compliance.

I spend at least an hour a day for work on a zoom call with less than 10 people. it could be done over a conference call wouldn't matter. my school could just be done as a YT/twitch livestream

 

[Bombastinator]

2 hours ago, GDRRiley said:

Summary

 

zoom claimed they were using end to end 256bit encryption but kept the keys on their servers, this has been going on sense at least 2016. They claimed to be during 2016 and 2017 HIPAA complaints guides. (medical privacy laws)

 

Quotes

 

My thoughts

Not a big shock, they aren't using end to end while claiming they do. I don't trust almost any of the video calling providers but signal.

 

Sources

https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/

I’m tempted to trust the HIPPA stuff after I saw how hard it was to find a hippa approved one.  The ones I know of that have hippa approved sections (how publicly available those sections are I don’t know) appear to include Lifesize and a couple others. FaceTime isn’t on it, and if zoom is it’s quite new.

[bcredeur97]

tbf they've made a strong effort to fix what they haven't been doing all these years and I greatly respect it. They've had a strong flow of money come in this year, and they actually used it to better what they already have instead of just focusing solely on their shareholders which is what a lot of companies do nowadays. 

 

even went as far as to discontinue and not even support old zoom client versions when they actually implemented encryption. 

[williamcll]

6 hours ago, DildorTheDecent said:

I mostly use it for stickers tbh. Sure encryption is nice but animated stickers tho.

Nah, telegram is slowly turning into a honeypot for authorities, time for you to switch to Riot instead.

[DildorTheDecent]

5 minutes ago, williamcll said:

time for you to switch to Riot instead.

I hope you're getting paid, lol.

[GDRRiley]

5 hours ago, Bombastinator said:

I’m tempted to trust the HIPPA stuff after I saw how hard it was to find a hippa approved one.  The ones I know of that have hippa approved sections (how publicly available those sections are I don’t know) appear to include Lifesize and a couple others. FaceTime isn’t on it, and if zoom is it’s quite new.

zoom tried to be in 2016 and 2017 when they claimed the had end to end encryption

[captain_to_fire]

16 hours ago, GDRRiley said:

video calling providers but signal.

Does Signal have group video calling?

[captain_to_fire]

The only advantage Zoom has over Microsoft Teams and Google Meet is the ability to host up to 1000 participants in a meeting with a higher tier plan. But if an organization is already paying for Google Workspace or Microsoft 365, there’s no need to use Zoom since Meet and Teams are included. 

[Kajoor]

And still zoom is most popular video communication source.

[Bombastinator]

52 minutes ago, Kajoor said:

And still zoon is most popular video communication source.

May have gotten hit by autocorrect there. A zoon is this old microsoft music player designed to compete with the iPod. 

[Kajoor]

2 minutes ago, Bombastinator said:

May have gotten hit by autocorrect there. A zoon is this old microsoft music player designed to compete with the iPod. 

Fixed