Zoom meetings aren’t end-to-end encrypted, despite marketing

End-to-end encryption has been named as a required feature for telehealth in Australia. Interest in telehealth has gone from zero to infinity over the past two weeks for obvious reasons. So I&#x27;ve been trying really hard to work out if Zoom is E2E, and reached the same conclusions as the article. First, it isn&#x27;t, and second, Zoom are really going out of their way to obscure that fact.<p>It&#x27;s great that The Intercept is taking a look at this, because it&#x27;s absolutely beyond the capabilities of healthcare practitioners and the professional bodies to get to the bottom of. There&#x27;s a ridiculous amount of confusion here, compounded by &quot;you need to get the HIPAA version because HIPAA means privacy&quot;.

Zoom’s HIPAA product documentation does define Zoom’s “end-to-end encryption” as:<p><a href="https:&#x2F;&#x2F;zoom.us&#x2F;docs&#x2F;doc&#x2F;Zoom-hipaa.pdf" rel="nofollow">https:&#x2F;&#x2F;zoom.us&#x2F;docs&#x2F;doc&#x2F;Zoom-hipaa.pdf</a><p>&gt; <i>Meeting data transmitted across the network is protected using a unique Advanced Encryption Standard (AES) with a 256-bit key generated and securely distributed to all participants at the start of each session.</i><p>It does not guarantee that the key is withheld from the server, which is unsurprising given that e.g. the recording and chat history features are implemented server-side.<p>EDIT: For comparison, the Australian government provides a telehealth platform that clearly states it does not allow the server to inspect the call video&#x2F;audio:<p><a href="https:&#x2F;&#x2F;help.vcc.healthdirect.org.au&#x2F;about-healthdirect-video-call&#x2F;privacysecurityandscalability" rel="nofollow">https:&#x2F;&#x2F;help.vcc.healthdirect.org.au&#x2F;about-healthdirect-vide...</a><p>&gt; <i>Data shared in actual calls between participants is only ever available in decrypted form to the participating endpoints of the call. All other intermediaries that forward the call can only see encrypted data.</i><p>For those looking to hold Zoom accountable, the question to ask is: “Does your country’s law permit Zoom’s servers to be considered an ‘endpoint’ capable of decrypting a telehealth call?”.

This really is false <i>marketing</i>, but technically what they&#x27;re doing seems reasonable. Key quote:<p>&gt; <i>Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That’s because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it’s unencrypted... This isn’t impossible, though, Green said, as demonstrated by Apple’s FaceTime, which allows group video conferencing that’s end-to-end encrypted. “It’s doable. It’s just not easy.”</i><p>Group videoconferencing is inherently centralized through a server that needs to analyze video&#x2F;audio not only for signals as to who&#x27;s talking, but also mix normalized audio and re-encode streams not just for lower thumbnail resolutions, but for clients with different bitrates.<p>I don&#x27;t doubt that FaceTime finds a way to do this, but everyone is using Zoom instead because its performance is way better. I&#x27;m not entirely sure that <i>all</i> the necessary signal processing can be done performantly client-side, especially when you&#x27;re allowing for a wide variety of endpoints (WebRTC, phone calls, etc.). You certainly can&#x27;t mix encrypted audio (at least to the best of my knowledge?), for instance, which means increased bandwidth to everyone to handle overlapping speakers (someone interjecting &quot;could I just say something?&quot; while two other people are talking).<p>Also, handling key management for <i>groups</i> of people where you don&#x27;t have the bandwidth to re-encrypt the stream separately for each receiver is very complex too, and in the end you&#x27;re basically just going to have to trust that Zoom itself can&#x27;t access the keys. Because usually Zoom <i>will</i> be able to, so that it can handle phone dial-ins.<p>But regardless... while Zoom should absolutely advertise full encryption, Zoom should absolutely <i>not</i> advertise <i>end-to-end</i> encryption. That&#x27;s bad, and harms user trust in security overall when advertised technical terms become meaningless.

Fuck these guys. This isn&#x27;t the first time they&#x27;ve been caught being dishonest and deceptive:<p><a href="https:&#x2F;&#x2F;www.howtogeek.com&#x2F;fyi&#x2F;daily-news-roundup-mac-exploit-activates-webcams-without-your-permission&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.howtogeek.com&#x2F;fyi&#x2F;daily-news-roundup-mac-exploit...</a>

Another day, another Zoom issue.<p>I&#x27;ve resolved to not using Zoom - when it was suggested at work I just posted links to the issues (mostly gotten from HN actually) so we decided against it.

So sad, still getting this wrong after so many years.<p>I was part of a startup Sococo some 8 years ago. We had end-to-end encryption right out of the box. Plus video, document sharing, chat. All encrypted, end to end with rotating keys. Up to 100 people in a meeting, sharing and chatting indiscriminately.<p>Its gone now, and the new folks are starting way down the feature ladder from where we were. It&#x27;s disappointing. Now its &#x27;good&#x27; if you can get 6 in a conference.<p>I hear Zoom can support large meetings. So they may be doing something right.

It&#x27;s disappointing to see a company that has better tech than its rivals playing these games. I have been singing Zoom&#x27;s praises, but this really makes me want to look elsewhere. What a bummer.

Are people just looking for things to be mad at Zoom for at this point? When Zoom says E2E encryption they&#x27;re using older notion when it was common for services to not use encryption at all for these kinds of things and it was somewhat of a technical accomplishment that every client-server-server-client leg was all encrypted.<p>Like it&#x27;s fine to point out that the bar has been raised in the security community and that the term E2E now requires that only the participants be able to decrypt the content and they should change their copy but it ignores the fact that E2E in healthcare means exactly what Zoom is doing. In the HIPPA world providers are trusted entities.

Inherent to any e2e encryption scheme is the question; are you talking to who you think you are talking to? In other words; are you the victim of a man in the middle attack?<p>So if you ever encounter a system that has the ease of use feature where you don&#x27;t have to verify the identity of the other participant(s) with something like a identity fingerprint number then you already know you do not have all the protection that e2e encryption can provide. This is particularly relevant in a case like Zoom, where all the data goes through servers that Zoom controls making a MITM attack trivial.<p>So we really should of known that Zoom doesn&#x27;t provide complete e2e encryption already just from the lack of the identity check.<p>Skipping the identity verification step seems to be common these days. Even Signal does that by default, but they at least make the verification of what they call &quot;safety numbers&quot; fairly easy and straightforward.<p>Added: So can true e2e encryption ever be practical for conferences involving a large number of participants? Perhaps Zoom is claiming the impossible... The issues surrounding the addition of OMEMO encryption to XMPP conferences make for an entirely relevant example. What do you do if one of the participants is not known to all the others? There are lots of possible answers to that question.<p>Added2: &gt;The only feature of Zoom that does appear to be end-to-end encrypted is in-meeting text chat.<p>I don&#x27;t see how this can be true either based on the same thinking.

I used wire before is opensourced parts of the backend. I thought it was well designed and interesting.<p>They claim to be the only video conferencing with end to end encryption that is opensource. <a href="https:&#x2F;&#x2F;wire.com&#x2F;en&#x2F;features&#x2F;encrypted-voice-video&#x2F;" rel="nofollow">https:&#x2F;&#x2F;wire.com&#x2F;en&#x2F;features&#x2F;encrypted-voice-video&#x2F;</a><p>Has anyone followed wire more closely?

Zoom seems to have adopted the &quot;Move fast and break things&quot; mentality and it&#x27;s catching up with them.<p>Don&#x27;t have real E2E encryption? Don&#x27;t say you do. Don&#x27;t wave away a giant security vulnerability as &quot;a feature&quot;. Don&#x27;t explain monitoring and tracking as something you need to do for advertising when you don&#x27;t show advertising.<p>Their product may be superior in quality compared to the competition but their Marketing and PR teams comes across as bush league at best.<p>The only incident I can give them any credit for is the Facebook reporting. They handled that well in my opinion by admitting the problem existed and immediately resolved that issue.

I am willing to chalk this up to an honest mistake considering &quot;end-to-end&quot; encryption as being from the client&#x27;s end to the server, although that&#x27;s not the accepted use of the term. This appears to be their explanation. I hope their marketing team fixes this now that it&#x27;s been pointed out to them though.

Zoom has received a fair bit of critical feedback lately. Has anyone given other platforms such as Vidyo identical levels of scrutiny?

Does anyone know of a video conferencing system (3++++ participants) that actually does do end-to-end encryption?

&gt;if you&#x27;d like to dial into the Cabinet tomorrow, the Zoom meeting ID has helpfully been included in this screenshot<p><a href="https:&#x2F;&#x2F;twitter.com&#x2F;matthewchampion&#x2F;status&#x2F;1244989139889664002" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;matthewchampion&#x2F;status&#x2F;12449891398896640...</a>

Short version: Zoom video is encrypted to external attackers but not to Zoom (the company) itself.<p>This is important because the company could be compelled to release such videos if subpoena&#x27;ed, or they could also simply be hacked.

how can you have end-to-end encryption with server side processing in conference calls with 50 participants?

So, I got around a issue like this in the past by using url fragments. I imagine the same thing could work for zoom?<p>Basically you would join a meeting by going to zoom.us&#x2F;meeting-id-number#secrethashtag<p>The &quot;secrethashtag&quot; is never sent to the server, but can be accessed by javascript on the client end. Im not sure if this would be acceptable for security nuts though, as I am sure they would make the argument zoom could insert some nefarious js to intercept the url fragment.

If you read their white paper it only says E2E encryption applies to Zoom chat. Although they seem a bit loose on the wording, they should clarify video is just TLS encrypted. <a href="https:&#x2F;&#x2F;zoom.us&#x2F;docs&#x2F;doc&#x2F;Zoom-Security-White-Paper.pdf" rel="nofollow">https:&#x2F;&#x2F;zoom.us&#x2F;docs&#x2F;doc&#x2F;Zoom-Security-White-Paper.pdf</a>

&gt; In fact, Zoom is using its own definition of [end-to-end encryption], one that lets Zoom itself access unencrypted video and audio from meetings.<p>It&#x27;s not a standard. If you want compliance to a standard then create&#x2F;adopt&#x2F;require one. When you go by marketing materials all you have is &quot;Trust us, everything will be fine&quot;

the statement:<p><pre><code> The encryption that Zoom uses to protect meetings is TLS, the same technology that web servers use to secure HTTPS websites. This means that the connection between the Zoom app running on a user’s computer or phone and Zoom’s server is encrypted in the same way the connection between your web browser and this article (on https:&#x2F;&#x2F;theintercept.com) is encrypted. This is known as transport encryption, which is different from end-to-end encryption because the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. </code></pre> jumbles TLS with end to end. zoom could e.g. proxy or support rendevous of peer to peer connections and still use TLS to negotiate end-to-end encryption between the clients (though this would be MITMable). anyway.

Interested in getting more informed on the performance penalties of a proper E2E implementation for videoconferencing use cases.<p>If Zoom implements proper E2E like Facetime, would it be more laggy, less able to handle meetings of more than 50 people, etc.? Will the general user experience degrade noticeably?

It&#x27;s not end to end encrypted, and it apparently has the charming people of saving other people&#x27;s &quot;private&quot; messages in the minutes if they send them during a meeting.<p>Why did zoom suddenly become so popular? It&#x27;s not like there&#x27;s a shortage of options.

Do people still remember Telegram don&#x27;t have E2E encryption on by default? and does not work across multiple platforms when E2E is on? I am annoyed because those are my favorite apps and they don&#x27;t have what&#x27;s important.

Where&#x27;s the FTC? Imagine if Facebook did this. There would be a fine of hundreds of millions of dollars.

FWIW on my version of Zoom the green lock just says &quot;Your client connection is encrypted&quot;.

This is how you realize the power of marketing. Despite many other options for video calls out there, Zoom seems to be grabbing the biggest slice of the pie, while not being provenly any better or superior to alternatives. See DHH&#x27;s tweet: <a href="https:&#x2F;&#x2F;twitter.com&#x2F;dhh&#x2F;status&#x2F;1243907341868609537?s=20" rel="nofollow">https:&#x2F;&#x2F;twitter.com&#x2F;dhh&#x2F;status&#x2F;1243907341868609537?s=20</a> as well as others (he&#x27;s been pretty vocal about zoom&#x27;s flaws) :)

This is not &quot;slightly&quot; dishonest on Zoom&#x27;s part. It is dishonest.<p>Edit: now that the title has been modified, I feel I need to add back context. Zoom claims to support end-to-end encryption when it doesn&#x27;t. That is dishonest.

Original title: &quot;Zoom Meetings Aren&#x27;t End-to-End Encrypted, Despite Misleading Marketing&quot;<p>For some reason, the title was trimmed an hour after submission to omit the &quot;misleading marketing&quot; part.<p>The ranking also appears to have artificially been lowered. Now it is below some other posts that are older and with fewer points.

I never saw anyone advertising zoom had E2E.<p>Who expected that? There are so many privacy concerns with zoom... not surprising they don&#x27;t encrypt meetings.

I guess Zoom says they&#x27;re end-to-end encrypted because they&#x27;re using WebRTC, which probably means traffic is end-to-end encrypted after signaling, but users need to trust that zoom&#x27;s signaling server doesn&#x27;t do anything fishy.<p>Edit: I do not understand the reason for the downvotes. I am not defending the practice but am just describing their potential line of explanation. Please let me know explicitly if my comment is technically incorrect. Also, I would be interested what other vendors claim, who probably use similar technology under the hood.