Malcolm Owen
Video conferencing tool Zoom is planning to improve its security with stronger encryption, but only for paying customers and not those using the free version of the service.
Zoom has become a prominent player in the video conferencing industry in recent months, driven by a surge of clients prompted by the coronavirus pandemic. Its use for work-from-home purposes, as well as for education and by families and friends, has led to increased scrutiny of the app, including its security.
An advisor to the companyadvised to Reuters on Friday that it would be working to strengthen the encryption of video calls made on its service, but it wouldn't be available to all users. Under current plans, free users would be stuck with existing encryption and security features, while enhanced offerings will be provided to paid clients and institutions.
Zoom security consultant Alex Stamos advised the plan was still subject to change, but that the limitation of availability was the current course of action. He also confirmed the company has been in talks with to civil liberties groups and organizations fighting child-sex abuse, to determine what kinds of non-profit groups and specific types of user should also qualify for the increased protections.
Views on the proposal were mixed for organizations Zoom contacted. While Electronic Frontier Foundation researcher Gennie Gebhart told the company she hoped it would make protected video more widespread, American Civil Liberties Union technology fellow Jon Callas suggested it was a reasonable compromise.
"Those of us who are doing secure communication believe we need to do things about the real horrible stuff," according to Callas. "Charging money for end-to-end encryption is a way to get rid of the riff-raff."
Zoom's system allows people to join in meetings for free, without having to register their details with the company beforehand. While this helped raise Zoom's usage, the free and relatively anonymous nature also means there's fewer checks on people infiltrating meetings they aren't meant to attend, as well as attracting criminal elements.
A Zoom spokesperson told AppleInsider "Zoom's approach to end-to-end encryption is very much a work in progress - everything from our draft cryptographic design, which was just published last week, to our continued discussions around which customers it would apply to."
The discussion of encryption enhancements for paid users follows almost a month after the release of Zoom version 5.0, which added AES 256-bit GCM encryption, which will be available to all users on May 30 regardless of their license, and fixed a number of privacy and security issues. Zoom's problems, including "Zoombombing," has led to measures including public warnings from the FBI and a ban on teacher's use of the tool by the New York City Department of Education.
Zoom has, since May 6, become an approved platform for the NYC DOE.
William Gallagher
Christine McKee
AppleInsider Staff
Chip Loder
15 Comments
The church my wife and I attend has been using Zoom for over two months now since the lockdown. We usually AirPlay to the living room ATV to watch on the big screen. The macOS client, since v5.0, has had a problem with AirPlay in that the video shows on the ATV but not the audio. I have no idea why or whether this is a known issue. Point being every other app (like YouTube for example) works fine. It's just the Zoom client and only the Mac client. If I AirPlay (mirroring) from my iPad both the video and the audio are fine on the ATV. The church also broadcasts live on Facebook and that AirPlays fine too.
Who knows.
When is Apple going to buy Zoom to make FaceTime universal, and then own the world with respect to video conferencing? :)
The title should have said Zoom will continue to be unsecured unless you pay for it. I have lots to say about the organization who think people wanting secure free software are riff-raff but I'll leave it to others to yell at these idiots. As far as NYC's Dept of Education, I presume they are paying for licenses for the schools but are they also paying for licenses for the students to use at home on their own computers?
FaceTime is free software, as long as you're using Apple products, and it along with Messages uses end-to-end encryption. It's about time Apple stands up and ports Messages and FaceTime to other platforms. iTunes is available for Windows (through the Microsoft Store) but "the relatively small number of users and the cost to port and support programs on Linux, it's highly doubtful iTunes will make the leap to that platform" (ref: lifewire). Porting to Android could be done but we know Apple doesn't want to do it, making sure it's a product that will make people convert to iPhones. Apple used to be huge in the educational market but left when netbooks and cheap laptops/tablets were forced upon schools. Apple continues to be one of the few companies that think security first and if they want everyone to have secure products, they should suck it up and port FaceTime and Messages to Windows (desktop/laptop) and Android (even though there are tons of versions that would need to be supported).