I am certain tons extra of these unhealthy safety choices, sloppy coding errors, and random software program vulnerabilities are coming.

However it will get worse. Zoom’s encryption is terrible. First, the corporate claims that it presents end-to-end encryption, but it surely doesn’t. It solely gives hyperlink encryption, which implies all the things is unencrypted on the corporate’s servers. From the Intercept:

In Zoom’s white paper, there’s a checklist of “pre-meeting security capabilities” which can be accessible to the assembly host that begins with “Enable an end-to-end (E2E) encrypted meeting.” Later within the white paper, it lists “Secure a meeting with E2E encryption” as an “in-meeting security capability” that is accessible to assembly hosts. When a number begins a gathering with the “Require Encryption for 3rd Party Endpoints” setting enabled, individuals see a inexperienced padlock that claims, “Zoom is using an end to end encrypted connection” once they mouse over it.

However when reached for remark about whether or not video conferences are literally end-to-end encrypted, a Zoom spokesperson wrote, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

More pages: Previous | Next