Zoom has been criticized for not offering encryption to free users amid numerous security and privacy issues that have cropped up in the course of the year. The company has now launched end-to-end encryption (E2EE) for both free and paid users around the world, although the feature isn’t necessarily fully baked.
Encryption is currently available as a “technical preview,” in order to gather feedback from users for the next 30 days. Additionally, while E2EE is supported on most desktop and mobile platforms, the web client and third-party clients that use Zoom’s SDK are not supported.
Previously, Zoom servers would generate the encryption keys and distribute them to meeting attendees once they joined. Now, the meeting host has the private key while distributing the public key to the meeting participants. Zoom says that their servers simply act as “oblivious relays” and never see the encryption keys and all encrypted data is indecipherable by Zoom itself.
There’s one more catch to using E2EE, however. Some features such as Zoom’s cloud recording, live transcription, one-to-one chat, and meeting reactions will not be available. People who prefer to join via telephone will also be out of luck.
The increasing use of teleconferencing due to the ongoing pandemic propelled Zoom to 200 million users in April. That led to the phenomena of “Zoom bombing” in which uninvited guests would crash the meeting.
The company responded by enabling waiting rooms and forced passwords. The addition of E2EE is a welcome one despite some caveats and should heavily bolster security for everyone involved.