Zoom is adding end-to-end encryption (E2EE) to its popular videoconferencing platform, according to a post on the company’s website. The rollout will begin during the week of Oct. 19 and will add features created by a company it acquired in May, Keybase.
“We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” wrote Max Krohn, head of security for the company.
“Zoom users — free and paid — around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”
The company originally planned to offer E2EE only to paying customers.
Customer outcry clearly changed those plans, and now free users will have access to E2EE features as well as identity controls that will ensure users can’t make “abusive” accounts.
“Zoom’s E2EE offering uses public key cryptography,” wrote Krohn. “ In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.”
Unfortunately, added security comes at a price. Krohn wrote that users who enable E2EE will not be able to use “certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.” Updates to the system will allow further access to these features.
All users wishing to use E2EE will have to offer personal information including phone numbers. Future updates should roll out in 2021.
Users will see a green padlock on their screen if they are in an E2EE conversation. The rest of the experience will be invisible to the user after the initial verification steps—just as most security should be.