Free Zoom users can now breathe a sigh of relief. Finally, the controversial remote communication service has decided to implement the end-to-end encryption for both free as well as paid users. Taking a U-Turn, Zoom has suddenly realized the importance of safeguarding its free users, unlike before when the company said it would only encrypt calls made by premium subscribers.
Zoom to secure free/basic users
Zoom has released an updated end-to-end encryption design on GitHub, identifying a way to ensure the safety and privacy of both free and paid users. Zoom wants to treat its end-to-end encryption as an advanced add-on feature for all its users around the world.
In his recent blog post, Zoom CEO Eric S. Yuan wrote:
“Since releasing the draft design of Zoom’s end-to-end encryption (E2EE) on May 22, we have engaged with civil liberties organizations, our CISO council, child safety advocates, encryption experts, government representatives, our own users, and others to gather their feedback on this feature.
How Zoom’s end-to-end encryption works
Apparently, Zoom has found a workaround in order to offer end-to-end encryption to all tiers of users. For this to work, free users need to offer some additional information. For example, free users seeking access to Zoom’s end-to-end encryption must verify their phone number via an SMS-based authentication
This way, Zoom hints it wants to prevent the mass creation of abusive accounts. Zoom wants users to prevent and fight abuse, courtesy of risk-based authentication, in addition to existing tools.
Zoom plans to start beta-testing its end-to-end encryption feature next month. Meanwhile, all Zoom users will continue to use AES 256 GCM transport encryption as the default encryption. However, the end-to-end encryption will not be enabled by default since it limits some meeting functionality. Instead, Zoom will treat its end-to-end encryption as an optional feature.
Zoom says meeting hosts can enable or disable its end-to-end encryption on a per-meeting basis. Meanwhile, account administrators can enable and disable end-to-end encryption at the account and group level.
As part of its 90-day security plan, Zoom recently announced the launch of Zoom 5.0, which consists of several new privacy and security measures. It also promises AES 256-bit GCM encryption to provide users with increased protection for meetings.