ZOOM E2EE starts for poor people
Zoom says free users will get end-to-end encryption after all
If you do not PAY for a zoom account , starting next week 10-19-2020 you will get end to end protection from this stupid company.
AND ALL ALONG YOU THOUGHT YOU WERE SAFE – NO YOU WEREN’T
In late March, Zoom admitted that while it uses a standard web browser data encryption, it does not use end-to-end encryption.
Zoom says free users will need to verify a phone number to enable the security feature. Free-level Zoom users enabling E2EE will be prompted the first time to go through a form of two-factor authentication, which may include verifying a phone number via text message.
ZOOM SECURITY – https://zoom.us/security
Starting Next Week you can host or join an E2EE meeting even if you don’t pay for it.
E2E encryption will be available to all users, but it won’t be enabled by default.
Instead, the company will automatically use AES 256-bit GCM encryption when it comes to free users. The company says that activating end-to-end encryption limits some of the service’s functionality and therefore, users will have to manually activate the feature as and when required. Essentially, free Zoom hosts will need to turn on end-to-end encryption on a per-meeting basis.
Free Users will need to first authenticate their account before they are able to use end-to-end encryption.
Using Zoom?
Here are the privacy issues you need to be aware of
Zoom not only tracks your attention, it tracks you.
According to the company’s privacy policy, Zoom collects reams of data on you, including your name, physical address, email address, phone number, job title, employer. Even if you don’t make an account with Zoom, it will collect and keep data on what type of device you are using, and your IP address. It also collects information from your Facebook profile (if you use Facebook to sign in) and any “information you upload, provide, or create while using the service.” Zoom is now facing a class action lawsuit from a California resident who alleges that Zoom violated the California Consumer Privacy Act by not getting users’ consent before sharing their data with Facebook.
Zoom used its own definition for end-to-end encryption (E2EE), one that is likely to mislead many of its users. Despite both Zoom’s website and its security white paper claiming calls that use “computer audio” are end-to-end encrypted, The Intercept found that Zoom only uses transport layer security (TLS) encryption, the same encryption that protects all websites that use HTTPS.
A Zoom spokesman clarified that E2EE to Zoom means, “the connection [is] encrypted from Zoom end point to Zoom end point.” Here “end point” refers to the Zoom server, not the Zoom app. This is not true E2EE.
In response to this reporting and the widespread confusion, Zoom put out a blog post that acknowledged, “there is a discrepancy between the commonly accepted definition of end-to-end encryption and how we were using it.”
HOW TO MAKE IT WORK
Customers must enable E2EE meetings at the account level and
opt-in to E2EE on a per-meeting basis.
Hosts can enable the setting for E2EE at the account, group, and user level and can be locked at the account or group level.
All participants (folks using it for free) must have the setting enabled to join an E2EE meeting.
Hosts can enable the setting for E2EE at the account, group, and user level and can be locked at the account or group level.
Host up to 200 participants.
Some Zoom functionality is limited in this first E2EE version – OMG
In Phase 1, all meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms.
Zoom will roll out better identity management and E2EE SSO integration as part of Phase 2, which is tentatively roadmapped for 2021.
Participants can look for a green shield logo in the upper left corner of their meeting screen with a padlock in the middle to indicate their meeting is using E2EE.
Participants will also see the meeting leader’s security code that they can use to verify the secure connection.
The host can read this code out loud, and all participants can check that their clients display the same code.