#DeleteZoom
FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
Commission alleged that the company deceived users about the level of security for Zoom meeting platform and unfairly undermined a browser security feature
FTC Requires Zoom to Enhance its Security Practices as Part of Settlement
——– Original Message ——–
| Subject: | Zoom info you asked me to send |
|---|---|
| Date: | Tue, 10 Nov 2020 15:47:35 -0500 |
| From: | Condo <ka***@***********nd.com> |
| To: | Candy Bernard <rc*******@*ol.com> |
Hi there,
This is the info you requested from me the other day.
k
11/10/2020 Zoom lied to users about end-to-end encryption for years, FTC says
Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.
“[S]ince at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” the FTC said today in the announcement of its complaint against Zoom and the tentative settlement. Despite promising end-to-end encryption, the FTC said that “Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”
The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said. "In fact, Zoom did not provide end-to-end encryption for any Zoom Meeting that was conducted outside of Zoom's 'Connecter' product (which are hosted on a customer's own servers), because Zoom's servers—including some located in China—maintain the cryptographic keys that would allow Zoom to access the content of its customers' Zoom Meetings," the FTC complaint said. <SNIP> https://arstechnica.com/tech-policy/2020/11/zoom-lied-to-users-about-end-to-end-encryption-for-years-ftc-says/
THIS IS FOR FREE ACCOUNTS – BUT THERE ARE STILL LIMITATIONS
Zoom’s end-to-end encryption has arrived
By Jon Porter@JonPorty Oct 27, 2020, 6:38am EDT
Zoom’s end-to-end encryption (E2EE) has arrived, letting both free and paid users secure their meetings so that only participants, not Zoom or anyone else, can access their content. Zoom says E2EE is supported across its Mac, PC, iOS, and Android apps, as well as Zoom Rooms, but not its web client or third-party clients that use the Zoom SDK.
E2EE has launched in technical preview, which means Zoom is asking for feedback on the feature for 30 days. However, the company says that E2EE will continue to be available after this period. Instructions on how to enable it can be found in Zoom’s help center.
Zoom has previously offered encryption for its calls, but the data was only encrypted between each meeting participant and Zoom’s servers, rather than being end-to-end encrypted between participants. Once E2EE is enabled, you can check Zoom is using the more secure kind of encryption using the green shield at the top left of a meeting window. The shield will show a padlock rather than a checkmark if the meeting is encrypted end-to-end.
Our new end-to-end encryption (E2EE) feature is now available to users globally, free and paid. https://t.co/ssGanYn4fB
— Zoooooom (@zoom_us) October 26, 2020
Although E2EE meetings are more secure, they don’t work with a few of Zoom’s features. These include its cloud recording, live transcription, polling, meeting reactions, and join before host features. Participants also won’t be able to join using “telephone, SIP/H.323 devices, on-premise configurations, or Lync/Skype clients,” as Zoom says these can’t be end-to-end encrypted.
Zoom’s E2EE meetings support a maximum of 200 participants. That won’t affect users on Zoom’s Basic or Pro plans, which max out at 100 participants, but it could be a problem for Business or Enterprise subscribers which would otherwise allow for up to 300 or 500 participants.
End-to-end encryption is available for both free and paid users, but Zoom says free accounts will need to verify their phone number using SMS and also need a valid billing option associated with their account. Initially Zoom said end-to-end encryption wouldn’t be available for free users to prevent the service from being used for unlawful activity, but the company quickly backtracked and announced it would be available for everyone later that month.
This initial launch is just the first of four phases Zoom is planning for its end-to-end encryption offering. The next phase, which is scheduled to include better identity management and support for single sign-on, is currently planned to launch next year.
<SNIP>
A look at how Jitsi became a ‘secure’ open-source alternative to Zoom
https://thenextweb.com/apps/2020/05/21/a-look-at-how-jitsi-became-a-secure-open-source-alternative-to-zoom/
Jitsi Meet
More secure, more flexible, and completely free video conferencing
A look at how Jitsi became a ‘secure’ open-source alternative to Zoom
https://thenextweb.com/apps/2020/05/21/a-look-at-how-jitsi-became-a-secure-open-source-alternative-to-zoom/
By Ivan Mehta
TheNextWeb.com
May 21, 2020
The coronavirus pandemic pushed people to stay in their homes, and in turn, forced them to use video conferencing products. In the past couple of months, Zoom became an almost indispensable app, Facebook had to step up and make a rival product, and Google made its enterprise conferencing product free for everyone.
Amid this video conferencing boom, Zoom’s security and privacy-related problems made a lot of people skeptical about using its products. Plus, the company wasn’t transparent about communicating its mishaps — this forced a lot of people to look for free open source products, and Jitsi emerged as a perfect solution for them.
Apart from being open-sourced, Jitsi benefited from endorsements by a few highly-regarded names in the security community. In March, a privacy-focused browser Tor tweeted about the product as an alternative to Zoom.
<snip>