Zoom to offer end-to-end encryption to all users

Zoom has changed its stance on end-to-end encryption and says it will now offer the security feature to all users.

The video conferencing app said in May it was introducing the encryption, but only to its paying subscribers.

However, chief executive Eric Yuan has now confirmed that after receiving feedback from users and online safety organisations, it will make end-to-end encryption available to all its users – both free and paid.

End-to-end encryption (E2EE) makes content and data from meetings inaccessible to anyone other than those in the conversation.

Mr Yuan said the company had “identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform”.

“This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform,” he said.

Zoom has come under intense scrutiny over its security since the coronavirus outbreak, with lockdown driving a massive spike in Zoom users as millions of people began working and studying from home.

A number of security issues were quickly identified in the app, and Zoom was also criticised for previously suggesting on its website that it used end-to-end encryption when analysis showed it did not.

‘Zoombombing’, the practice which allowed strangers to use a loophole in meeting settings to gatecrash video calls, often bombarding participants with offensive and abusive content, has been one of the most high-profile flaws raised about the platform.

The company apologised for the issues and at the beginning of April and announced a shift in development, which saw the firm abandon all other new feature work to focus on improving Zoom’s security tools and fix the issues flagged to the firm.

It has since started rolling out a number of updates fixing these flaws.

As part of the expansion of end-to-end encryption, Mr Yuan said free and basic subscription holders would need to take part in a one-time authentication process where they sign-up with a phone number and then verify it from a text message sent to them.

“We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse,” Mr Yuan said.

He confirmed that Zoom is planning to begin a beta test of the new feature in July.