Skip to main content

Zoom video calls are not actually end-to-end encrypted

As reported by The Intercept, the Zoom video conferencing app offers options for end to end encryption in its UI (and in its marketing materials) but the calls are not actually end-to-end encrypted at all.

The Zoom video app is bursting into the public consciousness this year as the coronavirus causes most people to work from home. However, the security of the app has come under fire in many ways. In this instance, it turns out Zoom calls are only encrypted in transmission. This means the central Zoom servers could decrypt the incoming calls and see all participants if the company wanted to.

In contrast, Apple’s FaceTime has always been end-to-end encrypted. When Group FaceTime was introduced in 2018, it too was end-to-end encrypted. FaceTime remains the only video chat app that supports end-to-end encryption on group calls with up to 32 participants.

The kind of encryption Zoom actually uses is no different from browsing the web over HTTPS. Your connection to the server is secured, but the content of the call can be decrypted and snooped on with the server if the owner wanted to. Obviously, Zoom says it does not do this and simply uses the server to re-encode the connection to the call’s recipients.

In response to The Intercept’s report, Zoom said:

But when reached for comment about whether video meetings are actually end-to-end encrypted, a Zoom spokesperson wrote, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”

You can read more about how Zoom works technically in The Intercept’s original article. The company nonetheless makes several claims about its service being end-to-end encrypted on its website.

End-to-end encryption is the first bullet point on Zoom’s privacy page

FaceTime is impressive in supporting end-to-end encryption for group calls, but it has its own limitations. Group FaceTime calls tend not to be as reliable as calls made with standard video chat apps. The necessity of end-to-end encryption means that FaceTime cannot re-encode video streams for participants with lower-quality connections, which is something that services with lesser security can do. The encrypted encoding/decoding of the protocol also requires some substantial processing power. It is also Apple proprietary technology.

Therefore, FaceTime requires that everyone on the call is using a fairly modern iPhone, iPad, iPod touch or Mac. FaceTime currently lacks key enterprise videoconferencing features, like the ability to share your computer’s screen so everyone can work through a document or project together.

However, if you want the utmost security and privacy, Group FaceTime is what you should use.

FTC: We use income earning auto affiliate links. More.

Dock Wave USB C Qi charger
You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Benjamin Mayo Benjamin Mayo

Benjamin develops iOS apps professionally and covers Apple news and rumors for 9to5Mac. Listen to Benjamin, every week, on the Happy Hour podcast. Check out his personal blog. Message Benjamin over email or Twitter.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications