From the horse’s mouth
Since the COVID-19 coronavirus plague had us housebound even for work or school, we have ended up using videoconferencing platforms more frequently for work, school and social life. The most popular of these platforms ended up being Zoom which effectively became a generic trademark for multiparty videoconferencing.
But the computer press and consumer-privacy regulators identified that most of these videoconferencing platforms had security and user-privacy / company-confidentiality weaknesses. One of these that has beset Zoom was the lack of end-to-end encryption for multiparty videocalls. This ended up being a key issue due to most of us ending using these platforms more frequently and the increased use of Zoom and similar platforms for medical and legal telexonsultations.
Now Zoom, as part of its recent Zoomtopia feature-launch multiparty videoconference, has launched a number of new features for their platform. These include virtual participant layouts similar to what Microsoft Teams is offering.
But the important one here is to facilitate end-to-end encryption during multiparty videoconferences. This will be available across all of Zoom’s user base, whether free or paid. For the first 30 days from next week, it will be a technical preview so they can know of any bugs in the system.
The end-to-end encryption is based around the meeting host rather than Zoom generating the keypairs for the encryption protocol, which would occur as a videoconference is started and as users come on board. It is a feature that Zoom end-users would need to enable at account level and also activate for each meeting they wish to keep secure. That is different from WhatsApp where end-to-end encryption occurs by default and in a hands-off manner.
At the moment, updated native Zoom clients will support the end-to-end encryption – you won’t have support for it on Zoom Web experiences or third-party devices and services that work with Zoom like the smart displays or Facebook’s Portal TV videophone. This situation will be revised as Zoom releases newer APIs and software that answers thsi need.
If a meeting is operating with end-to-end encryption, there will be a green shield with a lock symbol in the upper left corner to indicate that this is the case. They can click on the icon to bring up a verification code and have that confirmed by the meeting host reading it out loud.
Free users will be required to use SMS-based verification when they set up their account for end-to-end encryption. This is a similar user experience to what a lot of online services are doing where there is a mobile phone number as a second factor of authenticity.
At least Zoom is taking steps towards making its multiparty videoconference platform more safe and secure for everyone.