The saying “Time and adversity are powerful destroyers” seems to apply to Zoom, the company of the video call application that it pumped during the covid-19 pandemic. If the new coronavirus is the proverbial adversity, time has shown that Zoom is a collection of security flaws, and one of them (the lack of end-to-end encryption) led to his condemnation by the Federal Trade Commission, or US FTC).
“Since at least 2016, Zoom has tricked users by announcing that it offers’ 256-bit end-to-end encryption ‘to protect users’ communications when, in fact, providing a much lower level of security. Zoom’s servers (including some located in China) maintain the cryptographic keys that would allow the company to access the content of its customers’ meetings, “says the commission’s conclusive report.
In essence, this practice ends the whole purpose of the term “end to end”, which implies encryption that cannot be broken even by the company that manages the system.
According to the FTC, “the company did not provide end-to-end encryption for any videoconferencing via its application outside its ‘Connecter’ product (hosted on the client’s own servers).”
The FTC’s complaint brought together all of the company’s statements (such as compliance guides, reports, company blog posts and even responses to customer inquiries) in which Zoom lied about the encryption of its operations.
The company also “tricked users who wanted to store recorded company cloud meetings, falsely claiming that they would be encrypted immediately after they ended. Instead, they were stored unencrypted for up to 60 days.”