In June, after relentless pressure from privacy advocates, Zoom said that it’ll extend end-to-end encryption to free users of its video conferencing service, beyond its previous limit to only paying customers. Now, the company is set to roll it out starting next week, but just as a preview with certain limitations.
To be clear, Zoom’s meetings were protected by AES 256-bit GCM encryption. So, your text, video, and audio were safe from snooping while in transit. However, these encryption keys were generated on Zoom’s servers, and attackers could target it to snoop on users. On the other hand, if a meeting has end-to-end encryption protection, only participants will have these keys.
In May, the company acquired Keybase.io, an encryption-based identity service, to build the end-to-end encryption offering.
Zoom says that encrypted meetings won’t be turned on by default. The host or admin has to enable it at the account, group, or user level. Plus, before each meeting, everyone has to turn it on explicitly to join. You’ll see a green shield on the top-left corner of your meeting screen to indicate that this meeting is protected by end-to-end encryption.
If you’re a free user, to use end-to-end encryption, you’ll have to first verify yourself through two-factor authentication using a code sent to your phone via SMS.
In this preview stage, if you enable end-to-end encryption for your meeting, you won’t be able to use features such as joining before the host, cloud recording, streaming, live transcription, breakout rooms, polling, and 1-on-1 private chat. And while Zoom can host up to 1,000 participants on an enterprise plan, the end-to-end encryption feature will be limited to meetings with up to 200 participants.
Zoom says that this feature will be in the beta phase for 30 days to collect feedback from users. The company is planning to roll out the second phase of end-to-end encryption (out of four planned phases) with better identity management.