Zoom lied about the strength of his security for months. The video service has now reached a settlement with the American consumer watchdog FTC.
The Federal Trade Commission, the US antitrust authority, launched an investigation earlier this year into Zoom’s potentially misleading claims about its security measures.
The video calling platform, which boomed in popularity during its first lockdown early this year, has long claimed that video calls were encrypted end-to-end. However, that was not the case.
Zoom offered TLS encryption or ‘transport encryption’ at the beginning of this year.
The connection between the endpoints (the computers or smartphones of the participants) and the Zoom servers is encrypted. In principle, Zoom can then see that data when they run on their own servers. End-to-end encryption is stricter.
Here the data is encrypted on your computer and only decrypted once it arrives at the recipient. The company that provides the service and whose servers it runs cannot view the messages.
The reason Zoom called its encryption “end-to-end” in March, according to a spokesperson, was because the company sees its own servers as “endpoints.”
That’s not how the rest of the world defines them: in general, the endpoints are the user’s devices, not the server of the service in between.
