Zoom lied to its users for years: the calls were not as secure as they claimed

Zoom lied to its users for years: the calls were not as secure as they claimed

The name Zoom seems to be linked to the controversies and the FTC has confirmed that the company has lied to users for years.

One of the biggest problems with Zoom has been in everything related to security. The now popular video call application was barely known in 2019, but the coronavirus crisis caused users to look at its features and usability, something that made it an especially interesting tool for many professional areas and private calls.

However, during these months we have been able to see the many ups and downs it has had in terms of security. For a while, users complained that strangers could access group video calls, then it was said that end-to-end encryption was going to be implemented, then not to everyone…

But this is far from being the case, according to the United States Federal Trade Commission (FTC): it has been reported that Zoom lied to users for years by claiming to offer end-to-end encryption.

According to Ars Technica, the FTC clarifies that Zoom deceived users “from at least 2016” by “promoting that it offered ‘256-bit end-to-end encryption’ to protect user communications, when in fact it provided a lower level of security.

Although promoted for years, “Zoom did not provide end-to-end encryption for any meetings held outside of Zoom’s ‘Connecter’ product (which is hosted on the customer’s own servers), because Zoom’s servers, including some located in China, hold the cryptographic keys that would allow Zoom to access the content of its customers’ meetings.

This indicates that the problem went further than expected, since the meetings could be accessed from Zoom’s offices and, in addition, the sensitive information in them did not meet the security standards.

After the FTC ruling, Zoom has agreed to implement a new comprehensive security program and further clarify the terms of use to avoid misunderstandings. Although the ruling has not pleased everyone by not offering any compensation to users who were misled by these practices. We will see if this is the definitive end to the security problems with Zoom