Zoom buys startup to bring end-to-end encryption to video calls

By

Zoom promises to work harder to protect user privacy.
Zoom calls are already encrypted, and the company committed today to step up to end-to-end encryption.
Photo: Zoom

Zoom on Thursday acquired Keybase for its experience with encryption and security.

The COVID-19 pandemic brought millions of new users to Zoom, but also criticism for weak security. Its stated goal in purchasing the smaller company, which developed its own messaging and file-sharing service, is to bring end-to-end encryption to Zoom meetings.

“We are excited to integrate Keybase’s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability,” said Eric Yuan, Zoom CEO, in a statement.

This could further increase the service’s popularity. German government workers are currently banned from using it because of a lack of end-to-end encryption, for example.

Zoom doesn’t offer end-to-end encryption… yet

Zoom does encrypt audio and video content flowing between Zoom clients. And the company recently upgraded to the industry-standard AES-GCM with 256-bit keys. But the encryption keys for each meeting are generated by Zoom’s servers, not the client devices.

This means the company doesn’t offer end-to-end encryption, the “holy grail” privacy standard. If it did, only the people on the call can access its content. No one — no even Zoom — could listen in.

This feature is actually rare. Google Hangouts, Skype, Facebook Messenger, WhatsApp and other popular video-conferencing application don’t have it. An exception is Apple FaceTime.

Zoom working to get more secure

And Zoom is upping its encryption offerings. “Zoom will offer an end-to-end encrypted meeting mode to all paid accounts,” its CEO promised today. This will happen in “the near future.”

Customers who choose this option will have to give up some features, including phone bridges, cloud recording and non-Zoom conference room systems. While such calls using these add-ons will be encrypted, they require encryption keys to be in the cloud.

Moves like enabling end-to-end encryption are attempts to overcome something of a bad reputation. Researchers have raised a number of security issues with Zoom. These range from compromised accounts found on the dark web to the practice of “Zoombombing.”