As part of its 90-day security strategy, Zoom announced the acquisition of Keybase, an end-to-end encryption application for chat security and file sharing. The Keybase team will help provide Zoom with the same protection.
The lack of end-to-end encryption is one of the many criticisms Zoom has raised in recent months and the company is determined to address this issue. However, Zoom claims that it only offers end-to-end encrypted session mode for paying accounts, and points out that this privacy option, as opposed to compatibility, means that some features will be missing.
See also :
Although the latest version of Zoom 5.0 has improved the encryption, it wasn’t yet the secure end-to-end encryption that so many users were asking for. The problem with the existing encryption method is that when using the industry standard AES-GCM with 256-bit keys, some encryption keys are stored in the cloud for communication with other systems.
When end-to-end encryption is used, meetings where it is used will not support phone gateways, cloud recording, or non-zoom conference room systems. Zoom has the guts to want to create a level of security that is equivalent to or better than the existing consumer platforms for the exchange of encrypted messages. A detailed cryptographic design project will be presented on Friday the 22nd. May, published.
In the acquisition request, Eric S. Yuan of Zoom said that we are proud to announce the acquisition of Keybase, another step in Zoom’s 90-day plan to improve the security of our video communication platform. Since its launch in 2014, Keybase’s outstanding team of engineers have built up a secure messaging and file service, drawing on its extensive experience in encryption and security. We are pleased to be able to integrate the Keybase team into the Zoom family to help us build an end-to-end encryption solution that can achieve Zoom’s current scalability.
He goes on to say:
This acquisition is an important milestone for Zoom, as we are trying to create a truly private video communication platform suitable for hundreds of millions of subscribers while offering the flexibility to support a wide range of Zoom applications. Our goal is to ensure maximum confidentiality for each use, while balancing the needs of our users and our commitment to preventing harmful behavior on our platform. Keybase’s experienced team will be an important part of this mission.
In another article in the Keybase-Blog he explains what he is going to do:
Our top priority is to help improve the safety of zooms. There is currently no concrete plan for the Keybase application. Ultimately, the future of Keybase lies in the hands of Zoom, and we’ll see where it takes us. In the event of a change in the availability of Keybase, our users will of course receive a whole series of notifications.
Our short-term policy is to significantly improve our safety by working on a much larger product than Keybase. We can’t be more specific because we’re just going underground.
Zoom also takes various measures to protect the privacy of its users, the company explains:
- We will continue to work with users to improve the reporting mechanisms available to meeting organisers to report unwanted and disruptive participants.
- The zoom function does not and will not proactively monitor the content of meetings, but our Trust and Security team will continue to use automated tools to find evidence of user abuse based on other available data.
- The zoom has not created, and will not create, a mechanism to decipher live broadcasts for legitimate listening purposes.
- In addition, we do not have the opportunity to involve our employees or others in meetings that are not on the attendance list. We don’t build cryptographic back rooms to secretly monitor the sessions.
A loan for a painting: Sergey Nivens / Shatterstock