Videoconferencing service Zoom has announced it is adding end-to-end encryption (E2EE) to its platform. The company made this known today in a blog post on its website.
The company will begin to roll out the new feature from Oct. 19 and will add features created by a company it acquired in May, Keybase.
Max Krohn, the head of security for the company wrote, “We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days.
“Zoom users — free and paid — around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”
The company originally planned to offer E2EE only to paying customers. However, customer outcry clearly changed those plans, and now free users will have access to E2EE features as well as identity controls that will ensure users can’t make “abusive” accounts.
Krohn also wrote, “Zoom’s E2EE offering uses public-key cryptography,” adding: “ In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.”
The company also made it clear that added security comes at a price. Krohn wrote that users who enable E2EE will not be able to use “certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.” Updates to the system will allow further access to these features.
All users wishing to use E2EE will have to offer personal information including phone numbers. Future updates should roll out in 2021.
Users will see a green padlock on their screen if they are in an E2EE conversation. The rest of the experience will be invisible to the user after the initial verification steps—just as most security should be.