zoom rolls out end to end encryption

see also: Latency Budget · Platform Risk

Zoom started rolling out opt-in end-to-end encryption (E2EE) across free and paid tiers, promising meeting keys on local clients rather than Zoom’s servers (Zoom Blog).

scene cut

Users can toggle E2EE in settings; when active, meetings max at 200 participants and disable cloud recording. Zoom distributes ephemeral session keys to each participant using public-key infrastructure.

signal braid

• It’s the promised fix to the trust cliff captured in zoom security meltdown exposes cryptography gaps.
• Providing E2EE to free users appeased privacy critics and regulators simultaneously.
• Growth in remote work (see remote work normalizes across platforms) demanded stronger assurances.

risk surface

• Features like telephone dial-in and breakout rooms lose functionality under E2EE.
• Clients must stay updated; old versions can’t join encrypted meetings.
• Support load rises because users misconfigure security settings.

my take

Zoom needed to prove it learned from early missteps. Shipping E2EE to everyone makes the company look like it takes trust as seriously as growth.

linkage

linkage tree

• tags
  • #security
  • #remote-work
  • #2020
• related
  • [[zoom security meltdown exposes cryptography gaps]]
  • [[remote work normalizes across platforms]]

ending questions

Will Zoom keep pace with enterprise key-management demands now that E2EE is table stakes?