Zoom offers end-to-end encryption only to paying customers

Zoom only makes its end-to-end encryption available to paying customers. Free version users only get ‘normal’ encryption. Zoom says it wants to be able to continue to work with investigative services to prevent abuse.

Business users who pay for Zoom will have access to end-to-end encryption in the future, but non-paying users will not. “We definitely don’t want to give free users that function, because we also want to work with the FBI and local law enforcement if people use Zoom for evil purposes,” said Zoom CEO Eric Yuan during the discussion of the quarterly figures.

Yuan does not elaborate further in the conversation about what he means by his statements. Security consultant Alex Stamos does. He joined Zoom in April as an external consultant. On Twitter Stamos says Zoom has a lot to do with abuse. This includes ‘zoom bombing’. In doing so, hackers look for open Zoom meetings, which until recently could be found via search engines, and then spam them full with, for example, pornographic material. “Zoom is working with investigative services to tackle them,” Stamos writes.

According to Stamos, it’s difficult to track down such individuals if a conversation has end-to-end encryption. In addition, according to Stamos, Zoom is also often used to facilitate ‘abuse’, although he does not elaborate on what kind of abuse that is. Stamos says a lot of such abuse is done over VPNs and disposable email addresses.

Zoom recently implemented some form of end-to-end encryption for the first time. The company put a white paper online. Conversations via Zoom also use AES256 in the free version, but that is not from end to end.