Zoom has had its fair share of security concerns over the last few months. The spotlight is on the video communication app since it become the most popular communication tool during the stay-at-home era of the COVID-19 world. However, the company says it will not take an important security step for free accounts.
According to Zoom CEO Eric Yuan, the company will not use end-to-end encryption on free calls. That raised some eyebrows because end-to-end encryption stops third parties (including Zoom) from seeing call contents.
Zoom's stance went from worrying to outright controversial when Yuan confirmed the company wanted to work with FBI and local law enforcement by giving them access to data. Alex Stamos, Zoom's security consultant, says he thinks Yuan did not make his intentions clear.
In a Twitter thread, Stamos explained what the company thinks about encryption. He points out Zoom never records meetings or monitor other content. He adds:
“The current decision by Zoom's management is to offer E2EE to the business and enterprise tiers and not to the limited, self-service free tier.”
Stamos says the company is walking a tight rope with free accounts. In recent months, free Zoom accounts have been used by bad actors who can attack meetings with so-called Zoom Bombing. Being able to pass details of these actions to law enforcement can help catch perpetrators. Looking across social media, it seems most users disagree and value protection more.
Zoom has addressed its security troubles with a focus on shoring up the platform. In recent months, Zoom's growth has been tempered by a series of issues that have plagued the platform. For example, bad actors have been infiltrating meetings and ZoomBoming participants. The company also removed data sharing with Facebook over concerns regarding GDPR rules.
Google also recently banned its employees from using Zoom. In April, the company's CEO, Eric S. Yuan said the company did not expect to see a growth in popularity and was not prepared for it. Also in April, over half a million Zoom user credentials were found online.