large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Zoom admits meetings aren’t really end-to-end encrypted

The video conferencing app has boomed in popularity recently, as people switch to working from home. But a new investigation from The Intercept has revealed that the app isn’t running watertight end-to-end encryption, at least as the term is commonly understood. 

Instead, it looks like Zoom relies on Transport Layer Security (TLS) for encryption, which is actually the bog standard encryption used by most websites. This means that there is a secure encryption, but it’s running between your app and the Zoom servers.

Put simply, it means that Zoom has the ability access both the video and audio in your meeting.

Related: The best ways to video chat

End-to-end encryption is commonly understood to mean that encrypted messages can only be decrypted by the people at the end points of a connection. In relation to video conference software, people may well think these end points are represented by the meeting participants.

But Zoom has admitted that this isn’t what the company means when it mentions end-to-end encryption, and has instead come up with a new definition that identifies itself as an end point.

Speaking with The Intercept, a spokesperson said: “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point.”

Zoom also went on to say that it doesn’t access any video or audio content, but only collects data that is necessary for service provision.

In addition, the company said it “has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings.”

While this might appease some, others might not be too happy. As Zoom technically has access to that video and audio content, the company could be forced to hand over meeting data if this is requested by authorities – and Zoom’s definition of end-to-end encryption still feels like a shady manoeuvre.

The news comes just after the company sheepishly apologised for accidentally sending user data to Facebook, and amidst reports that Zoom users have experienced other people crashing their meetings.

Related: How to delete a Zoom account

In other Zoom-related security stories, it appears that despite the Ministry of Defence banning the use of Zoom, the Prime Minister is still holding virtual meetings on the software – and accidentally publishing the meeting ID in the top left corner to boot.

We’ve reached out to Zoom for comment on the latest security concerns and will update this story with the response.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.