Scandal engulfed popular videoconferencing software Zoom when its promise of providing end-to-end encryption (E2EE), turned out to be a lie. For years the Zoom client informed users that “Zoom is using an end-to-end encrypted connection.” Zoom even lied to the SEC in 2019 in its pre-IPO filings, claiming to offer “end-to-end encryption” when they did not.
In early July, reverse engineering by researchers at Citizen Lab demonstrated substandard, non-E2EE encryption and keys sent to servers in China. And Zoom CEO Eric Yuan told the Wall Street Journal he “really messed up” and plans to do better.
The main difference between Zoom and its major competitors, Google Meet and Microsoft Teams, is that Zoom lied about offering E2EE, and Google and Microsoft don’t even pretend to offer E2EE. Those in search of a true end-to-end encrypted videoconferencing solution will have to go further afield and make trade-offs in exchange for that greater level of security.
CSO took a high-level look at the security of Zoom, Google Meet, Microsoft Teams, Cisco’s Webex Meetings, FaceTime, Signal, WhatsApp and Wire. Here’s what we found.