Researchers found that Zoom uses its own encryption scheme, sometimes using keys issued by China.

Some of the key management systems — 5 out of 73, in a Citizen Lab scan — seem to be located in China, with the rest in the United States. Interestingly, the Chinese servers are at least sometimes used for Zoom chats that have no nexus in China. The two Citizen Lab researchers, Bill Marczak and John Scott-Railton, live in the United States and Canada. During a test call between the two, the shared meeting encryption key “was sent to one of the participants over TLS from a Zoom server apparently located in Beijing,” according to the report.

I don’t have further commentary on Zoom, other than asking, “How will this end?”

Check It Out: Zoom’s Encryption is Linked to Chinese Servers

5 Comments Add a comment

  1. John Kheit

    Zoom’s bent is to sell you out. Put a freak’n WEB SERVER on your machine. To open up root. To have terms of service to sell you out. To go ahead and sell out your data to Facebook. It’s not a technology problem, it’s a culture problem. I refuse to put that crap software and tell my clients as much. I’ll only use Zoom telephone lines and offer Join.me or other services for screen sharing.

    The gold medal for secure multi communications is still FaceTime. Why apple doesn’t put more than a one dude and 3 goats on it to actually make it work for business is beyond me.

  2. wab95

    Andrew:

    This just keeps getting better and better. I think you should just open a running column on Zoom, titled ‘The Daily Zoom’, because this is practically every day, another scandal or unflattering revelation. Even the mainstream, non-tech media have picked up on this and are providing warnings. Seriously, in the US, when PBS starts talking about your tech, you’ve got issues.

    At some point, self-inflicted wounds become non-recoverable, as do credibility and trust. The company either has to come under new management and transparently revamp the platform, or shut down and hope that someone else takes up their goals, but with a cleaner, more secure execution.

    There are other options. My colleagues and I tend to use GoToMeeting and WebEx, amongst others, for many of the same uses as Zoom, namely large international meetings, task forces and teleconferences.

  3. geoduck

    There’s an old song that goes “…if it weren’t for bad luck, I’d have no luck at all…” Even when Zoom does the right thing, they do it the wrong way.

    • wab95

      @geoduck: That’s from Albert King, 1967, ‘Born Under a Bad Sign’. I think that Zoom was born under a bad code.

Add a Comment

Log in to comment (TMO, Twitter, Facebook) or Register for a TMO Account