Just wondering if Zoom is being a little late to the game to be trusted?
Now for some comments>
1. It is impossible to architect end-to-end encryption in a multi-participant, client-server architecture conference meeting. End-to-end encryption is possible only with two endpoints, without an intervening server. For a Zoom conference, or Skype, or Google Hangouts, or Google Meet, or M$ Team, or whatever, each client can have an encrypted channel to the server, but the server must decrypt all of them and then re-send the stream back out to each participant in a single re-encrypted stream. To have true E2E encryption, the server would have to tunnel all encrypted streams to every participant, and each client end point would have to use resources to decrypt in-bound and encrypt outbound in a separate crypto session for each participant. Thus, If I am in a meeting with 100 in the meeting, my computer would have to run 99 crypto stream sessions at the same time instead of only one.
2. In the article they once more say Yuan claimed AES 256 encryption. In a separate thread on Zoom here is a link to an article stating research on Zoom proved their claim of AES 256 was not true, that they were using AES 128 in a reduced security mode.
3. Big deal of the hosting server for a group meeting is not a Zoom data center. The enterprise host must be running the proprietary, licensed Zoom host software, IF that s/w has a monitor and stream feature tucked into it, then the Zoom s/w could easily backchannel monitored streams and keys back to Zoom data centers during "routine s/w patch and update" sessions. Yeah, not much for me to trust there.