cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Zoom - Epic Fail

On Zoom’s Wednesday first-quarter financial earnings call, Zoom CEO Eric Yuang said that the upcoming end-to-end encryption feature would not apply for free users. Alex Stamos, former CIO at Facebook, who is currently working as an advisor for Zoom, then defended the policy in a recent Twitter thread, explaining that Zoom is juggling a “balancing act.” There was an immediate "backdraft" response from security professionals challenging Zooms claims that unless they made end-to-end encryption pay-for-play then they would not be able to respond to law enforcement. They didn't say they this is actually going to pay for the high priced consultant fees...

4 Replies
Highlighted
Community Champion

Re: Zoom - Epic Fail

You mean they applied risk management techniques and realised how were they going to pay their consultants?

 

I agree an epic failure, in a rush to keep the customers happy?  When the customers were already happy without it, given the number of customers actually using it despite the underlying issues.

 

Did they ask the customers, whether they wanted encryption and whether they were prepared to pay for it?

 

Using a technique Google uses "reverse innovation".

 

Its called learning, as to what the customer actually want.

 

Regards

 

Caute_cautim

Highlighted
Community Champion

Re: Zoom - Epic Fail

This announcement has Bruce Schneier much less enamored with Zoom.

See his 6/4/20 blog post

Zoom's Commitment to User Security Depends on Whether you Pay It or Not

Bruce also called them out on the flip flam linguistic tricks in their statement, trying to fool the less aware on just what their encryption does and does not do.

 

Craig

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html
Highlighted
Community Champion

Re: Zoom - Epic Fail

Believe it or not. This story has a silver lining:

 

Zoom's CEO Eric S. Yuan announced today 6/17/2020) that end-to-end encryption (E2EE) will be provided to all users (paid and free) after verifying their accounts by providing additional identification info such as their phone number.'

 

"We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform," Yuan said.

 

"This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform."

Highlighted
Community Champion

Re: Zoom - Epic Fail


@AppDefects wrote:

Believe it or not. This story has a silver lining:

 

Zoom's CEO Eric S. Yuan announced today 6/17/2020) that end-to-end encryption (E2EE) will be provided to all users (paid and free) after verifying their accounts by providing additional identification info such as their phone number.'

 

"We are also pleased to share that we have identified a path forward that balances the legitimate right of all users to privacy and the safety of users on our platform," Yuan said.

 

"This will enable us to offer E2EE as an advanced add-on feature for all of our users around the globe – free and paid – while maintaining the ability to prevent and fight abuse on our platform."


I will believe all that when I see a verifiable architecture that provides E2E encryption between the end users having the direct conversations, and not end-to-server followed by server-to-end. Earlier PR and marketing releases from Zoom have played fast and loose with language trying to make readers believe they were getting E2EE when they were getting TLS between the users and the servers.

 

 

Craig

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile
href="Not Passing a Cert Exam is Not the Same as Failing" target="new";;https://cragins.blogspot.com/2018/08/pass-rates-for-professional-exams.html