{"id":28883,"date":"2020-05-07T15:50:43","date_gmt":"2020-05-07T19:50:43","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=28883"},"modified":"2020-06-03T16:10:01","modified_gmt":"2020-06-03T20:10:01","slug":"zoom-security-improvements","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/05\/07\/zoom-security-improvements\/","title":{"rendered":"Zoom Security Improvements"},"content":{"rendered":"<p><a href=\"https:\/\/zoom.us\/docs\/en-us\/zoom-v5-0.html\">Zoom<\/a> (via <a href=\"https:\/\/twitter.com\/dhh\/status\/1255241062131564546\">David Heinemeier Hansson<\/a>):<\/p>\n<blockquote cite=\"https:\/\/zoom.us\/docs\/en-us\/zoom-v5-0.html\"><p>Zoom 5.0 is here!<\/p>\n<p>With robust security enhancements and to prepare you for the upcoming transition to GCM encryption.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/www.schneier.com\/blog\/archives\/2020\/04\/secure_internet.html\">Bruce Schneier<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.schneier.com\/blog\/archives\/2020\/04\/secure_internet.html\"><p>There is nothing in Zoom&rsquo;s latest announcement about key management. So: while the company has done a really good job improving the security and privacy of their platform, there seems to be just one step remaining to fully encrypt the sessions.<\/p>\n<p>The other thing I want Zoom to do is to make the security options necessary to prevent Zoombombing to be made available to users of the free version of that platform. Forcing users to pay for security isn&rsquo;t a viable option right now.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/blog.zoom.us\/wordpress\/2020\/05\/07\/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering\/\">Eric S. Yuan<\/a> (<a href=\"https:\/\/news.ycombinator.com\/item?id=23102430\">Hacker<\/a> <a href=\"https:\/\/news.ycombinator.com\/item?id=23104702\">News<\/a>):<\/p>\n<blockquote cite=\"https:\/\/blog.zoom.us\/wordpress\/2020\/05\/07\/zoom-acquires-keybase-and-announces-goal-of-developing-the-most-broadly-used-enterprise-end-to-end-encryption-offering\/\"><p>We are proud to announce the acquisition of Keybase, another milestone in Zoom&rsquo;s 90-day plan to further strengthen the security of our video communications platform. Since its launch in 2014, Keybase&rsquo;s team of exceptional engineers has built a secure messaging and file-sharing service leveraging their deep encryption and security expertise. We are excited to integrate Keybase&rsquo;s team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability.<\/p><\/blockquote>\n\n<p><a href=\"https:\/\/sixcolors.com\/link\/2020\/05\/zoom-buys-keybase-to-shore-up-security\/\">Dan Moren<\/a>:<\/p>\n<blockquote cite=\"https:\/\/sixcolors.com\/link\/2020\/05\/zoom-buys-keybase-to-shore-up-security\/\">\n<p>There are, as Yuan points out, drawbacks to implementing that end-to-end encryption, which will be an option for paid accounts, but not mandatory. Namely, certain features won&rsquo;t be compatible, such as phone bridges and cloud recording (because Zoom can&rsquo;t decrypt the content).<\/p>\n<\/blockquote>\n\n<p>Previously:<\/p>\n<ul>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/04\/10\/every-zoom-security-and-privacy-flaw-so-far\/\">Every Zoom Security and Privacy Flaw So Far<\/a><\/li>\n<li><a href=\"https:\/\/mjtsai.com\/blog\/2020\/03\/31\/zoom-meetings-arent-end-to-end-encrypted\/\">Zoom Meetings Aren&rsquo;t End-to-End Encrypted<\/a><\/li>\n<\/ul>\n\n<p id=\"zoom-security-improvements-update-2020-05-25\">Update (2020-05-25): <a href=\"https:\/\/twitter.com\/alexstamos\/status\/1263896949712814080\">Alex Stamos<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/alexstamos\/status\/1263896949712814080\">\n<p>Zoom has published an <a href=\"https:\/\/github.com\/zoom\/zoom-e2e-whitepaper\/blob\/master\/zoom_e2e.pdf\">initial design and roadmap<\/a> for deploying end-to-end encryption for hundreds of millions of meeting participants.<\/p>\n<\/blockquote>\n\n<p id=\"zoom-security-improvements-update-2020-06-03\">Update (2020-06-03): <a href=\"https:\/\/twitter.com\/jenuhhveev\/status\/1266101554928447488\">Gennie Gebhart<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/jenuhhveev\/status\/1266101554928447488\">\n<p>I have been pleasantly surprised with Zoom&rsquo;s quick and decisive responses to security criticism recently, but after a feedback call they hosted this morning about their end-to-end encryption plan I am back to being disappointed.<\/p>\n<p>The plan that I heard is to build out end-to-end encryption, but as a premium feature offered only to paid accounts.<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Zoom (via David Heinemeier Hansson): Zoom 5.0 is here! With robust security enhancements and to prepare you for the upcoming transition to GCM encryption. Bruce Schneier: There is nothing in Zoom&rsquo;s latest announcement about key management. So: while the company has done a really good job improving the security and privacy of their platform, there [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2020-05-07T19:50:46Z","apple_news_api_id":"f2d74bab-d9cf-4650-acec-2af00fa43e73","apple_news_api_modified_at":"2020-06-03T20:10:05Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/A8tdLq9nPRlCs7CrwD6Q-cw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[66,31,1667,26,30,32,1666,355,48,1839],"class_list":["post-28883","post","type-post","status-publish","format-standard","hentry","category-technology","tag-acquisition","tag-ios","tag-ios-13","tag-iosapp","tag-mac","tag-macapp","tag-macos-10-15","tag-privacy","tag-security","tag-zoom"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=28883"}],"version-history":[{"count":3,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28883\/revisions"}],"predecessor-version":[{"id":29149,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28883\/revisions\/29149"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=28883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=28883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=28883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}