By John Gruber
WorkOS: APIs to ship SSO, SCIM, FGA, and User Management in minutes. Check out their launch week.
Micah Lee and Yael Grauer, reporting for The Intercept:
Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.
“Using its own definition of the term” is generously euphemistic on the part of The Intercept. This is simply a bald-faced lie intended to mislead.
“When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” the Zoom spokesperson wrote, apparently referring to Zoom servers as “end points” even though they sit between Zoom clients. “The content is not decrypted as it transfers across the Zoom cloud” through the networking between these machines.
If video chat is only encrypted in transit between clients and Zoom’s servers, say so. That’s less than ideal, but it is what it is, and as The Intercept quotes an expert, E2E encryption is particularly hard with high-quality group video and audio. But lying about it is unconscionable. And again, like Zoom’s other issues, this can’t be explained as an honest mistake. It’s deliberate. “End-to-end” is not open to interpretation.
★ Tuesday, 31 March 2020