No group calling WebRTC based VC is end-to-end encrypted by default – for really secure VC rather self-host free Jitsi Meet

Zoom has got very popular very quickly and yes a number of issues are arising highlighting potential privacy concerns. It is popular fore good reason: Works very well, has great features, and invitees don’t need to register.

But it is built on WebRTC (as are many other video conferencing platforms now) which was designed for secure one-on-one (peer-to-peer) conferencing. So no-one can snoop on the traffic passing over the Internet but your client side app and the enterprise hosting the service instance for group calling potentially could.

To this end Zoom has been addressing the client issues (passing data back to Facebook), have amended their privacy policy making it more acceptable, and you can also set a number of default security options for meeting rooms. For example allowing telephone calls to bridge to your video chat does require the service to decode/encode to the phone otherwise that won’t work, so disabling this option is probably good.

There are some services such at Riot Matrix and Cisco Webex that can optionally enable full E2EE but it usually either costs in terms of price, network ovberhead, or limited numbers which can group conference.

However, if your organisation is a government or needs to be more sure around the security it is probably best to self-host something like Jitsi which you can fully control (or at least control access to it). Your organisation is the "man in the middle".

See Zoom’s end-to-end encryption isn’t actually end-to-end at all. Good thing the PM isn’t using it for Cabinet calls. Oh, for f… as well as an article about WebRTC and group calls at https://trueconf.com/webrtc.html and also https://wire.com/en/blog/is-your-video-conference-solution-secure/.

#technology #security #videoconferencing

Image/photo

Super-crypto actually normal TLS, lawsuit launched over Facebook API usage, privacy policy rewritten