Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday June 07 2020, @10:57AM   Printer-friendly
from the you-don't-get-what-you-don't-pay-for dept.

Zoom says free users won't get end-to-end encryption so FBI and police can access calls:

Video calling company Zoom confirmed this week that it won't enable end-to-end encryption for free calls in part because it wants to give law enforcement access to these calls if necessary. "We think this feature should be a part of our offering" for professional customers, said Zoom CEO Eric Yuan in a meeting with investors Tuesday. "Free users — for sure we don't want to give [them] that, because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose."

Encryption is a key issue for Zoom, which has been attempting to beef up its privacy and security after heavy usage exposed weak points during the COVID-19 pandemic. Reuters reported last week that the company will only roll out high-security end-to-end encryption to paying customers, potentially with exceptions for dissident groups or nonprofits that require the added security.

Additional Coverage At:
Zoom Restricts End-to-End Encryption to Paid Users
Zoom's End-to-End Encryption Will Be for Paying Customers Only
Zoom says free users won't get end-to-end encryption so FBI and police can access calls
Zoom faces criticism for denying free users e2e encryption


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Grishnakh on Sunday June 07 2020, @04:30PM (3 children)

    by Grishnakh (2831) on Sunday June 07 2020, @04:30PM (#1004538)

    I have a question: if you're a smart criminal in the US and you want to use encrypted messaging to communicate your nefarious plans with your minions, why would you use a US-based messaging system? It's not like the US is the only source of such software. Seems to me it'd make a lot more sense to use a Chinese-based platform, because you know they aren't going to care about any FBI national security letters. By the same token, if you're a smart criminal in China, you wouldn't want to use a Chinese platform, but an American one would be fine (the problem here being the Great Firewall).

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 0) by Anonymous Coward on Sunday June 07 2020, @05:33PM

    by Anonymous Coward on Sunday June 07 2020, @05:33PM (#1004563)

    The Chinese government has backdoors in pretty much anything they want backdoors in. NSLs aren't something that they need an equivalent for. You'd be better off with something that's being provided out of Europe where wanting to remain anonymous or having things kept private isn't an automatic flag for the authorities to look into what you're doing.

  • (Score: 0) by Anonymous Coward on Sunday June 07 2020, @06:10PM

    by Anonymous Coward on Sunday June 07 2020, @06:10PM (#1004570)

    if you use a centralized "platform" from any country you're a fucking idiot and deserve to get caught.

  • (Score: 0) by Anonymous Coward on Sunday June 07 2020, @06:33PM

    by Anonymous Coward on Sunday June 07 2020, @06:33PM (#1004575)

    if you're a smart criminal in the US and you want to use encrypted messaging to communicate your nefarious plans with your minions,

    If I were (I'm not a criminal, but I do this anyway), I wouldn't use a third-party encrypted messaging system. I would (in fact, I do) use a Jabber [jabber.org] server, either under my *physical* control or in a country where the authorities can't get to it. Since there are multiple Jabber clients *and* servers for most platforms, with many that are open source, finding appropriate servers/clients isn't hard.

    I'd also require that all connections encrypt with TLS and *scrub* any connection logs whenever a connection terminates. What's more, I'd encrypt the volume that contains *any* data (including configuration) related to the server as well.

    To anyone watching, it's just another TLS stream. And as long as client devices (or my criminal compatriots) aren't compromised, there really isn't much chance that communications will be compromised/surveilled.

    As I said, I'm not a criminal, but I do that anyway, because my business is my business and not anyone else's.