Zoom says free users won't get end-to-end encryption so FBI and police can access calls:
Video calling company Zoom confirmed this week that it won't enable end-to-end encryption for free calls in part because it wants to give law enforcement access to these calls if necessary. "We think this feature should be a part of our offering" for professional customers, said Zoom CEO Eric Yuan in a meeting with investors Tuesday. "Free users — for sure we don't want to give [them] that, because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose."
Encryption is a key issue for Zoom, which has been attempting to beef up its privacy and security after heavy usage exposed weak points during the COVID-19 pandemic. Reuters reported last week that the company will only roll out high-security end-to-end encryption to paying customers, potentially with exceptions for dissident groups or nonprofits that require the added security.
Additional Coverage At:
Zoom Restricts End-to-End Encryption to Paid Users
Zoom's End-to-End Encryption Will Be for Paying Customers Only
Zoom says free users won't get end-to-end encryption so FBI and police can access calls
Zoom faces criticism for denying free users e2e encryption
(Score: 0) by Anonymous Coward on Sunday June 07 2020, @06:33PM
If I were (I'm not a criminal, but I do this anyway), I wouldn't use a third-party encrypted messaging system. I would (in fact, I do) use a Jabber [jabber.org] server, either under my *physical* control or in a country where the authorities can't get to it. Since there are multiple Jabber clients *and* servers for most platforms, with many that are open source, finding appropriate servers/clients isn't hard.
I'd also require that all connections encrypt with TLS and *scrub* any connection logs whenever a connection terminates. What's more, I'd encrypt the volume that contains *any* data (including configuration) related to the server as well.
To anyone watching, it's just another TLS stream. And as long as client devices (or my criminal compatriots) aren't compromised, there really isn't much chance that communications will be compromised/surveilled.
As I said, I'm not a criminal, but I do that anyway, because my business is my business and not anyone else's.