Elon Musk's SpaceX bans Zoom over privacy concerns -memo [reuters.com]
Elon Musk’s rocket company SpaceX has banned its employees from using video conferencing app Zoom, citing “significant privacy and security concerns,” according to a memo seen by Reuters, days after U.S. law enforcement warned users about the security of the popular app.
Use of Zoom and other digital communications has soared as many Americans have been ordered to stay home to slow the spread of coronavirus.
[ . . . . ] In an email dated March 28, SpaceX told employees that all access to Zoom had been disabled with immediate effect.
“We understand that many of us were using this tool for conferences and meeting support,” SpaceX said in the message. “Please use email, text or phone as alternate means of communication.”
[ . . . . ] NASA, one of SpaceX’s biggest customers, also prohibits its employees from using Zoom, said Stephanie Schierholz, a spokeswoman for the U.S. space agency.
The Federal Bureau of Investigation’s Boston office on Monday issued a warning about Zoom, telling users not to make meetings on the site public or share links widely after it received two reports of unidentified individuals invading school sessions, a phenomenon known as “zoombombing.”
Also consider that one way to claim to have "end to end encryption" is to simply re-define the term.
Zoom Meetings Aren’t End-to-End Encrypted, Despite Misleading Marketing [theintercept.com]
Zoom, the video conferencing service whose use has spiked amid the Covid-19 pandemic, claims to implement end-to-end encryption, widely understood as the most private form of internet communication, protecting conversations from all outside parties. In fact, Zoom is using its own definition of the term, one that lets Zoom itself access unencrypted video and audio from meetings.
With millions of people around the world working from home in order to slow the spread of the coronavirus, business is booming for Zoom, bringing more attention on the company and its privacy practices, [harvard.edu] including a policy, later updated, that seemed [consumerreports.org] to give the company permission to mine messages and files shared during meetings for the purpose of ad targeting.
Still, Zoom offers reliability, ease of use, and at least one very important security assurance: As long as you make sure everyone in a Zoom meeting connects using “computer audio” instead of calling in on a phone, the meeting is secured with end-to-end encryption, at least according to Zoom’s website, [zoom.us] its security white paper, [zoom.us] and the user interface within the app. But despite this misleading marketing, the service actually does not support end-to-end encryption for video and audio content, at least as the term is commonly understood. Instead it offers what is usually called transport encryption, explained further below.
[ . . . . ] Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That’s because the service provider needs to detect who is talking to act like a switchboard, [ . . . ]
[ . . . . ] “They’re a little bit fuzzy about what’s end-to-end encrypted,” Green said of Zoom. “I think they’re doing this in a slightly dishonest way. It would be nice if they just came clean.”
The only feature of Zoom that does appear to be end-to-end encrypted is in-meeting text chat.