As reported by The Intercept, the Zoom video conferencing app offers options for end to end encryption in its UI (and in its marketing materials) but the calls are not actually end-to-end encrypted at all.
The Zoom video app is bursting into the public consciousness this year as the coronavirus causes most people to work from home. However, the security of the app has come under fire in many ways. In this instance, it turns out Zoom calls are only encrypted in transmission. This means the central Zoom servers could decrypt the incoming calls and see all participants if the wanted to.
In contrast, Apple’s FaceTime has always been end-to-end encrypted. When Group FaceTime was introduced in 2018, it too was end-to-end encrypted. FaceTime remains the only video chat app that supports end-to-end encryption on group calls with up to 32 participants.
The kind of encryption Zoom actually uses is no different to browsing the web over HTTPS. Your connection to the server is secured, but the content of the call can be decrypted and snooped on by the server if it wanted to. Obviously, Zoom says it does not do this and simply uses the server to re-encode the connection to the call’s recipients.
In response to The Intercept’s report, Zoom said:
But when reached for comment about whether video meetings are actually end-to-end encrypted, a Zoom spokesperson wrote, “Currently, it is not possible to enable E2E encryption for Zoom video meetings. Zoom video meetings use a combination of TCP and UDP. TCP connections are made using TLS and UDP connections are encrypted with AES using a key negotiated over a TLS connection.”
You can read more about how Zoom works technically in The Intercept’s original article. The company nonetheless makes several claims about its service being end-to-end encrypted on its website.
End-to-end encryption is the first bullet point on Zoom’s privacy page
FaceTime is impressive in supporting end-to-end encryption for group calls, but it has its own limitations. Group FaceTime calls tend not to be as reliable as calls made with standard video chat apps. The necessity of end-to-end encryption means that FaceTime cannot re-encode video streams for participants with lower-quality connections, which is something that services with lesser security can do. The encrypted encoding/decoding of the protocol also requires some substantial processing power. It is also Apple proprietary technology.
Therefore, FaceTime requires that everyone on the call is using a fairly modern iPhone, iPad, iPod touch or Mac. FaceTime currently lacks key enterprise videoconferencing features, like the ability to share your computer’s screen so everyone can work through a document or project together.
However, if you want utmost security and privacy, Group FaceTime is what you should use.