Our mission to help you navigate the new normal is fueled by subscribers. To enjoy unlimited access to our journalism, subscribe today.
Videoconferencing service Zoom rolled out a major new security upgrade for users on Monday: end-to-end encryption. But the extra protection against hackers won’t be offered by default, meaning users will have to take several steps to turn it on.
Zoom initially announced the extra security in May, when exploding use of its service during the coronavirus pandemic led to a rise in security problems, including strangers joining calls uninvited, known as Zoombombing.
Users will have to give some serious thought to whether to enable end-to-end encryption. Although it increases security, it disables a number of key Zoom features.
The new encryption will be available to all Zoom users, whether they have paid or free accounts. Here’s everything to know, including how to decide whether you even need the extra protection.
What is end-to-end encryption?
Zoom calls are already encrypted by default, meaning that video and audio data are scrambled using an algorithm. Information is encoded by replacing readable characters with other data, using a unique key.
End-to-end encryption works on the same principle, but it changes how encryption keys are created and used.
Keys for Zoom’s current default encryption are created on Zoom’s servers, then distributed to users. This increases the chances that a determined hacker could intercept a key and access a meeting uninvited. In a worst-case scenario, hackers could steal thousands of keys at the same time directly from Zoom and then spy on Zoom’s users during their calls.
With end-to-end encryption, keys will instead be generated on the computers of Zoom users. This should mean third parties, including Zoom itself, can’t easily get their hands on a large number of encryption keys. This brings Zoom in line with end-to-end encrypted chat apps like Signal, Wickr, and WhatsApp – except in this case, it applies to video.
Who needs end-to-end encryption for Zoom calls?
Many users probably don’t need the extra protection provided by end-to-end encryption. Zoom’s previous security problems were mostly the result of user error, such as making meetings publicly accessible. So if you’re just trying to deter nuisance ‘Zoom bombings’ of an online high school history class, end-to-end encryption is probably overkill.
But the pandemic has also pushed many highly sensitive conversations online. For corporate discussions, government meetings, and health consultations, for instance, end-to-end encryption can provide peace of mind.
Of course, on the flip side, end-to-end encryption is also useful for criminals. Because companies using it lack access to their users’ encryption key, the companies are incapable of giving law enforcement access to users’ communications.
How to turn on end-to-end encryption in Zoom
For now, Zoom users will to go through a two-part process to get end-to-end encryption. First, users must enable it in the security settings of their Zoom accounts.
Here’s what that looks like:
Secondly, end-to-end encryption must be activated and managed by each meeting’s host. If it’s activated, attendees who don’t have end-to-end encryption activated on their own accounts will be unable to join meetings. So if you’re using end-to-end encryption, be sure to let invitees know they must activate the feature on their own account before joining your meeting.
Some key Zoom features won’t work with end-to-end encryption
Making end-to-end encryption work with multi-party video is a serious technical challenge, and at least with this early version, Zoom had to make some tradeoffs. Broadly speaking, Zoom calls using the technology will be less interactive, less convenient, and require more setup and preparation by both hosts and attendees.
Among the features Zoom says won’t work are recording meetings to the cloud; live emoji reactions from meeting participants; users’ ability to join a call before the host; streaming a meeting to outside viewers; live transcription; polling; one-on-one private chat; and splitting participants into breakout rooms.
But perhaps the most notable missing feature will be telephone dial-in. All participants in end-to-end encrypted calls must use Zoom mobile or desktop software, and have end-to-end encryption enabled. That could be a significant hurdle for less tech-savvy users, or others who prefer using their phones to dial into meetings.
However, some of these limitations may be temporary. This week’s planned rollout is “Phase 1,” with a “Phase 2” update planned for next year. It’s expected to include improved identity management, which might make joining encrypted calls easier or offset some of the other inconveniences of Zoom’s first iteration of total privacy.
More must-read tech coverage from Fortune:
- What Silicon Valley needs from the 2020 election
- Behind real estate’s surprise 2020 boom and what comes next
- Google says it isn’t a dangerous monopoly. Here are its 4 key arguments
- What could change at Google if the Department of Justice gets its way
- Teledentistry is filling a cavity left by the pandemic, but some caution it can’t replace in-person visits