Zoom is now testing End-to-End Encryption (E2EE) for meetings. The feature is disabled by default for all users, but anyone interested can enable it from their account settings. Also, since it’s currently in the preview (read beta) phase, certain key features like Cloud Recording, Breakout Rooms, 1:1 Private Chat aren’t supported when you’re on an end-to-end encrypted call on Zoom.
How does End-to-End Encryption Help?
Zoom already has strong AES 256-bit GCM encryption for meetings. And E2EE also uses 256-bit encryption algorithms to secure data, but in a more secure way. When E2EE is enabled, the security keys used for the encryption are stored on users’ devices, not on a remote server. This removes the middleman (Zoom servers) out of the encryption process and thus ensures a more secure connection between meeting participants.
Think of it this way. Imagine your meeting is a physical storage device, like a safe or suitcase. It has a lock to ensure that nobody else can get access to the contents inside except you. The lock has a key that allows you access inside. When you use GCM encryption, you’re handing over the lock and key to Zoom, placing all your trust in it. When you use end-to-end encryption, the lock and key are with you only. You make duplicates of the lock and key and distribute them to the other participants, so they can access the safe too. Nobody else has access to the safe.
If you work in an industry that requires tight security or if you’re simply paranoid about someone snooping into your conversations, you can probably see why E2EE could be helpful.
Note that all participants must have the End-to-End Encryption setting enabled to join an end-to-end encrypted meeting. If you’d like to learn more about how this kind of encryption works and why it’s so secure, I highly recommend watching this video.
How to Turn On End-to-End Encryption (E2EE)
Open the zoom.us/profile/setting page in a web browser and sign-in with your Zoom account. Then, under the ‘Meeting’ tab on the account settings page, scroll down until you see the ‘Allow use of end-to-end encryption’ option. Click on the toggle switch next to it to enable E2EE for Zoom meetings.
Zoom will ask you to verify your identity by verifying your phone number. Enter your phone number, verify the captcha, and then click ‘Send Verification Code’.
On the next window, enter the 6-digit code that was sent to your number and click ‘Verify’.
After verifying your phone number, click the circle next to ‘End-to-end encryption’ under the ‘Default encryption type’ section.
That’s it. End-to-end encryption is now nabled for your account. Unfortunately, there isn’t a way to enable E2EE on mobile for now.
How to Verify End-to-End Encryption in a Zoom Meeting
To check that a Zoom meeting is using end-to-end encryption, look for the green shield symbol with a black padlock in the upper left corner of the screen in an ongoing meeting and click on it.
On the box that appears, click the ‘Verify’ link next to the ‘Encryption’ info.
You should now see a bunch of numbers. These numbers should be the same for all participants. As a participant, you can read out those numbers or post them in the chat section and request other participants to verify that they see the same numbers as well.
If all participants have the same numbers, then you can rest assured that your meeting is end-to-end encrypted. Nobody can listen in on your conversations.