[cbsmith]

I don't know that Zoom is really going out of its way to obscure that it is not E2E. I never for a second thought they were doing E2E when I enabled the encryption. It was very clear from how the features was described that you got TLS to Zoom's servers, not E2E.

[berkes]

They literally call it "an end to end encrypted connection" and "secure with end to end encryption".

How is this "clear" that it is not E2E?

[cbsmith]

Because I live in a world where that term is pretty ambiguous because they aren't security experts.

[thoraway1010]

Right - if you have used signal - I have - zoom is obviously not that. The pain to do call mixing, call recording, join a call late and do playback, join a call at all - does E2E even work in telehealth? I do virtual visits in the US and it doesn't look at all E2E to me.

[pthatcherg]

As far as I know, there's nothing special about telehealth that prevents it from using e2e encryption.

[thoraway1010]

The telehealth platforms I see are terminating through the health provider itself. It does the call setup, conference setup if needed, waiting room for prior call to end, if you send a photo it can be saved to your record etc.

If this is e2e to the physicians home, how does the telehealth system do all these add in functions?

At least in the US, the requirement have been understand to use secure transport everywhere. Folks keep on saying HIPPA requires e2e but I've literally not seen anything that looks like that out there in the actual market for this - the enterprise paying the big bucks usually wants features that are incompatible with e2e as far as I can tell.

[cbsmith]

You mean, other than requirements that service provides track & preserve an audit trail for all data. ;-)

I believe this is a similar problem with financial trading systems with ETS.