[t0mas88]

And another case of lying in marketing: "A security white paper from the company claims that Zoom meetings are protected using 256-bit AES keys, but the Citizen Lab researchers confirmed the keys in use are actually only 128-bit."

How do they keep doing this? Do they just put whatever sells best in the documents and implement something else? First the end2end thing, now 128 instead of 256 bits. How many more are we going to find in the coming days?

[lozenge]

"We never meant to mislead people but we realise we don't use the terminology in the way it is normally understood. We added up the keys on both sides of the conversation to reach 256 bits." Is probably what they'll say

[netsharc]

"128 bits, each bit can be 0 or 1, there you go, 256 bits!"

[s_dev]

> Do they just put whatever sells best in the documents and implement something else?

Yes.

I've always expected businesses to stretch the truth with their marketing e.g. "Leading Brand of Donut in America", "Award Winning Bread", "Cheapest Gas for 50 miles"

However Zoom are just engaging in straight up false advertising regarding security features. It's not cheeky -- it's wrong.

[HumblyTossed]

> How do they keep doing this?

Hard to say. Could be cultural where sales and engineering butt heads. Could be "sell it first, develop it later so we can beat the market" mentality.

Either way, Zoom is going to go down as either a company that did everything right and won the market or did everything wrong and won the market. Depending on who you talk to.

[luckylion]

Maybe they had GPT-2 write their marketing copy, starting with "A secure video conferencing service" and just ran with whatever that produced.

[president]

> Do they just put whatever sells best in the documents and implement something else?

I've worked 10+ years in Silicon Valley and the motto "it is better to beg forgiveness than ask for permission" really does ring true. This manifests at all levels from ICs and up the chain of leadership. People do what gets them their bonus/promotion and everything else be damned. "Acquire the customer and fix the security problem later" was the mindset here.