[cblades]

Do the other common solutions claim to have e2e encryption?

[Wowfunhappy]

Yeah. The problem here is that Zoom lied about it.

And, like, why? Sure, if no one ever caught them, e2e could be a reason to choose Zoom—but it's like lying on a resumé. Which, I guess is also a thing that happens sometimes, but it's generally understood to be a bad idea.

[UncleMeat]

Because it was clearly botched marketing material rather than a coordinated plan. Hypothetical: somebody asked an engineer what kind of encryption Zoom used, the engineer responded somewhat vaguely and the marketing person heard "we encrypt between endpoints" as "end to end encryption" and then nobody noticed when reviewing the text.

[m4r35n357]

Yeah right, oops

[UncleMeat]

Yes it definitely is an "oops". I'm not excusing it, but offering an alternative explanation to the "zoom is evil" thinking.

If zoom was truly trying to market themselves as e2e, why is this only buried in one document rather than shouted from the hills?

[smoothgrammer]

They claim HIPAA compliance due to e2e encryption. That is far from an oops.

They updated their documents since, but last week they had documentation up that said they were HIPAA compliant due to end to end encryption.

[thr0w__4w4y]

Ooops. That sounds like it's going to hurt. If not, it sends the message "Hey, say you're HIPAA compliant, but it doesn't matter if you're not (wink wink)"

I develop electronics and firmware for medical devices, I have (almost) nothing to do with regulations compliance (except to the extent that I'm working on something where there is an intersection, like storage of patient data). But anyway, not a day goes by that I don't hear someone ask, "Is that HIPAA compliant?"

So yeah. Companies that have used Zoom based on that claim are probably going to extract some blood out of Zoom.