Hacker News new | ask | show | jobs
by Justsignedup 2256 days ago
and this is why product over security always wins.

there's mob mentality right now, but zoom got a TON of customers, and now is gonna have proof of end-to-end encryption in a couple of months.

boom.

zoom wins.

honestly just don't talk on zoom about something highly secretive such as ... idk... something a government is interested in as that isn't currently secure, other than that, don't sweat it.
3 comments
larkost 2256 days ago
They are very unlikely to have end-to-end security in a couple of months, for the same reason few (if any) of their competitors have it: it is really bandwidth intensive to send full-resolution video of every participant to every other participant. So everyone sends low-res for most participants, and at most one high-resolution stream. To do this you have to be able to make low-resolution streams out of the high-resolution one people are sending you (to pass along to others). That means you have to terminate encryption on the server side. Once you have done that you are no longer "end-to-end". This is just the state of things.

This is a valid tradeoff for most things, but the real problem here is that Zoom claimed (and continues to claim) "end-to-end encryption", while not providing it. That is a lie, and people naturally wonder what else you are lying about.

link
viraptor 2256 days ago
You can also send two streams (high and low quality) from each client and make other clients request the right one from the server. Yes, it's slightly more bandwidth than before and now complexity. No, it doesn't require full mesh of connections to be E2E.
link
sandov 2256 days ago
And don't install the Zoom app on a computer where you store secretive data, such as medical information, private keys, passwords, credit card data or anything that you don't want the government or cyber-criminals to know.

Doesn't sound as easy now.

link
upofadown 2256 days ago
There is some evidence that they have a form of useless end to end encryption now. Since hardly anyone knows what the prerequisites are for useful e2ee they can probably make the announcement whenever they want.
link