[botto]

Yes, if the keys are held in servers that they have access to then they would be able to decrypt the traffic and see what is happening. The whole point of e2e encryption is that only the 2 parties have the keys, Zoom are abusing this term and making people believe they are doing e2e

[damanamathos]

What makes you think they're abusing the term? Did you read their whitepaper?

https://github.com/zoom/zoom-e2e-whitepaper

[botto]

The whitepaper is fine, it's the comments from Alex Stemos that make me think they are abusing the term.

https://twitter.com/alexstamos/status/1268061792527241216

He did not say they can't monitor calls.

https://twitter.com/alexstamos/status/1268061795572314113

If they can enter the meeting, either they have to get confirmation from the host who would send the keys to the person entering the meeting or they already have the keys and can enter the meeting and decrypt the stream.

[suizi]

Is this before or after their new E2EE plans?

[easterncalculus]

They apparently 'define it differently' to every other company, organization, and infosec professional. This sort of thing used to be called lying, but it's essentially an 'alternative fact' now:

https://www.theverge.com/2020/3/31/21201234/zoom-end-to-end-...

Zoom, however, denies that it’s misleading users. The company told The Intercept, “When we use the phrase ‘End to End’ in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,” and that “content is not decrypted as it transfers across the Zoom cloud.”

Whether the paper is any different is sort of irrelevant if they're starting off from a place of bad faith. One time after another this company has 'accidents' like this, while removing CCP distinguished nonpersons from the platform. A sense of skepticism is certainly justified.