Zoom will limit censorship on its architecture in a few days

Zoom will deploy end-to-end encryption, but not for everyone Cybersecurity

Zoom will no longer accept Beijing’s demands. After being asked to remove the account of a human rights activist by the Chinese regime last week, the videoconferencing platform is now seeking to establish a system to limit the ramifications of the laws to the jurisdictions that create them. In a blog post, the platform said it will publish “in the coming days” a new architecture that will allow it to restrict bans based on geographic area.

“This will allow us to comply with requests from local authorities when they determine that activity on our platform is illegal within their borders, but also to protect these conversations for participants outside those borders, where the ‘activity is authorized,’ explains the company’s headquarters, which regrets not having planned such a system before.

Beijing’s demands could therefore backfire. “In the future, Zoom will not allow the demands of the Chinese government to have an impact on anyone outside mainland China,” said Zoom management.

Limits to the protection of privacy

Remember that the company has however put (paid) limits on this protection of privacy. The platform has indeed recently announced that meetings would be encrypted from start to finish only for paying customers, CEO Eric Yuan having said that he wanted the possibility of intercepting the free level to allow him to work with the forces of the American order.

“Although we never intended to deceive any of our customers, we recognize that there is a discrepancy between the commonly accepted definition of end-to-end encryption and the way we use it,” had then declared the company.

Pinned by the Canadian research group Citizen Lab for having set up its own encryption system as part of a personalized extension of the transport protocol in real time, the company has had to carry out a mea culpa in recent weeks. “We recognize that we can do better with our encryption design. Because of the unique needs of our platform, our goal is to use best encryption practices to provide maximum security, while covering the wide range of use cases that we support, “said its CEO.

Zoom denies any vulnerability

The Citizen Lab also found that the application provided encryption keys from servers in China to participants outside the Middle Empire. “A company that caters mainly to North American customers and that sometimes distributes encryption keys via servers in China is of potential concern, given that Zoom may be legally obliged to disclose these keys to Chinese authorities,” said the report.

Last year, the company was also faulted for using a local web server on Mac instances to avoid an additional click to users. This server was found to contain a remote code execution vulnerability. When the problem was discovered, Zoom defended the use of the web server, telling ZDNet that it was a “legitimate solution to a bad user experience, allowing our users to have transparent meetings in one one click, which is our main product differentiator ”.

The following day, Zoom announced that it would return to the support of its local web server in a patch, explaining to ZDNet that previously its change of course was in response to customer feedback, not security concerns. “There has never been an identified remote code execution vulnerability,” the company said at the time.

Source: ZDNet.com

Source: www.zdnet.fr

Rate article
Add comment