Zoom has gone from startup to verb in record time, by now the de facto video call service for work-from-home meetings and cross-country happy hours alike. But while there was already plenty you could do to keep your Zoom sessions private and secure, the startup has until now lacked the most important ingredient in a truly safe online interaction: end-to-end encryption. Here’s how to use it, now that you can, and why in many cases you may not actually want to.
It’s been a long road to get here. This spring, as Zoom rode the pandemic to video call ubiquity, close observers noticed that the company was calling a feature “end-to-end encrypted” when in fact it was not. Data could be encrypted, yes, but lacked the critical “end-to-end” part, which means that no one—not Zoom, not hackers, not government snoops—can access it as it travels from one user to the other. It’s the difference between your landlord keeping a key to your apartment and being able to change the locks yourself: not the end of the world in either case, but you’d want to know for sure. Especially if you don’t trust your landlord.
You likely already use end-to-end encryption in some form or another. It’s on by default for iMessage and WhatsApp, a staple of encrypted messaging platforms like Signal, and an optional feature in Facebook Messenger. For video chat, your options are more sparse. Apple offers it for up to 32 participants on FaceTime, while WhatsApp allows up to eight people at a time. Signal can manage only one-on-one encrypted calls at the moment. Suffice to say, it’s a hard thing to get right.
And so Zoom went on a spending spree, bringing on high-profile consultants from the world of cryptography and buying up Keybase, a company that specializes in end-to-end encryption. The result of that flurry: Zoom finally delivered on its security promises at the end of October.
What Zoom launched is actually a 30-day technical preview; the company will continue to refine the offering through next year. But even in its early days, it offers a significant upgrade in protection for those who need it most.
A Few Limitations
There are a few caveats before deciding whether you want to fully end-to-end encrypt your Zoom calls. First is that Zoom meetings are encrypted by default regardless, just not end-to-end. Which is to say, they’re likely safe enough for most people most of the time. You should absolutely flip the switch for sensitive conversations, but otherwise, as you’ll see in a minute, it may be more trouble than it’s worth in a lot of instances. Also remember that encryption isn’t magic; the people that you’re talking to could still share whatever you say. And if any of your devices are compromised, well, you’re out of luck.
Turning on end-to-end encryption comes with various inconveniences. When you have it enabled, all call participants need to call in from either the Zoom desktop or mobile apps—not a browser—or a Zoom Room. (That also means no telephone participants.) Features like cloud recording, live transcription, breakout rooms, polling, one-on-one chat, and meeting reactions aren’t compatible with end-to-end encryption, and no one can join the meeting before the host does.
You also need a Zoom account to enable it, which, fair enough. But while Zoom has relented on its previous stipulation that only paying customers could access end-to-end encryption, free accounts still need a valid phone number and billing option to take advantage, which Zoom has said helps prevent abuse of the feature.
Turn on End-to-End Encryption
So! With all of that out of the way, here’s how to actually use Zoom’s end-to-end encryption, if it’s right for you. It’s a little different depending on whether you’re doing so for yourself, for a group, or for all the users in an account that you administer. The good news is, the directions are the same regardless of whether you’re on iOS, Android, or the desktop client.
For individual users, go ahead and sign into your account on the Zoom web portal. Click Settings in the navigation panel, then Meeting. Under Security, toggle Allow use of end-to-end encryption to on. It’ll ask you to verify your choice; click Turn On when it does. (If all of this is grayed out, your admin has disabled the feature, sorry!) Then back under Security you can choose your default encryption level. Again, what Zoom calls Enhanced Encryption is fine in most cases—you’ll still be able to make specific calls end-to-end encrypted—but go with End-to-end Encryption if you’re especially scared of snoops.
If you’re the admin of a group or oversee an account with multiple users, the process is the same, but you’ll see a few additional options letting you lock everyone into the settings of your choosing.
Even after all of that, remember that everyone on your call needs to have end-to-end encryption enabled for the feature to work! You can confirm that you’re locked in by looking for a green shield in the upper-left corner of the screen.
And that’s it! Zoom says the next phase for its end-to-end encryption offering will include better identity management and compatibility with single sign-on services, but there’s no need to wait around for those when you can start securing your meetings today.