It was noted that Zoom was misleading users by claiming end-to-end encryption on its website. “Zoom misled users into a false sense of security. This is not permissible, since the site was used for conferences in which medical and financial companies participated, “ – says the text of the document published by the FTC.

In March, the Zoom developers said that by end-to-end encryption, they meant that during conferences, information transmitted over the cloud is not decrypted by the server. But according to the FTC, Zoom had cryptographic keys that could allow the company or third parties to access user conferences.

“During the pandemic, many families, schools, and businesses are using video conferencing to communicate and work, making the security of these platforms more important than ever,” said Andrew Smith, director of the FTC’s Consumer Protection Bureau. –  Security techniques Zoom does not conform to the declared and a new approach, which we have arrived in our agreement, should make use of the Zoom safer “.

The agency also found that Zoom provided incorrect information to users who used the function of recording and storing conferences. For 60 days after recording, the videos were stored on an unencrypted Zoom server and only then transferred to secure cloud storage. This puts users’ confidential data at serious risk.

Fortunately, on October 26, Zoom received an update that added end-to-end E2E encryption for paid and free users in conferences of up to 200 people. For larger conferences, the company will release an update in the future.