Zoom is a video-communications platform which has become increasingly popular in the times of the pandemic.
The company recently acquired Keybase in order to step up its privacy and security as many issues were reported off late including hacking.This is a part of Zoom’s 90-day plan to “further” strengthen the security of our video communications platform as stated on their recent blog post.
Keybase is a 25-person startup specializing in encrypted message and file-sharing. It was founded in 2014 by Max Krohn and Chris Coyne, using their application design skills and security knowledge to build a public-key encryption solution.
It is a key directory that maps social media identities to encryption keys such as PGP keys in a publicly verifiable manner. Additionally it offers an end-to-end encrypted chat and cloud storage system, called Keybase Chat and the Keybase Filesystem respectively.
I have discussed the privacy & security issues with zoom video calls in this article.
Zoom ran into trouble when it was revealed that its marketing materials falsely claimed Zoom video calls use end-to-end encryption. The reality is that calls are encrypted, but the flaw is how Zoom Systems keys are generated and stored on the company’s servers.This means that the company theoretically has the power to decrypt your video sessions, or transfer the keys to someone else, like a government authority. Zoom was also accused of selling 500,000 user’s data on the dark web.
Zoom is creating an end-to-end system that will generate the encryption keys to video conferences from the meeting host’s computer — not from a company server as discussed above.
The company stated in its announcement:-
“This key will be distributed between clients, enveloped with the asymmetric keypairs and rotated when there are significant changes to the list of attendees,the cryptographic secrets will be under the control of the host, and the host’s client software will decide what devices are allowed to receive meeting keys, and thereby join the meeting.”
Zoom will be implementing this with the help of Keybase’s experience in the field of privacy and security.
The company’s proposed end-to-end encryption does have a few limitations-These end-to-end encrypted meetings will not support phone bridges, cloud recording, or non-Zoom conference room systems. Zoom Rooms and Zoom Phone participants will be able to attend if explicitly allowed by the host. Encryption keys will be tightly controlled by the host, who will admit attendees.
With a large user traffic coming from phones, Zoom must look at implementing this as well, otherwise data of many users would still be compromised.
The future of Keybase services like secure file storing and messaging now lies in the hand of Zoom after the acquisition of the company.
Keybase has stated:
“Initially, our single top priority is helping to make Zoom even more secure. There are no specific plans for the Keybase app yet. Ultimately Keybase’s future is in Zoom’s hands, and we’ll see where that takes us.”
Most keybase users are not happy with the move and have pointed out to the major privacy issues of the service that have been reported.
Some Keybase users took to twitter and have expressed their displeasure on hearing news of the acquisition:
“This is good for Zoom users, probably. They could use your expertise. But this is awful for Keybase users. Just deleted my account,they have proven time and time again they can’t be trusted for calls, can’t expect me to trust them with a security product.”tweeted one user.
This in no way brings calm to those who’s data has already been exploited on the dark web for prices as low as a penny.