According to the FTC, Zoom lied to users about end-to-end encryption for years. This is one of the obvious perils of nonfree (proprietary) software: you can’t verify that the software isn’t abusing you, you just have to take their word.
Ars Technica has reported that Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.
“Since at least 2016, Zoom misled users by touting that it offered ‘end-to-end, 256-bit encryption’ to secure users’ communications, when in fact it provided a lower level of security,” the FTC said in the announcement of its complaint against Zoom and the tentative settlement.
Despite promising end-to-end encryption, the FTC said that “Zoom maintained the cryptographic keys that could allow Zoom to access the content of its customers’ meetings, and secured its Zoom Meetings, in part, with a lower level of encryption than promised.”