[Stock photo stolen from TechCrunch]
Recently you may have heard about Zoom’s security issues. They are true. Zoom’s video calls are not secure, they are not fully encrypted. But the bigger truth is, neither the others!—except Apple’s FaceTime.
One-to-one video calls are secure on a few platforms (like Signal). But group video calls are difficult to encrypt end-to-end (E2E). Often it is not just about the will of the service provider, it is also a technology limitation.
If you know the concept of E2E, it is not supposed to reveal absolutely anything on the way to and from the recipients of data, not even to the servers—now think how group video calls are managed by an app, it zooms in or highlights the person who is talking, right?—it means the “server knows” who is talking!—hence it is most certainly not an E2E technology, and for the same reason, it is difficult to make a group video calls E2E in general, as the server needs to know who is talking when to organise the video streams and bandwidth allocation. In most cases there may be Transfer Layer Security (TLS/HTTPS) enforced, that encrypts the calls on the way to and from the servers, but the server itself can listen, record, archive the calls as open unencrypted videos, and most probably you have already given the consent for recording and also automated transcribing by clicking some “I agree” jargons that nobody reads. And those recordings can be subpoenaed by the government agencies depending on your local laws.
Now how to know if your conversation is secure:
—Is it a group video call? Then assume by default that it is not secure, and you should be careful about what you are saying. It does not matter if you are on Zoom, Google Meet, Facebook Messenger, WhatsApp, Skype, Viber, StreamYard etc.—nothing, nobody has E2E security on group video calls (except FaceTime).
An open-source platform called Jitsi is now gaining traction, you can use their Jitsi Meet platform for group video calls (still not fully encrypted, but they are testing E2E option for group calls). Good thing about Jitsi is calls on their platform is often routed peer to peer avoiding a central server. Jitsi can be also scaled and hosted independently in your own server, which makes it more secure by eliminating the issue of trusting third party servers for storing and routing video calls.
The bottomline for everyday practice, remember, group video calls are not secure in general; it does not matter which platform you are using.
