In a blog post CEO Eric Yuan said that users would have to provide identifying information such as phone number verification via text in order to receive E2EE as an add-on. The company hopes verifying users will help to stop unlawful activities being performed on its service, saying:
“Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”
Zoom has had to perform some PR gymnastics to appease the backlash it received when Yuan said he didn’t want to give free users E2EE because they might be using Zoom for unlawful activities and he wanted to ensure Zoom could give the data to law enforcement. Yikes.
Popular services iMessage and WhatsApp have E2EE as a default, but Facebook Messenger does not. It’s a contentious subject championed by security circles but often left out by messaging services who provide a backdoor to law enforcement or use the (hopefully anonymised) data themselves.
All said, Zoom has rightly received criticism for the recent flip-flopping of its messaging and contradictory statements and the way it has slowly reacted to its almighty surge in usage.