Zoom is getting its biggest missing feature

How to join a zoom meeting
(Image credit: Zoom)

In a surprise announcement, Zoom CEO Eric S. Yuan disclosed today (May 7) that his company was buying Keybase, a small New York-based startup that provides encrypted messaging, file-sharing and file-storage services.

"We are excited to integrate Keybase's team into the Zoom family to help us build end-to-end encryption that can reach current Zoom scalability," Yuan said in a Zoom blog post.

Keybase's technology will let Zoom quickly deploy true end-to-end encryption for its paying clients, following the rather embarrassing revelation at the end of March that Zoom's home-baked "end-to-end encryption" was nothing of the sort.

When the Keybase end-to-end encryption is in place, Zoom meetings whose hosts have chosen to enable the feature will have their content visible only to meeting participants. Zoom itself will have no access to the contents. 

Meeting participants will not be able to join by phone, as phone calls cannot be properly encrypted. Meeting hosts will not be able to record the meetings and save the recordings to Zoom's cloud servers, although everyone participating in the meeting will still be able to capture the video on their devices.

"We believe this will provide equivalent or better security than existing consumer end-to-end encrypted messaging platforms, but with the video quality and scale that has made Zoom the choice of over 300 million daily meeting participants, including those at some of the world's largest enterprises," Yuan wrote.

Zoom end-to-end encryption

The end-to-end encryption will not be an option for users of the free Zoom service, so unfortunately, you won't be able to fully encrypt your cousin's Zoom birthday party.

Currently, Zoom meeting content is encrypted from the client end (i.e., you) to the server end (i.e., Zoom). Zoom servers can see the content if they have to, and they do have to if anyone joins in from a phone. Zoom had referred to this setup as end-to-end encryption, but everyone else in the technology world disagreed. 

The standard definition of end-to-end encryption is where only people on the client ends (you and whoever you're communicating with) can see the content of the messages, while the intermediary servers can't. 

Apple, Signal, WhatsApp and many other services use true end-to-end encryption in their messaging technology, much to the frustration of law enforcement and governments around the world who complain of private communications "going dark."

Keybase has about 25 employees, according to CNBC, and was founded in 2014. Terms of the Zoom acquisition were not made public.

Who is Keybase?

Keybase started off as a key repository, distributing the public keys necessary for people to use public-key cryptography. It then branched out into offering desktop and mobile software so that people could easily use that encryption standard.

Not to get too deep into the weeds, but if you want to communicate securely with someone using public-key cryptography, aka asymmetric cryptography, you've got to know their public key first. 

Your web browser uses public-key cryptography every day when it establishes secure communications with websites. Keybase figured out a way to tie distribution of individual users' public keys to social-media accounts in a way that we don't completely understand.

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.