I would always choose to use Signal over Zoom when I have a choice. However, I’m involved in a group that is going to be using Zoom for its meetings. I don’t think that I’m going to be able to convince them to use Signal, but I think that I will be able to convince them to enable E2EE in Zoom. How bad is this for privacy?
It seems to me that with E2EE enabled, Zoom will still get all of the metadata (e.g. who’s joined the meeting remotely). I have a Zoom account that I created a while ago with an anonymous email account. I almost never use it, so hopefully Zoom won’t know that it’s me.
I already send emails to other people in this group. Although I use ProtonMail, most of them use GMail so Google already knows that I communicate with these people and has all of these email conversations. This seems much worse to me than joining a Zoom call with E2EE. I feel like I’m not giving up much more privacy with the Zoom calls than I’ve already given up with emails.
…but maybe I’m missing something. Please let me know.
If it’s E2EE then you should be fine. Apparently they offer post-quantum encryption on some of their clients so you can maybe look and make sure everyone meets those requirements. But yeah I think for video calls, PQ E2EE is about as good as you’re going to get anywhere else.
I can’t find anything about them explicitly protecting metadata so I think it’s safe to assume they’ll know which accounts are talking to each other and when etc. But the content of your convos will be safe.
Yes, I remember when they upgraded their encryption a while back, they were being reactive rather than proactive, so it is difficult to treat their current solution as forward-thinking and/or robust.
Thanks everyone for your replies. Based on your feedback, I was feeling more comfortable with Zoom + E2EE. I went to test this out today. I installed Zoom from the Aurora store under a separate profile on my GOS phone.
I started noticing that Zoom has a lot of AI features now (surprise!). Now I’m wondering whether the AI is a privacy workaround for Zoom. In other words, it doesn’t matter if we have E2EE if our Zoom app, or another meeting participant’s Zoom app, feeds the decrypted data back to an AI in the cloud afterwards. I’m back to feeling uncomfortable.
It looks like you can control whether the AI features are allowed in a meeting:
Meeting hosts can manage AI Companion features in their Zoom meetings. Hosts can configure these capabilities in their user settings before meetings, and choose whether or not to use them in Zoom Meetings.
So if you’re the meeting host it shouldn’t be an issue really. I haven’t really used Zoom before though so you’ll have to look into it I suppose.