[Cryptography] "Zoom's end-to-end encryption isn't
Ángel
angel at crypto.16bits.net
Fri Apr 3 22:48:09 EDT 2020
On 2020-04-02 at 21:53 -0700, John Denker via cryptography wrote:
> How does jitsi fit into this story?
> https://jitsi.org/
>
> It claims to use ZRTP.
>
> Phil Zimmerman says ZRTP provides end-to-end security.
>
> It's all open source. Has anybody vetted it?
No, the stream is encrypted to the server, but not end-to-end. They
clearly acknowledge this, pointing to a WebRTC limitation, on
https://github.com/jitsi/jitsi-meet#Security
The workaround would be to install your own jitsi instance on a trusted
server.
Just to be clear, Zoom also sells a plan where you have a Zoom server on
premises, they would still view the meeting metadata, but the actual
meeting would be on your local network.
More information about the cryptography
mailing list