Support for end-to-end encryption declared by Zoom video conferencing service marketing ploy. In fact, the control information was transmitted using conventional TLS encryption between the client and the server (as when using HTTPS), and the video and audio stream broadcast over UDP was encrypted using the AES 256 symmetric cipher, the key for which was transmitted within the TLS session.
End-to-end encryption involves client-side encryption and decryption, so that the server receives already encrypted data that only the client can decrypt. In the case of Zoom, encryption was used for the communication channel, and on the server, the data was processed in the clear, and Zoom employees could access the transmitted data. Representatives of Zoom explained that end-to-end encryption meant encryption of traffic transmitted between its servers.
In addition, Zoom was accused of violating California data privacy laws by sharing analytics data with Facebook even if the user did not use a Facebook account to connect to Zoom. Due to the transition to working from home during the SARS-CoV-2 coronavirus pandemic, many companies and government agencies, including the UK government, have switched to meeting using Zoom. End-to-end encryption has been touted as one of the key features of Zoom, which has contributed to the popularity of the service.
Source: opennet.ru