Zoom, the most widely used video calling platform in the world, has been charged by the Federal Trade Commission (FTC) of the United States of deceiving users for years, something that the company has recognized and, after reaching an agreement with the FTC, ensures that it will not perform again.

Zoom has reached an agreement with the FTC by which it agrees to be audited periodically and not to hide information from users again

There are several practices that Zoom has been carrying out and that, according to the FTC, they were a real deception for its users. One of them dates back to 2016. According to the agency, since then, Zoom assured users that video calls had end-to-end 256-bit encryption, but the FTC has questioned this.

According to a release issued by the federal regulator of the United States, the level of security did not correspond to what was offered, because the encryption keys were hosted on the company’s own servers and were not kept on the users’ computers, leaving them vulnerable and accessible to anyone.

Zoom maintained this security system for years, until in April of this year it improved the security of paying users’ accounts. However, as free users are more unprotected and this generates numerous criticisms, Zoom has had no choice but to extend security to all users, implementing end-to-end encryption for all but not by default. This is not without controversy either because if it is activated up to nine functions can be lost, something that Zoom is trying to fix.

But this is not the only one accusation facing Zoom. According to the app, when a user saves video calls in the cloud, they are immediately encrypted. However, the federal regulator has stated that some videos are stored in the cloud without any type of encryption and remain up to 60 days without security, until they are stored safely by Zoom.

On the other hand, the FTC also points out that Zoom installed its ZoomOpener web server in the desktop version for MacOS X without users knowing it as part of an update carried out in July 2018. This installation secretly allowed the application to it will run automatically, allowing Mac users to access video conference rooms without having to go through Safari’s security levels, thus leaving them without antimalware protection.

Following these complaints, the FTC and Zoom have reached a agreement whereby the company undertakes to be audited by security experts before carrying out any type of update to its platform and also to receive annual inspections on internal or external security risk issues.

Under this agreement, the company must also implement vulnerability management programs, tools to eliminate data, safeguard information and prevent the identity theft of users. Lastly, Zoom agrees not to lie about its features and updates again, assuming it will be audited for these issues every two years.

