· 2 min readsecuritysoftware

Zoom Reverses Course, Will Encrypt Free Calls Too

Zoom says free users will get end-to-end encryption after all, with phone verification required and beta testing starting in July.

Well, that didn’t take long. Yesterday Zoom announced it’s reversing a stance that had privacy advocates up in arms for weeks: end-to-end encryption is coming to free accounts too, not just paying customers.

A quick recap for anyone who missed the controversy. Zoom had said its planned E2E encryption would be a perk reserved for paid subscribers, with free calls sticking to the weaker transport encryption the service has always used. The reasoning at the time was reportedly about wanting to preserve the ability to cooperate with law enforcement when free accounts get used for abuse. Whatever the intent, the optics were bad — a security feature gated behind a paywall, right when Zoom was trying to convince a very large, very newly-remote user base that it took privacy seriously.

The backlash was swift. Security researchers and privacy groups pointed out that free users, including students, community groups, and anyone else who can’t justify a subscription, are often the ones most in need of protection, not less. Charging extra for real encryption looked less like a business model and more like a tell.

What’s actually changing

Now Zoom says free users will get access to E2E encryption as well. The catch: to opt in, you’ll need to verify a phone number. That’s presumably a step to cut down on the platform being used anonymously for abuse or harassment — a reasonable middle ground between “no encryption for free tier” and “no verification at all.”

The feature isn’t live yet. Zoom says it’ll enter beta testing in July, so there’s still runway before any of us can actually flip the switch on a call. Worth remembering that beta usually means rough edges, limited rollout, and probably some feature gaps compared to the standard, non-encrypted mode (things like cloud recording and certain dial-in options tend to not play nice with true E2E setups).

Still, this is a good outcome, and it’s a good example of a company actually listening to criticism instead of digging in. Zoom’s growth this year has been staggering, and with that growth comes scrutiny it clearly wasn’t fully prepared for back in the spring — the Zoombombing incidents, the encryption terminology mess, the various security patches. Walking back a policy that treated privacy as a premium feature is the right call, even if it probably should have been the position from day one.

The open question now is how the phone verification requirement lands with the privacy crowd. Requiring a phone number is a real piece of identifying information, and some of the same people cheering this reversal are the ones who tend to be wary of mandatory phone verification schemes generally. It’s a tradeoff, not a total win, but compared to where things stood a few weeks ago, it’s a meaningful step. I’ll be curious to see how the July beta actually holds up once people can poke at it.

Related posts

On this day in other years

Latest on Daily Signal

All posts →