Really? I see it the opposite way. Considering they already got in trouble once for claiming they were E2E when they really weren't, why would they risk having the same thing happen again unless they're actually intending to do it right this time?
If they were to get caught a second time not actually doing E2E, the fallout would be considerably worse than the first time. Especially since the first time they explained it away as an accidental misuse of the term rather than actually trying to pull a fast one--when I do tend to believe.
Unless I'm mistaken, in a way they were caught a second time, since their web site was not updated to make clear their E2E offerings.
Either way, I saw no ill effects for them for being caught on either occasion. Zoom is now effectively defacto and I have heard almost nobody refusing to participate in Zoom's services because of their reputation - bar technical forums such as these.
> why would they risk having the same thing happen again unless they're actually intending to do it right this time?
Why would they continue to claim their solution was E2E encrypted after already admitting it's not?
Zoom doesn't care about security. They care about marketing. And customers aren't willing to hold them to task for their BS.
I work for a US defense contractor who uses their infernal software - specifically for export restricted communication no less! Apparently it's very easy to get FedRAMP authorization[0].
Zoom has no reason to care about security because their customers clearly don't care. E2E encryption is just another marketing bullet for their website. There wont be another backlash because everyone who cares already abandoned the platform.
Enabling E2E doesn't stop them from sharing the key with 3rd parties.
It allows to tick a feature for users, and effectively make harder to spy a conversation if you don't have the key, but that doesn't protect you more if your adversaries are Zoom partners.
If they were to get caught a second time not actually doing E2E, the fallout would be considerably worse than the first time. Especially since the first time they explained it away as an accidental misuse of the term rather than actually trying to pull a fast one--when I do tend to believe.