立即打开
Zoom只为付费用户提供高级加密,免费用户面临安全风险

Zoom只为付费用户提供高级加密,免费用户面临安全风险

Robert Hackett 2020-06-05
该公司计划仅为其付费用户保留安全性更高的加密形式。

图片来源:GettyImages

为了赢得消费者的芳心,许多科技界巨头都提供端对端加密,作为一种默认防护措施。这种安全措施可以避免闯入者和潜在的窃听者偷听他人的对话。

近几年,端对端加密已经成为聊天和视频通话应用的标配,所以人们很容易理所应当地认为,这类应用就该采取这种技术。Facebook的WhatsApp、苹果(Apple)的FaceTime和Alphabet的Google Meet等免费产品都支持这种功能,即使这些公司自己也无法查看用户通信的内容。

但Zoom Video Communications却没有采用端对端加密。新冠疫情爆发迫使人们居家隔离,使该公司的视频会议软件爆红。该公司计划仅为其付费用户保留这种安全性更高的加密形式。

上周,路透社最先报道了Zoom公司的这一决定。其CEO袁征在周二召开的投资者盈收电话会议上证实了这一决定。(该公司年收入比分析师的预测高出近一倍,远远超出了金融分析师的预期。)

袁征表示:“我们认为该功能应该属于为企业和专业用户提供的服务。”他补充说,公司不会为免费用户提供这项功能,“因为一旦有人利用Zoom从事不法行为,我们希望配合联邦调查局和地方执法部门的调查。”

进退两难

对于注重隐私的消费者而言,端对端加密当然是福音,但它却是让政府头痛的问题。执法部门认为,从恐怖主义到虐待儿童等案件中,该项技术妨碍了调查人员追查线索和收集证据。

废除端对端加密依旧是司法部的主要工作。美国司法部长威廉•巴尔曾多次抨击苹果不帮助解锁一名恐怖分子的手机,这令人不由想起2016年苹果与FBI的对峙。去年秋天,巴尔与英国和澳大利亚官员联合致信Facebook,要求该公司推迟在所有通信产品中采用端对端加密技术。

端对端加密技术在国会同样是被抨击的目标。美国参议院正在考虑起草《消除对交互式技术的滥用和普遍忽视法案》(EARN IT Act),该法案可能迫使科技公司在其代码中安装“后门”。该项法案的初衷是允许政府获取犯罪嫌疑人的通信记录,但最终可能妨碍对所有人的端对端加密保护。

端对端加密不同于其他加密方式,因为它使用个人设备上存储的加密密钥(实际上就是一个密码)进行数据加密。因为只有参与对话的各方知道解密数据的专门代码,因此除了指定接收人以外,其他人都无法读取信息内容。

在其他人眼中,加密数据就像是天书一样。

缓慢而稳定

Zoom决定只对部分客户提供端对端加密,可以视为是一种妥协。

今年早些时候,该公司因为安全和隐私问题备受批评,当时其CEO袁征承诺暂停所有工程设计业务90天,团队将集中精力解决“信任”问题。一方面,Zoom平衡了对用户的隐私保护;另一方面,它努力让自己站在监管人员的一边。

在业务飞速增长的同时,Zoom也面临着法律上的阻力。联邦贸易委员会已经表示,正在对Zoom在隐私政策方面涉嫌误导用户的行为展开调查。Zoom的服务已经因为虐待儿童问题摊上了联邦官司;《纽约时报》最近有关该案的调查报告中引用了一位联邦检察官在法院的结案陈词,这位检察官形容Zoom的服务是“儿童色情领域的奈飞”。

只对付费用户提供端对端加密,使他们可以为享受最强大的隐私保护设置。通过这样做,Zoom保证可以留住这些用户,免费用户则将面临更大的风险。这一决定的另外一项好处是,可以鼓励个人和企业用户使用付费产品,推动Zoom的业务继续飞速发展。

加密通信应用Keybase的联合创始人马克思•克罗恩在代码共享网站GitHub上发表了一篇文章。文章中写道,未来Zoom将公开征求意见,继续“完善”其加密计划。Keybase最近被Zoom收购,但交易金额未对外披露。

有人可能将Zoom的决定解释为默认提供更低的安全保护。但这样做能提升业务,免于遭到监管人员的调查,还能保证公司对于滥用其平台但没有给其带来任何好处的用户有所动作。正如美国公民自由联盟的技术人员乔恩•卡拉斯告诉路透社,Zoom的策略似乎是一种合理的方法,可以“摆脱无赖”和“真正做出可怕行径”的人。(财富中文网)

翻译:刘进龙

审校:汪皓

为了赢得消费者的芳心,许多科技界巨头都提供端对端加密,作为一种默认防护措施。这种安全措施可以避免闯入者和潜在的窃听者偷听他人的对话。

近几年,端对端加密已经成为聊天和视频通话应用的标配,所以人们很容易理所应当地认为,这类应用就该采取这种技术。Facebook的WhatsApp、苹果(Apple)的FaceTime和Alphabet的Google Meet等免费产品都支持这种功能,即使这些公司自己也无法查看用户通信的内容。

但Zoom Video Communications却没有采用端对端加密。新冠疫情爆发迫使人们居家隔离,使该公司的视频会议软件爆红。该公司计划仅为其付费用户保留这种安全性更高的加密形式。

上周,路透社最先报道了Zoom公司的这一决定。其CEO袁征在周二召开的投资者盈收电话会议上证实了这一决定。(该公司年收入比分析师的预测高出近一倍,远远超出了金融分析师的预期。)

袁征表示:“我们认为该功能应该属于为企业和专业用户提供的服务。”他补充说,公司不会为免费用户提供这项功能,“因为一旦有人利用Zoom从事不法行为,我们希望配合联邦调查局和地方执法部门的调查。”

进退两难

对于注重隐私的消费者而言,端对端加密当然是福音,但它却是让政府头痛的问题。执法部门认为,从恐怖主义到虐待儿童等案件中,该项技术妨碍了调查人员追查线索和收集证据。

废除端对端加密依旧是司法部的主要工作。美国司法部长威廉•巴尔曾多次抨击苹果不帮助解锁一名恐怖分子的手机,这令人不由想起2016年苹果与FBI的对峙。去年秋天,巴尔与英国和澳大利亚官员联合致信Facebook,要求该公司推迟在所有通信产品中采用端对端加密技术。

端对端加密技术在国会同样是被抨击的目标。美国参议院正在考虑起草《消除对交互式技术的滥用和普遍忽视法案》(EARN IT Act),该法案可能迫使科技公司在其代码中安装“后门”。该项法案的初衷是允许政府获取犯罪嫌疑人的通信记录,但最终可能妨碍对所有人的端对端加密保护。

端对端加密不同于其他加密方式,因为它使用个人设备上存储的加密密钥(实际上就是一个密码)进行数据加密。因为只有参与对话的各方知道解密数据的专门代码,因此除了指定接收人以外,其他人都无法读取信息内容。

在其他人眼中,加密数据就像是天书一样。

缓慢而稳定

Zoom决定只对部分客户提供端对端加密,可以视为是一种妥协。

今年早些时候,该公司因为安全和隐私问题备受批评,当时其CEO袁征承诺暂停所有工程设计业务90天,团队将集中精力解决“信任”问题。一方面,Zoom平衡了对用户的隐私保护;另一方面,它努力让自己站在监管人员的一边。

在业务飞速增长的同时,Zoom也面临着法律上的阻力。联邦贸易委员会已经表示,正在对Zoom在隐私政策方面涉嫌误导用户的行为展开调查。Zoom的服务已经因为虐待儿童问题摊上了联邦官司;《纽约时报》最近有关该案的调查报告中引用了一位联邦检察官在法院的结案陈词,这位检察官形容Zoom的服务是“儿童色情领域的奈飞”。

只对付费用户提供端对端加密,使他们可以为享受最强大的隐私保护设置。通过这样做,Zoom保证可以留住这些用户,免费用户则将面临更大的风险。这一决定的另外一项好处是,可以鼓励个人和企业用户使用付费产品,推动Zoom的业务继续飞速发展。

加密通信应用Keybase的联合创始人马克思•克罗恩在代码共享网站GitHub上发表了一篇文章。文章中写道,未来Zoom将公开征求意见,继续“完善”其加密计划。Keybase最近被Zoom收购,但交易金额未对外披露。

有人可能将Zoom的决定解释为默认提供更低的安全保护。但这样做能提升业务,免于遭到监管人员的调查,还能保证公司对于滥用其平台但没有给其带来任何好处的用户有所动作。正如美国公民自由联盟的技术人员乔恩•卡拉斯告诉路透社,Zoom的策略似乎是一种合理的方法,可以“摆脱无赖”和“真正做出可怕行径”的人。(财富中文网)

翻译:刘进龙

审校:汪皓

In the contest to win over consumers, many tech giants have taken to offering end-to-end encryption as a default safeguard. The security measure helps prevent interlopers and would-be eavesdroppers from snooping on people’s conversations.

End-to-end encryption has become such a fixture of chat and video-calling apps in recent years that it can easily be taken for granted. Free products such as Facebook’s WhatsApp, Apple’s FaceTime, and Alphabet’s Google Meet all support the feature, which prevents even the companies themselves from scrutinizing the contents of users’ communications.

Not so at Zoom Video Communications. The company, whose videoconferencing software became ultra-popular as the coronavirus pandemic started forcing people to shelter at home, plans to reserve the heightened form of encryption solely for its paying customers.

Eric Yuan, Zoom’s CEO, confirmed the decision, first reported by Reuters last week, in an earnings call with investors Tuesday. (The company blew financial analysts’ expectations out of the water, nearly doubling its annual revenue forecast.)

“We think this feature should be a part of our offering” for business and professional customers, Yuan said. He added that the company doesn’t plan to offer free users the same luxury, “because we also want to work together with the FBI, with local law enforcement, in case some people use Zoom for a bad purpose.”

Stuck in the middle

While end-to-end encryption can be a boon for privacy-conscious consumers, it can be a headache for governments. Law enforcement argues that the technology prevents investigators from following leads and collecting evidence in cases ranging from terrorism to child abuse.

Quashing end-to-end encryption remains a high priority for the Justice Department. U.S. Attorney General William Barr has repeatedly blasted Apple for failing to help unlock the phone of a terrorist—a confrontation that calls to mind the Apple vs. FBI fight of 2016. In the fall, Barr cosigned a letter with peers in the U.K. and Australia asking Facebook to delay its rollout of end-to-end encryption across all its messaging products.

The encryption technology is under fire in Congress too. The Senate is currently entertaining a bill, called the EARN IT Act, which could force tech companies to install “backdoors” in their code. The proposed law is designed to allow the government to gain access to suspected criminals’ communications, but it could end up thwarting end-to-end encryption protections for everyone.

End-to-end encryption differs from other forms of encryption in that it encrypts data using a secret cryptographic key, essentially a password, stored on a person’s personal device. Since only the parties privy to a conversation have the special codes required to decipher the data, no one but the intended recipients can read the contents of messages.

For everyone else, the encrypted data looks like gobbledygook.

Slow and steady

Zoom’s decision to enable end-to-end encryption for some, but not all, customers can be interpreted as a compromise.

When the company was under fire for security and privacy lapses earlier this year (Zoombombing, anyone?), CEO Yuan promised to pause all other engineering work for 90 days while his team concentrated on fixing the “trust” issues. On the one hand, Zoom had to balance the privacy of its users; on the other, it sought to remain on the right side of regulators.

For all Zoom’s zoomph, the company faces legal headwinds. Already, the Federal Trade Commission has indicated that it is probing Zoom for potentially misleading people about its privacy. And Zoom’s service has also appeared in federal lawsuits concerning child abuse; one federal prosecutor, who was quoted in a recent New York Times investigation, described the service as “the Netflix of child pornography” in a closing argument at court.

By rolling out end-to-end encryption for only paying customers, Zoom assures that it can maintain records on people who enjoy the strongest privacy settings. The move, which leaves freeloaders more exposed, has the added benefit of encouraging people and businesses to shift to the paid product, bolstering Zoom’s rocketing business.

Max Krohn, cofounder of Keybase, an encrypted messaging app that was recently snatched up by Zoom for an undisclosed amount, said in a paper posted to the code-sharing site GitHub that the company would seek public comment and continue to “refine” its encryption plan over time.

One could interpret Zoom’s decision as offering weaker security by default. But it also boosts the business, potentially keeps regulators at bay, and provides cover that the company is doing something about abusive users of its platform from whom it had nothing to gain. As Jon Callas, a technology fellow at the American Civil Liberties Union, told Reuters, the strategy seems to be a reasonable way for Zoom “to get rid of the riffraff” and the people who do “real horrible stuff.”

热读文章
热门视频
扫描二维码下载财富APP