The videoconferencing service The zoom was done with Keybase. As announced, they have just acquired the company and will integrate their employees and technologies into the Zoom team. But what does Keybase have to spark Zoom’s interest?
Identity verification in the digital age
Keybase is a free and open source service launched in 2014 with the aim of improving user security. We can define Keybase as a key directory that allows the identity of a person in the digital world. For this, the service associates a PGP key with different profiles on social networks and platforms that we have on the Internet.
Example of a Keybase profile, where identity is verified by three devices, a PGP key and a web page.
Why is this important? Verifying the identity of a person is not easy, let alone on digital platforms. If we want to get in touch with a person, how do we know for sure who they are? Key base in a way collects all possible evidence in one place that a person can help demonstrate that they are who they say they are.
For example, in Keybase we can associate the Twitter profile, the GitHub profile, the Reddit profile or the personal site among others with our PGP key. To do this, for example, you need to post a tweet on Twitter or a post on Reddit with a specific post. On the web page, you will need to add a file to the server. The accumulation of all this evidence makes it easier to believe that a person is who they claim to be since they have hardly been hacked by all the services at their disposal to falsify their identity in Keybase.
In addition to that, Keybase also has its own built-in messaging service. It allows secure communications between individuals and groups with end-to-end encryption. In other words, only the device sending the message and the one receiving it can decrypt it, no intermediary server or even Keybase can. Keybase also allows you to save and share files securely through the same encryption process from beginning to end.
Keybase messaging service.
When two people communicate via Keybase the service verifies all identities to verify that everything is correct. Each of the users’ devices in the database has a unique encryption key, so when sending a message, it is encrypted separately for each user device. This way, if the user loses a device or stops using it while communicating in Keybase, only this encryption key is disabled so that future messages are no longer automatically sent to that device.
Zoom’s strategic refocusing
Zoom has faced a number of privacy and security issues in recent months. This is in particular due to its rapid popularization by global containment. Unwanted practices such as ‘zoombombing’. To face it all, Zoom announced a 90 day plan to improve privacy and security service instead of adding new features. A strategic refocusing which seems to be bearing fruit.
One of the first things they did was add Alex Stamos as security advisor. Alex Stamos is a former employee of Facebook and Yahoo !, where he was in charge of the security department. The integration of Keybase and its technology seems to be the next step.
The objective of Zoom is have an end-to-end encrypted communication channel for your paying users. Currently, the encryption used by Zoom is TLS, which securely sends information to the server and from the server to the other user, but allows the server to access unencrypted audio and video data.
Creating an end-to-end encryption system for a service as large as Zoom that is also based on video calls is no easy task. Between starting the technology from scratch or gain experience from another company, Zoom opted for the latter. Keybase and its team of workers are experienced in end-to-end encryption and some of the technology can be incorporated into the Zoom project. This is indicated by:
“Integrating the Keybase team into the Zoom family will help us create end-to-end encryption that will keep Zoom scalable.”
“The experienced Keybase team will be essential in this part of the mission. “
Finally, should a Keybase user be concerned that the service is now owned by Zoom? In principle, no. The grace of services Open source And the design of Keybase is that you don’t have to worry about who owns the service. In other words, due to the service architecture with end-to-end encryption it is technically impossible for Zoom to access user data. Another different story is that Zoom decides to shut down the service, which is unknown at the moment.
More information | Zoom