The paper’s ideas are not yet implemented. Right now, it’s encrypted to whatever keys Zoom likes, including the PRC’s. Same system as Apple’s or Google’s
OK, but if we were to take this stance it than literally the whole thread is pointless debate, right? It started with this:
> Zoom CEO Eric Yuan said in early June that the company has chosen not to encrypt free calls in order to cooperate with law enforcement.
The entire debate is about the not-yet-implemented E2E encryption (that's where Zoom "does not encrypt free calls"). And the Alex Stamos thread explains very well both why that is a sensible choice, and how they will implement E2E encryption& what are the limitations.
If we're discussing about current implementation, it doesn't make sense to be outraged that "Zoom doesn't offer encryption for free calls" - if we talk about E2E encryption, it doesn't offer it for anyone; and if we talk just about HTTPS, it offers it to everyone. So in fact we must've been discussing the future implementation not the current one - right?
