Over the last few years, Zoom has gone from a useful video calling app to an absolute household name. User numbers have grown exponentially, as the Covid-19 lockdown inspired the public to find new and creative ways to enjoy human contact in digital form—so why would the best VPNs help?
Zoom's quickly inflated userbase (in 2022 alone the world clocked over 3.3 Trillion Zoom meeting minutes) has also brought greater scrutiny over the service and questions were being raised over its privacy practices, vulnerability to hijackers, and apparent lack of true end-to-end encryption.
Once it was discovered that Zoom wasn't using end-to-end encryption, the company clarified that sessions were protected using TLS encryption instead. The difference in this case is that through using TLS, even though others can't monitor your Zoom video calls and chats, the companies themselves could do so if they wanted.
With end-to-end encryption, the necessary keys to encrypt the conversation remain on your device and the people to whom you're talking, so not even the provider offering the video call service could know what you're saying.
In March 2020, Zoom faced backlash after sharing user information with Facebook in the iOS version of its app—they later fixed this issue.
Zoom addressed further security concerns that could allow hackers to steal passwords from its Windows client, not to mention hijack Mac Zoom sessions. Zoom also promised to fix these and other existing bugs and even offer rewards to others who could find them, as part of a (still ongoing) bug bounty program.
Since these issues, Zoom claims to have implemented better security, and its Security Overview claims that "communications are established using 256-bit TLS encryption and meeting, webinar and messaging Content can be encrypted using AES-256 encryption, and optional end-to-end encryption." AES 256-bit encryption using a one-time session key is significantly more robust than TLS, but it's worth noting that it's only protecting "webinar and messaging content," so don't assume everything is protected with AES 256.
Zoom doesn't state which TLS standard it conforms to, and even the current standards are susceptible to weak ciphers and forced downgrade attacks—enabling hackers to listen to the traffic and drop malware.
The use of the word "can" also raises eyebrows for me as it leads me to think that this is not a default standard and is, in fact, what is meant by the "Advanced Chat Encryption" feature. Ultimately, this is less than ideal and is just another reason why you should use a VPN with Zoom for maximum security and privacy.
How VPNs keep you safer online
While you can use a VPN for Netflix or accessing messenger services in countries with strict censorship laws, that only scratches the surface of their capabilities. The most important function of a VPN is to keep you and your data safe while you're online.
Very simply, VPN providers provide you with software that places your data inside a special ‘encrypted’ tunnel established between your ‘client’ device and the VPN server.
This means that anyone with access to your ISP’s records will only see the encrypted data. If properly set up, they won’t be able to tell which websites you access, or even which apps you’re using like Zoom as all data is encrypted.
Naturally the data is decrypted once it reaches the VPN server but in the meantime if you’re say, using Public Wifi or being targeted by hackers, this makes it much more difficult for them to gain any meaningful data.
And because VPNs can be applied to your home computer, laptop, mobile - even your router - it means that a single VPN subscription can cover a whole household of online devices.
What is the best VPN for Zoom?
The best VPN to use with Zoom or any other video calling software is ExpressVPN, thanks to its security, speed, and ease of use. If you want more choice, here are our top three picks:
Watertight encryption is an obvious necessity, especially if you often make sensitive business calls. However, using a VPN in itself won't protect your calls with end-to-end encryption. This is because your VPN provider needs to decrypt your web traffic in order to send it where it needs to go.
If you want to be sure your calls can't be monitored, consider using open-source video calling such as Signal Messenger or Jitsi Meet. Both these programs use end-to-end encryption: you don’t even have to take the developers’ word for it, as the source code is freely available online for the community to examine for any bugs.
So what’s the point of a VPN?
As we've just discussed, using any old VPN won't automatically protect your messages with end-to-end encryption. You need to select the right software for that.
Having said this, establishing a VPN connection when you start a chat or video call, makes life much harder for bad actors. For starters, as all your traffic is encrypted, they won’t be able to detect you’re connecting to a particular server like Zoom’s in order to place your calls. If they don’t know how you’re staying in touch with friends and colleagues, you can’t be hacked easily.
Secondly, as all your traffic is being routed via a VPN server, as far as the Internet is concerned your IP address is the same as that server’s. This means if anyone does try to hack you, they’ll target the server not you.
You also have to consider bad actors within the company. If Zoom were pressured, for instance, via a secret court order to provide the IP address used to connect to their service, usually that would mean giving away your location. If you connect via a VPN, again they won’t get any closer than your chosen VPN server, which could be in another country.
Should I stop using Zoom?
Despite the security concerns, Zoom is a very popular video-conferencing app and is easy to use, so is probably here to stay. If you and all participants in your calls and conversations use a VPN whilst on Zoom, it’ll be much harder for someone to tell you’re using the service in the first place.
Zoom themselves can also monitor your conversations but if you’re all connecting via a VPN server they won’t be able to tell exactly where you are based on your IP address. This won't protect you if you mention where you are during a call or chat though!
Our recommendation, as we said is to use open source software which is proven to have actual end-to-end encryption for video calls and chats, as well as a VPN to keep your location safe.
We recognise though, that you may not be able to persuade everyone to do this, so you may not want to delete your Zoom account just yet.
Zoom services are also blocked in certain countries like Cuba and Iran, so if you’re trying to place a call to someone in these territories, you’ll need to use a VPN. As connections are routed through a VPN server in a different country, users can still download the software and place calls, bypassing their government’s censorship attempts.
Choose a fast VPN
Naturally, if you want to make video calls, you should choose a VPN with fast connection speeds. This will ensure that you get as little lag and drop-off as possible during your calls.
You can deploy the fastest VPNs but you can also run your very own speed tests if you want. Just remember that VPN speed tests can be unreliable, as they depend on many factors like how close the server is, how many people are using the service, and your home setup.
When it comes to choosing your provider, make sure that they have servers operating in each of the countries where you and your participants are based. This should make for lower ‘latency’ between each of your devices and the VPN server.
When deciding, make sure to find a provider that supports a newer protocol like WireGuard. This protocol was designed to be both fast and secure, which is what you need for video calling.
For ultimate security and speed, consider a provider like NordVPN which allows you to set up a private meshnet via a VPN for your device and others with whom you want to communicate.
If you’re comfortable with computers, you can also set up your own private cloud-based server, such as FreedomBox or NextCloud to host video calls and chats, as well as share files. This involves more work and you’d have to persuade everyone with whom you want to communicate to sign up but it’s much safer. Remember that if you control the server, you can also control what data is logged and how quickly it’s deleted forever.
Encourage people connecting to your server remotely to do so via VPN, so that anyone monitoring your connection won’t see the server IP address.
A personal favorite
Because Zoom is now being used by ordinary families across the globe, we admire any VPN that's easy to download and operate—even for people who aren't that skilled with technology.
ExpressVPN tops our list of favorite VPNs at the moment and is the one we'd recommend. It ticks all of the above boxes - it uses a variety of the world's strongest security protocols and has a strict no-logging policy, which has been confirmed by independent audits.
It boasts some of the fastest connection speeds we've tested, even to far away servers, and is very easy to use. Plus, it has excellent 24/7 customer service that is generally helpful if you find yourself struggling with any aspect of the VPN.
ExpressVPN also has its own Lightway protocol, which is perfect for video calling being both super-fast and secure.
- Here's our list of the best video conferencing software on the market
