3.7.2 Device Management Interface

We offer a dedicated UI to manage devices that are part of the user’s sighchain, available in the Zoom client’s settings. Upon visiting this device list, clients ask the Zoom server for the latest sighchain tail and process any new links in order to make sure that the view is up-to-date. The device list contains all active devices (which can be used to participate in E2EE communications) and revoked devices (which can no longer be used), indicating their device name and type based on the sighchain; it also has the user’s own fingerprint and the user’s current and past email addresses (if any). Users can revoke devices from this view. If a device realizes that it is revoked (by processing updates to its own sighchain, for example as part of a periodic refresh or because of a server notification), it will delete all private ephemeral and long-term keys as well as sensitive data, and then log itself out.

When the user first uses a feature that requires sighchains from one of their devices, that device generates a new set of device keys and adds them to the first link in the user’s sighchain. From then on, the user’s other devices (existing and future) will also generate their own keys and extend the chain; each time, the user is prompted to review the device list and revoke any devices that are unrecognized, lost, stolen, or no longer used.

In addition, after provisioning each new device, the user gets notifications on their old devices asking them to approve or revoke any new untrusted devices. This list might include devices that are already revoked but are still new from the perspective of the old device. Users also get notifications regarding changes made to their email address.

Once the Zoom Transparency Tree (Section 4) is deployed, Zoom servers and insiders will not have the ability to, e.g., suppress notifications in order to hide a malicious device addition or email change.