There’s a good chance you hadn’t heard of Zoom when 2020 started. Unless you regularly participate in business-focused video chats, the enterprise-oriented tool wasn’t part of your regular routine. Then came COVID-19 and social distancing, of course, making video chat the closest option many people have for responsible face-to-face interaction. Suddenly, Zoom’s typical uses—earnings reports, powerpoint slides—started living alongside online happy hours and remote board game sessions.
This week, in a blog post, the company’s CEO and founder, Eric S. Yuan, tried to provide users with some context about the sheer volume of Zoom’s sudden growth. Total meeting participants across all of the platform’s users topped out around 10 million in December 2019. March 2020 saw 200 million daily participants across the free and paid tiers. Over the same time period, Facebook says that its Messenger platform saw video chat growth grow by 100 percent. Zoom is the video chat darling of the moment.
That kind of growth provides a pressure test for Zoom that its engineers can’t get in-house. The influx of consumer attention catalyzed increased scrutiny from privacy-literate users and security experts. It didn’t take long for issues to pop up, and some of them started stem from simple default settings.
While none of the issues are full-stop dealbreakers, there are some steps you can take to make your Zooming more secure.
Create private meetings
When you sign up for Zoom, your account gets a Personal Meeting ID (PMI). It looks like a phone number and, in a way, acts like one, too. Using those digits, other Zoomers can jump into your personal meeting room. It’s good if you’re giving that number to close friends or anyone you don’t mind bothering you at any time, but it’s a poor choice to use for public events. You wouldn’t tweet your phone number—and you shouldn’t tweet that number either.
Here’s the fix: You can generate a random meeting ID instead of using your PMI for drastically increased privacy. If you’re going to hold a happy hour or something of the sort, it’s worth setting up. Here’s a segment of a zoom tutorial to explain how to do it.
Prevent “zoombombing”
By default, new users coming into your meeting can share their screens with the group (the company recently changed the default setting for the education-specific version of its service). So, if someone wants to bombard participants with boring pictures from their latest vacation or something much more offensive, they can do so.
The best defense against this is to keep people who might pull that kind of stunt out of the meeting in the first place—a private room is a good start. But, you can go into your preferences on the web and change the default to prevent everyone except the host (you) from screen sharing. If you don’t want to make the change across the board, you can click the small arrow next to the “screen share” button on the interface and select “advanced sharing options.”
Use a waiting room for your meetings
Adding a waiting room lets you act like your own digital bouncer during Zooms. You get the chance to vet participants before they get through the door. You can put a customized message on the screen that people hit as they try to come in—it can lay out rules. If you’re dealing with tons of participants, it might be tedious to manage people as they come and go, but it could also prevent the whole chat from getting blasted by unexpected porn spam.
Understand what Zoom means by “encryption”
When you chat via services like WhatsApp or iMessage, your communications have true end-to-end encryption. That means the data is unreadable to the chain of companies and providers that exist in the path between you and the recipient. While Zoom uses “end-to-end” encryption in its marketing material, the phrase has gotten it in some trouble. The Intercept originally reported the following: “…the Zoom service itself can access the unencrypted video and audio content of Zoom meetings. So when you have a Zoom meeting, the video and audio content will stay private from anyone spying on your Wi-Fi, but it won’t stay private from the company.”
In a blog post, Zoom explained that connecting to the service with methods outside its proprietary app cause the confusion. Joining by telephone or Skype integration, for instance, thwarts the simple encryption model people expect when they hear “end-to-end.”
Choose the email with which you sign up carefully
As the company has repeatedly said, Zoom wasn’t built with the general public in mind, so some of its features make more sense for corporate users than typical chatters. As Vice reported, Zoom’s Company Directory option groups together participants who come from the same domain. It doesn’t affect the major providers like @gmail accounts, but using a smaller email provider may add you to a database of users that others can see.
Understand what the host can see
With so many video chats happening all day, it’s easy to get distracted. Thanks to an “Attendee attention tracking” feature, however, organizers can see when users don’t have the meeting window on-screen and active. This only works when someone is sharing a screen, but it could possibly rat you out for trying to keep the meeting playing in the background and doing something else for more than 30 seconds.
Keep your client updated
If you signed into Zoom today, you may have encountered a substantial update. As part of its security initiatives, the company has vowed to freeze work on new features for 90 days and focus on privacy and security improvements for its current offerings. That announcement, however, came quick on the heels of a NASA engineer dropping a pair of Zoom security exploits on his blog.
Zoom also recently updated its iOS app to remove features that funneled some unnecessary device information out to Facebook.
Both of these are good examples of why you should keep the latest version of the app on your computer and phone in order to prevent old exploits from popping up and ruining your day.
