Zoom has had a checkered past when it comes to privacy and application security. They are also coming under increased scrutiny now as Video Conferencing solutions are being used more than ever to work from home. Zoom has gained popularity due to ease of use, social features, and removing security restrictions that can be a barrier to entry, but this can come with a downside for participants in video meetings.
This week, Zoom responded to criticism of their privacy policies and made several updates to reduce confusion about the amount of information they could provide to advertisers about your meeting. Zoom’s policy no longer allows them to provide transcripts of your video and chat messages to advertisers. Last week, Zoom also made updates to stop sharing data about your Zoom habits from your phone to Facebook.
For Apple users, last year, Apple removed Zoom’s hidden webserver that allowed a malicious website to join your Mac to a meeting and activate your webcam without your permission. This should no longer happen to Zoom users.
These are all welcome responses to concerns about Zoom’s privacy policies and security measures that help to reduce risks for Zoom users. The rest is up to the user to secure their own information by adjusting the settings on their account and their meetings.
Many users are most concerned about Zoombombing where an unauthorized person joins your Zoom video meeting and starts sharing offensive videos to all participants. This can happen to public meetings or if any participant accidentally shares the Zoom meeting URL to unauthorized users. The meeting host can change their default settings to help reduce Zoombombing and its impact.
Top Zoombombing Protections:
“Enable waiting room” feature to screen visitors before admitting them to the video meeting
Require a meeting password for extra security and share it separately with participants
Set Who can screenshare: “Only host”
Do not share your public Meeting ID link on social media where anyone can see it to join your meeting
Do not share screenshots of your video online that could include private information or meeting ID’s
Set Who can start sharing when someone else is already sharing: “Only Host”
Additional Protections to Consider:
Disable “allow removed participants to rejoin” so a removed Zoombomber can’t immediately rejoin
Designate a Co-Host to help manage meeting participants and remove miscreants
Set video to off by default when participants join
“Mute participants on entry”
Uncheck “Enable join before host” so participants can’t start the meeting without the host
Let Zoom generate a unique meeting ID for every meeting instead of re-using your personal Zoom Meeting ID
Do not record meetings without consent of participants
Do not download chat history without consent of participants
Do not enable “Attendee attention tracking” without consent of participants