Zoom has long been a popular choice for video conferencing due to its focus on ease of use and reliability. Mass shelter-in-place orders around the world due to the COVID-19 crisis have led to a rapid, large-scale increase in use of the company’s products. As a result, Zoom is under much more scrutiny, highlighting the trade-offs the company has made in prioritizing usability over security.
Below are several important issues that you should be aware of along with information on how to handle them.
“Zoombombing” – when an uninvited person gets a hold of your Zoom meeting ID and joins a meeting.
- Don’t use your personal meeting ID (which is a meeting ID and link that is permanently reserved for your Zoom account), especially when organizing meetings for external participants; instead schedule meetings with the Zoom app, or with the Outlook plugin or Google Calendar add-on, which generates a new, random meeting ID for each meeting.
- If you have been using your personal meeting ID for numerous meetings, consider changing it to a new ID.
- Zoom’s April update included a number of in-meeting security controls, including the ability to remove participants, prevent new participants from joining, and enable/disable participant access to chat and screen sharing.
- Zoom also has a few other features that might be worth exploring for some meetings, such as meeting passwords, waiting rooms where the host approves each participant, and not allowing participants to join before the host.
Overloaded Infrastructure – usage of Zoom’s products has grown an incredible 20x in the past 3 months and some days their infrastructure struggles to meet demand.
- This issue has improved notably since the first few weeks of the shelter-in-place orders.
- That being said, it is a good idea to have a backup system identified and tested. If you use Office 365, check out Microsoft Teams; if you use G Suite, check out Google Meet.
User Privacy – Zoom has received a lot of criticism about their privacy policy and the level of data access given to meeting hosts.
- Zoom updated their privacy policy this month to explicitly state that they do not view, mine or sell user data.
- Zoom removed the attention tracking feature this month, which previously notified meeting hosts when participants navigated away from the Zoom app
- Please remember that Zoom meetings can be recorded by hosts and any participant could screenshot a Zoom meeting, both of which can be circulated online. Privacy experts recommend using a virtual background if your video is on and you are concerned about images of your living space circulating among coworkers or externally. Some fun options: West Elm, Pixar, customizable
- Zoom’s integration with LinkedIn has been shown to mine and present participant data to meeting hosts without participants’ knowledge. Zoom has said that they are planning to change the integration to improve participant privacy.
Security-related Lawsuits – several credible high profile lawsuits against Zoom have been referenced in the media lately related to
- Exaggerating their data encryption capabilities – more info; the complaint is mainly about false advertising.
- Sharing Zoom user data with Facebook unintentionally when installed on mobile devices – more info; Zoom has since updated its mobile application to address the issue. If you have Zoom installed on your mobile device, please update to the latest version.
- A flaw on Macs where hackers could gain access to webcams through the Zoom app – more info; this issue was resolved by Zoom and Apple last July.
There are privacy and security risks with any video conferencing solution. Zoom is still one of the riskiest, in part because of its popularity and in part because it is catching up after years of de-prioritizing security features, although, Zoom has made impressive progress in the past month. If you follow the tips in this post, Zoom can be a safe and effective tool for connecting with others.
