As the use of Zoom video meetings has exploded during the COVID-19 outbreaks—being used by everyone from churches to Fortune 500 companies to the UK's government cabinet— the inevitable rise of people trying to disrupt such meetings has occurred as well.
People, often described as "internet trolls", have on occasion been entering public Zoom meetings and saying or showing inappropriate things to disrupt the meeting. Sometimes this is being called "Zoombombing".
Thankfully there are a few small steps you can take to greatly reduce the risk of this every happening and which will allow you to control the situation if it were to every happen.
SECURITY SETTINGS
Screen Sharing "Host Only"
Make sure your Screen Sharing settings are set to "Host Only". This means only the host of the meeting can share their computer screen with everyone. This is one of the chief ways trolls have disrupted meetings.
In any meeting the host can change the Screen Sharing options by:
- Clicking the up-arrow next to the Share button.
- Selecting "Advanced Sharing Options..."
- Under "Who can share?" select "Host Only"
To set Screen Sharing to "Host Only" by default for your meetings
- Go to your Zoom profile settings at https://zoom.us/profile/setting
- Scroll down under the Meetings tab until you see Screen Sharing
- Under "Who can share?" select "Host Only"
- Now any new meetings you schedule or start should have "Host Only" on by default.
HOST CONTROLS
Remove Participant
The host of a Zoom meeting has a variety of controls over the participants in the meeting. If you are hosting a meeting it is a good idea to familiarize yourself with these controls.
If someone entered your meeting who should not be there the host can easily mute their microphone, put them on hold, turn off their video and remove them from the meeting.
To remove a participant from your meeting:
- Click the "Manage Participants"
- Mouse over the participant and you should see several options appear.
- Click "Remove" to remove the participant from the meeting.
By default people removed from a meeting cannot rejoin.
*You can also access the "Remove" option by hovering over a participants video in Gallery View and selecting the "..." symbol in the top right corner.
Security Button
There is now a button for hosts marked "Security". It gives hosts quick access to some of the most important security features for you Zoom meeting including: Lock meeting, Enable Waiting Room, Share Screen and Chat.
By selecting one of the options you can easily enable or disable them. A checkmark next to them means the feature is enabled.
- Lock Meeting - if you enable this then no one else can enter the meeting.
- Enable Waiting Room - this means when people want to join the meeting they have to wait in a "waiting room" until the host allows them in. The host will be notified when someone enters the waiting room.
- Share Screen - we've discussed this feature above. Here you can enable and disable the ability for people to share their screen in the meeting.
- Chat - this allows you to allow or disallow people to use the chat feature in the meeting.
- Rename Themselves - exactly as it sounds, this allows you to allow or disallow people to rename themselves in the meeting.
If you check these settings and are familiar with these controls you should be good to go to host safe and secure Zoom meetings.
If you'd like to learn more about this and about even more features for Zoom security you can check out this post
ZOOM IN THE NEWS
Is Zoom safe and private?
Some thoughts regarding concerns about Zoom's security and privacy.
Since the COVID-19 pandemic began the number of people and organizations using Zoom to hold video meetings has skyrocketed. As a result so has the scrutiny of its service, security and privacy settings.
In many ways this a good and healthy development. It's good for a company of this reach and influence to be watched and held accountable to high standards. And due to this heightened scrutiny Zoom has made many improvements to both their service and their privacy policy. (You can keep up with Zoom news releases here.)
A company and service that comes under this kind of attention also becomes the subject of false information and misleading articles written more to draw attention and gain traffic to the authors' websites than to accurately inform their readers. Zoom has been no different. Many articles published about Zoom since the COVID-19 outbreaks have done more speculating than reporting and many more have simply regurgitated those speculations. Also many have reported on security and privacy concerns which are far from unique to Zoom, insinuating a more unique risk than there is in reality.
Just about every major web service has very similar articles and concerns raised whether it's Google, Apple, Microsoft, Facebook, Amazon, Netflix, etc. Whenever a web service takes part in the storage or transmission of information the potential for misuse is there.
Not only that, but in every communication medium the potential of security breaches has always been possible, whether it's mail being stolen, phones tapped or email hacked. The Pentagon, Nasdaq, Yahoo, the Republican Party, Equifax, have all been hacked in the past.
In all the cases I've seen written about so far (as of April 15, 2020), nothing has seemed particularly unique to Zoom or particularly concerning for our uses of their service. And in most cases Zoom has been quick to respond, either in resolving the issue raised or correcting the misleading information about their service. (Read more: "A Message to Our Users", "Update...")
Some have noted that some governments or major companies have suspended using Zoom for their meetings. I can understand that. If I were having secret national discussions or doing multi-million dollar business deals I would likely spend the money to use the most totally secure and extremely private technology I could. I would also use secure phone lines and highly encrypted email and private networks. But unless you're discussing nuclear launch codes in your prayer meeting, my feeling has been our standards can afford to be a bit lower than some national governments' or Fortune 500 companies.
Let's look at a few other specific concerns raised recently by some articles regarding Zoom:
What about the Zoombombers?
The purpose of the tutorials above were to help you address any security concerns regarding someone "zoombombing" your meeting and causing a disruption. Zoom has greatly enhanced the easy access of their security features and has worked hard to educate hosts in how to protect a meeting from such people. If you share your meeting link publicly, that Zoom meeting becomes like any public meeting and the chance of unwanted guests does become a possibility. But you do have a lot of control over what people can do and how long they stay in your meeting using some of the features we discussed above. And if you do not share your meeting link publicly the chance of an unwanted person joining your meeting is very, very small.
Does attending a Zoom meeting invade my personal privacy?
There are articles floating around that have suggested that your personal privacy is seriously at risk by joining a Zoom meeting. These usually have headlines that are designed to catch your attention and can often mislead readers. When you read these articles there have often been several different concerns raised. One of the primary concerns has been the amount of information a meeting host can glean about you as a participant. Frankly, I think many articles have used these concerns largely to make their case look and sound more impressive and fill out space in their article. Yes, if you joined a meeting run by a scheming and untrustworthy host they could see your living room and your username and your face. What they'd do with that little bit of information, I really don't know. However, any of even these small concerns are completely irrelevant if you're joining meetings which are hosted by people you trust.
Is Zoom listening in to our meetings?
Some articles critical of Zoom's privacy policies have speculated that Zoom may be listening in to our meetings. (Frankly, in most of the meetings I'm in, that wouldn't particularly concern me.) However Zoom has also been quick to respond to these concerns saying:
“Zoom takes its users’ privacy extremely seriously. Zoom only collects data from individuals using the Zoom platform as needed to provide the service and ensure it is delivered as effectively as possible. Zoom must collect basic technical information like users’ IP address, OS details and device details in order for the service to function properly.
Zoom has layered safeguards in place to protect our users’ privacy, which includes preventing anyone, including Zoom employees, from directly accessing any data that users share during meetings, including – but not limited to – the video, audio and chat content of those meetings. Importantly, Zoom does not mine user data or sell user data of any kind to anyone.”
Are our Zoom passwords secure?
A few articles have reported that some peoples' Zoom login credentials have been available for sale online because hackers have acquired them.
Again despite how this may be reported, this is a very common situation for any major web service. Zoom is investigating the claims, however it is very common for hackers to try login credentials that have been stolen in some security breach elsewhere to login to other major websites. So, if one company or organization has a security breach and some email and passwords are stolen. The hackers will then try those email addresses and passwords on other sites like Zoom. If people used the same email and password on Zoom as they did the website that was hacked the hacker can gain access to that person's Zoom account. This is why if a company or organization with which you have an account has a security breach they will recommend you not use that same password anywhere else. This vulnerability to Zoom accounts has nothing to do with Zoom's security and is true of any website or web service that has accounts you log into. Here was Zoom's response:
Another group of articles has centred around Zoom meeting recordings been found publicly online. How these recording became public was not clear at all in the articles, but the suggestion in some was that perhaps Zoom recordings that were saved to the Cloud were not secure.
Conclusion
Again, to reiterate, thus far I have not read anything regarding Zoom that has unduly alarmed me personally. No communication tool or medium is without some risk. So, there is always some risk to our privacy and information security when we use Zoom and invite others to use Zoom. But for the primary ways we as a province, diocese and as individual churches are likely using the Zoom service, none of the issues I've seen raised so far seem to me to pose risks which outweigh the benefits of using Zoom. I think without the simple, stable and accessible service Zoom provides we would lose out on many valuable connections we've made through this time of physical isolation with our people, in particular people who typically find technology daunting to use.