Whether you are on Zoom because your employer or school requires it or you just downloaded it to stay in touch with friends and family, people have rushed to the video chat platform in the wake of COVID-19 stay-at-home orders—and journalists, researchers, and regulators have noticed its many security and privacy problems. Zoom has responded with a surprisingly good plan for next steps, but talk is cheap. Zoom will have to follow through on its security and privacy promises if it wants to regain users’ trust.
In the meantime, take these steps to harden your Zoom privacy settings and protect your meetings from “Zoombombing” trolls. The settings below are all separate, which means you don’t need to change them all, and you don’t need to change them in any particular order. Consider which settings make sense for you and the groups you communicate with, and do your best to make sure meeting organizers and participants are on the same page about settings and shared expectations.
Privacy Settings
Make Sure Chat Auto-Saving Is Off
In your Zoom account settings under In Meeting (Basic), make sure Auto saving chats is toggled off to the left.
Make Sure “Attention Tracking” Is Off
In your Zoom account settings under In Meeting (Advanced), make sure Attention tracking is toggled off to the left.
Use a Virtual Background
The space you’re in during a call can expose a lot of information about where you live, your habits, and your hobbies. If you’re uncomfortable having your living space in the background of your calls, set a virtual background. From the zoom.us menu in the top right corner of your screen while using Zoom, navigate to Preferences and then Virtual backgrounds.
Best Practices for Avoiding Trolls
With Zoom now more widely used than ever, the mechanics of its public meeting IDs have allowed bad actors to invade people’s meetings with harassment, slurs, and disturbing images. When you host a meeting, consider taking the steps below to protect yourself and your participants from this “Zoombombing.”
Bad actors can find your meeting in one of two ways: they can cycle through random meeting IDs until they find an active one, or they can take advantage of meeting links and invites that have been posted in public places, like Facebook groups, Twitter, or personal websites. So, protecting yourself boils down to controlling who can enter your meeting, and keeping your meeting IDs private.
Keep the Meeting ID Private
Whenever possible, do not post the link to your meeting or the meeting ID publicly. Send it directly to trusted people and groups instead.
Set a Meeting Password, and Carefully Inspect the Meeting Link
In your Zoom account settings under Schedule Meeting, toggle Require a password when scheduling new meetings on to the right. You’ll find additional password options in this area of the settings as well.
You can also set a password when scheduling a meeting from the Zoom desktop app by checking the “Require meeting pass” checkbox.
BEWARE, however, that Zoom passwords can behave in unexpected ways. If you use the “Copy Invitation” functionality to copy the meeting link and send it to your participants, that link might include your meeting password. Look out for an unusually long URL with a question mark in it, which indicates it includes your meeting password.
If you plan to send the meeting link link directly to trusted participants, having the password included in the link will be no problem—but if you want to post the meeting link in a Facebook group, on Twitter, or in another public space, then it means the password itself will also be public. If you need to publicize your event online, consider posting only the meeting ID, and then separately sending the password to vetted participants shortly before the meeting begins.
Lock Down Screen Sharing
In your Zoom account settings under In Meeting (Basic), set Screen sharing to Host Only. That means that, when you are hosting a meeting, only you and no other meeting participants will be able to share their screen.
Depending on the calls you plan to host, you can also turn screen sharing off entirely by toggling it off to the left.
Use Waiting Rooms to Approve Participants
In your Zoom account settings under In Meeting (Advanced), enable Waiting room by toggling it on to the right. A waiting room allows hosts to screen new participants before letting them join, which can help prevent disruptions or unexpected participants.
Lock the Meeting
When you are actively in a meeting and all your expected participants have arrived, you can “lock” the meeting to prevent anyone else from joining. Click Participants at the bottom of the Zoom window, and select Lock Meeting.
The Electronic Frontier Foundation is the leading nonprofit organization defending civil liberties in the digital world. Founded in 1990, EFF champions user privacy, free expression, and innovation through impact litigation, policy analysis, grassroots activism, and technology development. We work to ensure that rights and freedoms are enhanced and protected as our use of technology grows. Visit https://www.eff.org