Magid: Zoom safe to use if properly configured

Magid: Zoom safe to use if properly configured

Zoom, the popular video conferencing service, got some well-deserved bad publicity several days ago, but the company responded as it should. On April 1, its CEO Eric Yuan wrote A Message to Our Users where he admitted “that we have


Larry Magid 

fallen short of the community’s – and our own – privacy and security expectations, adding “For that, I am deeply sorry, and I want to share what we are doing about it.”  And the company did do things to correct the problems.

But despite shoring up its security and privacy settings, providing better user education on how to safely use the product and ending its practice of sending analytical data for its iOS users to Facebook, the company has continued to draw negative press. As recently as this week, several school districts, including New York, banned the app for online learning.

One big problem has been “Zoombombing,” where uninvited people come in to a meeting and say or display inappropriate graphics or video, that can be very disturbing. I’ve heard cases of people showing pornographic videos in classroom chats. My adult son, who is a professional musician, hosts a weekly Zoom “dance party,” and — before he instituted some protections — it was wide open and vulnerable. At one event, someone came in and shouted racist and sexist comments until my son’s business partner ejected him from the room. By implementing some security features, that isn’t likely to happen again.

Zoom is much safer now

No online service is 100% safe, but based on what I can see, Zoom’s current practices and defaults, make it reasonably safe. I have no qualms using it for both professional and personal conferences. I use it several times a day for business meetings and, in the evening, to chat with my adult children. We use it as a platform for online games (my daughter shares her PC screen with a game we play remotely.)  And we used it this week for our annual family Passover seder.

Zoom has always allowed its meeting hosts to implement security features, but many weren’t on by default and configuring Zoom’s security features wasn’t as straightforward as it should be. And its documentation isn’t very user friendly. One of the reasons is because Zoom has mostly been a business tool and many of its users have access to IT (information technology) departments that can configure the service for employees. Yuan said that in December, the maximum number of daily participants in Zoom meetings was approximately 10 million.

But, “In March this year, we reached more than 200 million daily meeting participants, both free and paid.” That’s a 20-fold growth rate in just a few weeks and a big chunk of those users are new to Zoom and likely working without guidance from an IT department. In other words, Zoom was made for corporations, not consumers.

Default settings

One of the things that Zoom has done to make the platform safer is to make the default settings much more restrictive, so unless you change them, your conferences are pretty well locked down.

To test this, I set up a new Zoom account and looked at the default settings. Unless you change them, all meetings require each person to type in a password. With the exception of the host, each person’s video is off (it can be turned on in the meeting), no one can join before the host joins, participants need to authenticate before joining, participants joining by phone also need a password,  and all participants start out in a waiting room and can’t join the conversation until the host lets them in.

Even existing users had their settings automatically changed to the default, which is a good way to make sure that people have as safe an experience as possible, unless they chose to change the defaults.

You can override those defaults and there may be good reasons to do so. I have overridden some of them as a matter of convenience, but — with the exception of my twice weekly ConnectSafely Live webinar (ConnectSafely.org/Live), most of my meetings are small groups of people, and I don’t share the access link beyond the limited number of invitees. Still, I keep a sharp eye out for intruders and know how to quickly mute or eject someone who is doing something inappropriate.

Public webinars, which require an extra-cost business account, have their own protections, including not allowing anyone other than panelists to be seen or heard unless participants raise their hand and are called on.

The default settings automatically apply if you host an instant meeting (a simple one click process) and are the defaults if you schedule a meeting. But scheduling, which can be for a meeting in the future or one you launch immediately, lets you review and change the settings just for that meeting. So, you have the flexibility to make a meeting either more or less restrictive, depending on your needs and concerns.

In addition to the general setting and individual meeting settings, you can easily add restrictions or eject someone after a meeting starts. On Wednesday, the company added a new a security toolbar icon that’s visible at the bottom of your screen during a meeting (look for the shield). The icons lets you lock the meeting so no new people can enter, enable the waiting room, (even if it’s not already enabled), remove participants and restrict participants’ ability to share their screens, chat in a meeting, rename themselves, and annotate on the host’s shared content

To explain’s Zoom’s safety features in plain English, I’ve put together a primer for safe use of Zoom, which you can find at ConnectSafely.org/Zoom.

Larry Magid is a tech journalist and internet safety activist.

Published at Thu, 09 Apr 2020 14:00:03 +0000