This morning I was on Saskatoon Morning with Jen Quesnel talking about security concerns people may have with using Zoom.
Before the COVID 19 pandemic, not many of us had not heard of the video-conferencing app Zoom. Now church services, book clubs and many, many work meetings are being held on the platform. And newcomers to this app are vulnerable to having meetings hijacked. Chris Enns is podcast editor with Lemon Productions. He spoke with Saskatoon Morning’s Jennifer Quesnel.
Radio vs Podcasting
A quick thought on radio vs podcasting before I get to talking about Zoom.
Unlike when I record my own podcasts (The Story Behind the Lemon and Daily(ish)) or edit podcasts for clients, there’s no second take with live radio. Or an edit button. Despite telling myself “It’s just a conversation with Jen about Zoom”, I still found myself getting quite nervous. Jen’s a pro at live radio and did a great job of guiding the conversation. And that’s part of the thrill and energy of “live” vs a edited podcast. It’s why I love doing live streams on my YouTube channel or for my podcast network with friends – an audience listening and the fact that you never know what might come up next is a blast.
A 7 minute spot on radio is a lot less time than “take whatever time you want to” in a podcast episode. So I thought I’d write out a bit more details on possible Zoom issues, along with some links, that I’d add to my speed-talking thoughts on the radio this morning.
Being Zoom Bombed by Issues with Zoom
It seems everyday, in addition to COVID-19 news, there’s some new way Zoom has messed up privacy and security issues with their app.
- Zoom is Malware – The Guardian
- Zoom Meetings Aren’t End-To-End Encrypted – The Intercept
- Zoom iOS App Sends Data to Facebook Even if You Don’t Have a Facebook Account – Vice
- Zoom is Leaking Peoples’ Email Addresses and Photos to Strangers – Vice
- Zoom admits some calls were routed through China by mistake – TechCrunch
- A Zoom Meeting For Women Of Color Was Hijacked By Trolls Shouting The N-Word – Buzzfeed News
- Zoom banned from New York City schools due to privacy and security flaws – Fact Company
Those are some of the issues security folks have with using Zoom. And to be fair to Zoom, they are getting used by thousands (if not millions) more users than I’m sure they had planned for this year. Scaling up fast is difficult for any organization.
Settings for a Safe(r) Zoom Call
The main issue regular folks have with Zoom is people joining their calls that weren’t invited – Zoom Bombing. Basically being trolled.
Zoom uses a 9 – 11 digit number called a Meeting ID to identify each meeting. Up until recently, you weren’t required to have a password enabled for your meetings. So all hackers had to do was try random combinations of numbers and eventually they’d get into a call. (Zoom vulnerability would have allowed hackers to eavesdrop on calls – The Verge)
That’s been mostly patched. Zoom now requires all meetings to have a password. Just like any other account, if you share the Meeting ID and password publicly, someone can still join. So don’t share your password publicly! If you’re wanting to open a meeting up to the public, you can share the Meeting ID but then ask people to text or DM you directly for the password.
Other Settings to Look At
Other settings you can change to help ensure only the people you want in your meeting are:
- Set audio to only be from a computer. Allowing people to dial in to the call is a security risk.
- Enable the waiting room option so you can screen people before they join the call.
- Disable “Join Before Host” so people can’t join the call before you get there and start causing chaos ahead of your arrival.
- Enable “Mute Participants on Entry” so that when someone does join, they’re not able to shout at the group immediately – giving you time to recognize a bad guest.
Don’t Let Anyone Share Their Screen
Another potential issue is allowing anyone on the call to share their screen. This is how someone can show a video, image, or literally anything on their computer to the group. Unless you know everyone on the call and trust them, you should definitely disable the option for anyone to share their screen.
When you’re on a call, look for the Share Screen option at the bottom and click the up arrow to set “Who Can Share?” to “Only Host” instead of what is currently, at least for me, the default of “All Participants”.
Other settings to look for include:
- Turn off Annotation tools to add information to shared screen
- Enable co-hosts (paid plans only) to allow others to help moderate guests
- Turn on: Always display participant names on their videos
- Turn on: Play a sound whenever someone joins. This one is annoying but it is effective at letting you and everyone else know that someone has joined. When you have a Zoom room of 50+ people, it can be hard to notice.
- Turn off: Embed password in meeting link. This is on by default but can be turned off if you want to be able to share the URL more widely without also including the password to the call.
Should Zoom Be Used?
Jen ended the segment by asking me if people should continue to use Zoom in light of all the issues we’re been reading and hearing about. And while I think people should be more skeptical of the services they hand their audio, video, and data over to – I think given the times we’re living in, Zoom is a great tool to use. I’d vote “yes” on continuing to use Zoom.
As with anything else on the internet, remember that whatever you say or do could be recorded, copied, and shared beyond your Zoom call. Don’t give out credit card information, banking details, private photographs or videos, etc. unless you’re okay with that information getting out to the internet at large. You may trust your friend on the call, but what about your friend’s friend that you invited to the chat? Plus what if Zoom is accidentally routing your call through a Chinese data center that’s snooping in on what’s being said?
Zoom has enabled a lot of people to meet in ways they didn’t even realize were possible before this. The breakout room feature of Zoom is incredibly powerful for allowing committees, non-profits, religious groups, and others to have huge meetings broken down into smaller groups and then bring everyone back together. It’s awesome!
Alternatives to Zoom
While it’s probably too late to convince your school or employer to use something else, you don’t have to use Zoom for all your conversations online.
If you and your friends or family are all macOS / iOS users, FaceTime works amazingly well and is end to end encrypted and very secure. You can even make a group FaceTime call with up to 32 people!
Setting up a Discord server could be a great way to organize and communicate with an extended family, school classroom, non-profit, or any other type of group you need to organize. Besides having video/audio chat capabilities, you’ll also get text chat channels to share memes, GIFs, and COVID-19 links – all while being in a private chat room that you control.
Discord recently launched “Server Templates” that are great starter kits for whatever kind of community you’re trying to organize.
Jitsi is an open source project that allows you to quickly set up a virtual room and share that URL with friends or family to join.
WhereBy is similar to Jitsi but is a commercial product. It’s among the more beautifully designed web conferencing apps and is a nice alternative to Zoom – albeit with less features and a higher price tag
Microsoft Teams is being used by a lot of schools and organizations that get access to it simply by having an Office365 license. And Google Hangouts (personal) / Google Meet (business?) is a great option if you’ve got a Google account. And of course Skype, who recently added a Meet Now feature, is still a great option for a lot of folks.
Still Have Questions?
I’d be happy to chat with you – even if you don’t have a morning radio show like Jen – book a call with me and I can walk you through some of the Zoom settings you should consider, or we can try out any of the other Zoom alternatives.