Thanks to the spread of Coronavirus, working from home has become the new normal -- and so has using communication tools like video conferencing software Zoom.
To put Zoom’s newfound popularity into perspective, downloads of the software are up by 90% as compared to 2019. In March, Zoom downloads reached an astounding 62 million in a single week.
Social distancing and stay-at-home orders mean that companies and employees aren’t the only ones using Zoom to connect. Personal use of Zoom to chat face-to-face with friends and family is also commonplace.
But is Zoom, primarily designed as a business tool, really ready to handle all of its new users and uses?
If the constant threat of Zoombombing and growing concerns surrounding user privacy and data collection are any indication, perhaps not.
Exactly what is zoombombing, and what can you do to stop the trolling? Are you informed about Zoom’s privacy policy when using the software for both personal and professional communication?
What is Zoombombing?
“Zoombombing” is the act of sharing graphic, offensive, and unwanted images, videos, and messages in public Zoom meetings. Trolls use Zoom’s screensharing option to broadcast a variety of unwelcome materials to meeting attendees.
This means that while you and your team are editing documents, attending a killer webinar, or even if you’re enjoying a virtual happy hour with friends, your Zoom meeting is vulnerable to these trolls, hackers, and harassers -- and getting rid of them is harder than you think.
Because these trolls can switch to new user accounts if banned from the video call, the abuse often continues until hosts are forced to completely end their meetings or classes.
Offensive messages, graphic images and videos, abusive attacks, and even comments designed to trigger the vulnerable have all been reported.
Zoombombing isn’t just embarrassing. It can also damage your company’s reputation, cost you revenue, and make meeting attendees nervous to connect with you or your business over Zoom in the future.
At a time when so many businesses are struggling to keep their doors open, Zoombombing can quickly turn from an awkward setback into a corporate catastrophe.
Recent Victims of Zoombombing
Morning meditation groups, virtual worship services, and government meetings have all experienced horrific incidents of Zoombombing in the past few weeks.
Even major corporations aren’t immune.
The popular Mexican restaurant chain Chipotle’s “Chipotle Together” Zoom meetings were designed to bring over 3,000 Chipotle fans and celebrity guests together -- and to ensure that customers kept the brand’s name in their minds as the world switches from dining in to takeout-only.
After Zoombombers disrupted the meeting with an onslaught of graphic images and offensive videos, Chipotle was forced to abruptly terminate the meeting.
Teachers have also reported numerous incidents of virtual classroom Zoombombing, which potentially exposes minors to explicit images and makes it nearly impossible to restore order in a digital space full of young students.
How To Prevent Zoombombing
Especially if Zoombombers and party crashers are targeting your meetings due to your religion, race, or socio-economic status, you should immediately report it to the FBI’s Internet Crime Complaint Center (IC3.)
You should also file a complaint with Zoom, and include any screenshots or video/audio recordings documenting the abuse.
But being proactive against Zoombombers before they even have a chance to get into your meetings is your best line of defense.
If You’re a Zoom Meeting Host
- Enable users to consent to recording as opposed to telling them they’ll be recorded
- Disable or limit screensharing feature for meeting attendees
- Ensure your meetings are invite-only and password-protected
- Don't disable the default Waiting Room feature allowing you to screen meeting attendees
- Add a cohost to help you manage any interruptions and meeting access
- Disable user option to join a meeting before the host arrives
- Turn off Zoom’s “Allow Removed Participants to Rejoin” feature
- Turn off the File Transfer feature to prevent malware/viruses
- Never host a Zoom event with your Personal Meeting ID, generate a random one instead
- Lock your meeting immediately after it begins to prevent new users from joining
- Disable the annotation feature to prevent trolls from writing hateful messages while using screen share
If You’re a Zoom User
- Use a background photo to keep your home/studio private
- Update your Cookie Preferences at the bottom of any Zoom webpage to “Required Cookies” only
- Don’t publically share Zoom meeting links on your social media page, private message people instead
- Turn off your microphone and camera when someone else is speaking
Additional Issues With Zoom Privacy and Security
Unfortunately, Zoombombing isn’t the only issue currently plaguing the video conferencing tool.
Zoom has also come under fire for its vague Privacy Policy and the loopholes it seems to allow for with regards to the collection and sale of personal data and meeting recordings.
Zoom’s Loose Definition of End-to-End Encryption
Shockingly, recent reports have uncovered that, despite its claims to the contrary, Zoom doesn’t actually end-to-end encrypt audio and video.
Instead, Zoom is only able to provide transport encryption.
Yes, Zoom does offer protection from those who might attempt to hack into your meeting.
However, Zoom itself can still access your meetings’ audio and video at any time.
Concerns Over Zoom Selling and Sharing User Data
One of the biggest Zoom privacy concerns is that the language of the company’s privacy policy makes it difficult for users to understand that Zoom can share “Customer Content” with advertisers. (This is in addition to Zoom itself storing that content for future use.)
“Customer Content” can include things like:
- Video recordings
- Chat messages
- Meeting transcripts
- Files
- Whiteboards
In addition to sharing this data with advertisers, Zoom’s app was sending information on individual app use, user location, and more to Facebook.
Easy for Trolls to Share Private or Embarrassing Moments
When requested, Zoom will automatically send out transcripts and recordings to all meeting attendees and those who missed the meeting -- even the malicious ones.
All it takes is one person with ill intent to share your company’s private documents, brainstorming sessions, and even chat messages about those irritating clients. These trolls could also share that embarrassing moment when you didn’t realize the camera was recording or sensitive information about your personal life with the world.
It’s already happened more times than you might think.
Make sure your host either disables sharing transcripts/recordings with attendees, or that they share screen recordings only with trusted people.
Feeling “Spied On” By Zoom’s Attention Tracking Feature
Zoom’s Attention Tracking feature is another problematic aspect of the video conferencing tool.
While employee attention is important, the feature isn’t able to differentiate between a user who is reading a Buzzfeed article and clearly checked out and a user who is looking at a work-related file or taking their own notes -- and must click out of the Zoom window to do so.
Instead, all Zoom tells hosts is that an attendee has clicked away from the Zoom window for over 30 seconds.
That doesn’t do much for employee morale, nor does it offer accurate information about attendee attention.
How is Zoom Addressing These Privacy Issues?
On March 29, 2020 Zoom’s Chief Legal Officer issued an official statement in response to the security concerns mentioned above.
Zoom now says they do not sell user data, regardless of whether the tool is used for professional or personal communication.
Zoom told users that they only store and record meetings when users specifically request it, and stressed that meeting participants are always informed when a meeting is being recorded. The host of the meeting, not Zoom, decides if they’ll store the meeting’s data in the Zoom cloud or on their own devices. Zoom also claims that they have strong access controls in place to ensure that trolls and other uninvited users can’t get into meetings -- but didn’t go into specifics about what those access controls were.
The new policy states that, while Zoom does collect some user data, what it collects relates only to how a specific user will operate Zoom. This means Zoom collects IP addresses, details about Operating Systems, camera, and microphone, and information about the specific devices you’re using to access Zoom. Your location is tracked only as the city you’re closest to when using Zoom. Data surrounding user preferences and settings is stored to save you time, as is metadata like a meeting’s name, time, date, duration, and the names/email addresses of participants.
Zoom also refuted claims that its using transcripts and recordings (referred to as “Zoom Services” or “Customer Content”) for advertising purposes. However, the company did say that Zoom collects user data from its marketing websites.
Zoom is also in the process of updating its app to limit and improve transparency surrounding the data Zoom shares with Facebook.
Additionally, in response to user complaints, Zoom made both the Waiting Room feature and meeting password protection the default setting for conferences. Check to ensure these settings are always enabled when hosting a meeting.
Should You Stop Using Zoom?
When you combine the fact that Zoombombing seems to be ramping up instead of slowing down with Zoom’s lackluster privacy policy, it’s only natural that you’ll consider switching to another tool like BlueJeans video conferencing or a GoToMeeting plan.
But is it actually necessary?
If you follow the above guidelines to prevent Zoombombing and ensure that you’ve updated your privacy settings, probably not.
With so many having to abruptly make the switch from working in the office to working from home surrounded by pets, children, and countless other distractions, your employees aren’t going to be especially enthusiastic about having to learn how to operate an entirely new tool for video conferences. This is doubly true when they’re already dealing with the impact of COVID-19.
That being said, depending on company compliance requirements and your level of personal comfort, you may want to check out our comparison of Zoom vs Webex to see how it stands up against other video conferencing tools.
Video Conferencing Security Features to Look For
When you’re evaluating team collaboration software and video conferencing tools, you need to ensure that they offer a high level of security and privacy.
Some of the most important video conferencing security features include:
- Password protections to create private meetings
- Robust host and admin control
- Lock meeting entry
- Attendee removals/bans
- Higher privacy default settings
- End-to-end encryption
- Virtual waiting rooms
- Multi-factor authentication
- Randomly generated meeting ID numbers
- Screensharing controls
- Advanced file sharing and transfer options
- Ability to limit/terminate access to meeting recordings/transcripts
Explore Additional Video Conferencing Tools
Whether or not you ultimately decide to stick with Zoom, it’s helpful to learn more about the additional video conferencing software available to you.
At GetVoIP, we’ve put together a comparison of some of the most popular web conferencing tools for you to explore and share with the rest of your team. Read real user reviews, get in-depth information about software features, and learn more about pricing, security, and software compatibility.