By Mark Cox
Remember when the word “zoom” simply meant to move or travel quickly?
Just six weeks ago, few were regularly using Zoom, the new(ish) video-conferencing app that allows scores of people to join virtual meetings.
But then, coronavirus happened. And suddenly, millions of housebound Americans needed a user-friendly video app to do almost everything – work meetings, family calls, group dinners, movie parties, even virtual happy hours. In the space of a few months, the app jumped from 10 million to over 200 million users. It even became a verb.
The secret to Zoom’s success is no mystery. Sure, it boasts some cool features, and the call quality is reliable. But more than anything, it is incredibly easy to use: Just a single click, and you’re in. And yet, as many consumers have discovered with IoT devices, convenience often comes at the cost of security.
From its launch, though, the company has been plagued by privacy snafus. It mishandled user data, oversold its encryption capability and was branded a privacy disaster over its lax security features. Smelling blood in the water, trolls and hackers started to converge and quickly kicked off the internet’s latest ugly craze: “Zoombombing.”
In recent weeks, thousands of Zoom video-conference calls have been disrupted in startling fashion. Trolls have taunted numerous virtual AA meetings. They spewed hate speech at a Passover meeting with 150 Jewish university students. One student was even confronted with obscene imagery and racial slurs in the middle of defending his doctoral dissertation.
“Zoom deliberately chose to focus on ease of user experience over security, and now that decision has bitten them back,” said Steve Beaty, professor of Mathematical and Computer Sciences at Metropolitan State University of Denver.
But as the company races to fix its numerous issues, Beaty stresses that users are not exactly powerless: “There’s still a lot you can do to ensure your own security.” Here’s Beaty’s Zoom user guide to keep your private video sessions safe and secure.
BEATY: When creating a meeting, Zoom gives you the option of either using your Personal Meeting ID or a Random Meeting ID – always choose the latter. But even then, stay vigilant. There are hacking programs out there that can guess around 100 supposedly secure names an hour. (The reason for this: Zoom’s randomized meeting IDs aren’t quite as random as they appear.)
BEATY: Zoom automatically offers to set up a password for each meeting, and it’s a good idea to use that function. It means everyone has to be personally authenticated by the host before joining a call, so even if budding Zoombombers have somehow gotten your meeting link, they won’t be able to crash the party.
BEATY: This handy security feature does exactly what it says on the tin. Everyone wanting to join a meeting is placed in a virtual waiting room so the host can check the bona fides of each person before letting them in. Even so, resourceful hackers can sometimes get legitimate-sounding usernames. But if you’re in doubt about someone, simply ask that they turn their camera on – that should get any troll scurrying back to the shadows.
RELATED: When going viral goes wrong
BEATY: At the end of March, British Prime Minister Boris Johnson tweeted a picture of a Zoom Cabinet meeting that included the meeting’s ID number and the usernames of several government ministers. Basically, he was inviting the world to join them. Don’t post your Zoom screenshots – and remember that sharing meeting links directly on social media is just asking for trouble.
BEATY: Hosting a meeting gives you significant leverage if you know how to use it. First, ensure that the “Join before Host” setting is switched off. (Otherwise, there could be a lurking troll already waiting in the meeting for you.) And then set the screen-sharing privileges to “Host Only.” That means you can manually hand over control to others, but you ultimately hold the reins. All those Zoombombers hijacking meetings with offensive content? That’s only because the screen-sharing privileges were set to “all.”
BEATY: Always make sure you’re using the latest version of the app. Zoom has been very proactive in fixing its many bugs, so the newest version will be materially better than any previous one. The company is undertaking a “feature freeze” over the next six months to focus purely on fixing its security flaws – so I give them kudos for that. They are eating crow and addressing things. And it’s not as if the Microsoft, Google Play and Apple stores haven’t had their own problems.
BEATY: The overwhelming majority of Zoom’s features are unnecessary for most standard meetings, but they will leave you vulnerable on every flank. There’s a truism that tech-heads regularly quote: “In cybersecurity, every feature comes with a risk,” and that’s certainly the case here. Arrange your default settings so the security is ramped up, then disable those features (such as Annotation Tools and File Transfers, for example) that you’ll probably not use anyway. Presto – you’re already safer.
BEATY: The Zoom app was originally designed purely as a niche communications tool for businesses users, and the company has clearly been blindsided by its success. But all new products have bugs and errors – it’s just that Zoom’s meteoric rise in popularity meant they had no time to make mistakes slowly. As their website says, “We did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying and socializing from home.” So I do have some sympathy for them. But now is the critical time – and they absolutely have to get it right.
©Copyright 2019 by Metropolitan State University of Denver. All rights reserved.
MSU Denver Office of Marketing and Communications