UPDATE 4/10: We have edited this post to add details about Zoom’s new security features and defaults.
Whether you are on Zoom because your employer or school requires it or you just downloaded it to stay in touch with friends and family, people have rushed to the video chat platform in the wake of COVID-19 stay-at-home orders—and journalists, researchers, and regulators have noticed its many security and privacy problems. Zoom has responded with a surprisingly good plan for next steps, but talk is cheap. Zoom will have to follow through on its security and privacy promises if it wants to regain users’ trust.
In the meantime, take these steps to harden your Zoom privacy settings and protect your meetings from “Zoombombing” trolls. The settings below are all separate, which means you don’t need to change them all, and you don’t need to change them in any particular order. Consider which settings make sense for you and the groups you communicate with, and do your best to make sure meeting organizers and participants are on the same page about settings and shared expectations.
Privacy Settings
Make Sure Chat Auto-Saving Is Off
In your Zoom account settings under In Meeting (Basic), make sure Auto saving chats is toggled off to the left.
Make Sure “Attention Tracking” Is Off
In your Zoom account settings under In Meeting (Advanced), make sure Attention tracking is toggled off to the left.
Use a Virtual Background
The space you’re in during a call can expose a lot of information about where you live, your habits, and your hobbies. If you’re uncomfortable having your living space in the background of your calls, set a virtual background. From the zoom.us menu in the top right corner of your screen while using Zoom, navigate to Preferences and then Virtual backgrounds.
Best Practices for Avoiding Trolls
With Zoom now more widely used than ever, the mechanics of its public meeting IDs have allowed bad actors to invade people’s meetings with harassment, slurs, and disturbing images. When you host a meeting, consider taking the steps below to protect yourself and your participants from this “Zoombombing.”
Bad actors can find your meeting in one of two ways: they can cycle through random meeting IDs until they find an active one, or they can take advantage of meeting links and invites that have been posted in public places, like Facebook groups, Twitter, or personal websites. So, protecting yourself boils down to controlling who can enter your meeting, and keeping your meeting IDs private.
Keep the Meeting ID Private
Whenever possible, do not post the link to your meeting or the meeting ID publicly. Send it directly to trusted people and groups instead.
Set a Meeting Password, and Carefully Inspect the Meeting Link
After Zoom's most recent update, meeting passwords are now on by default for free Basic and single licensed Pro accounts, as well as education accounts.
BEWARE, however, that Zoom passwords can behave in unexpected ways. If you use the “Copy Invitation” functionality to copy the meeting link and send it to your participants, that link might include your meeting password. Look out for an unusually long URL with a question mark in it, which indicates it includes your meeting password.
If you plan to send the meeting link directly to trusted participants, having the password included in the link will be no problem. But if you want to post the meeting link in a Facebook group, on Twitter, or in another public space, then it means the password itself will also be public. If you need to publicize your event online, consider posting only the meeting ID, and then separately sending the password to vetted participants shortly before the meeting begins.
To find the password settings, go to your Zoom account settings under Schedule Meeting. Make sure Require a password when scheduling new meetings is toggled on to the right. You’ll find additional password options in this area of the settings as well.
You can also set a password when scheduling a meeting from the Zoom desktop app by checking the “Require meeting pass” checkbox.
Lock Down Screen Sharing
In your Zoom account settings under In Meeting (Basic), set Screen sharing to Host Only. That means that, when you are hosting a meeting, only you and no other meeting participants will be able to share their screen.
Depending on the calls you plan to host, you can also turn screen sharing off entirely by toggling it off to the left.
Use Waiting Rooms to Approve Participants
After Zoom's most recent update, waiting rooms are now enabled by default for free Basic and single licensed Pro accounts, as well as education accounts. A waiting room allows hosts to screen new participants before letting them join, which can help prevent disruptions or unexpected participants.
To find this setting, go to your Zoom account settings under In Meeting (Advanced). Make sure Waiting room is toggled on to the right.
Lock the Meeting
When you are actively in a meeting and all your expected participants have arrived, you can "lock" the meeting to prevent anyone else from joining. Click Participants at the bottom of the Zoom window, and select Lock Meeting.
Use the Security Icon Options
Another way to access many of the settings described above is to use the Security icon that appears at the bottom of the screen when you are hosting a Zoom call. This button quickly takes you to settings like locking the meeting, enabling a waiting room, and restricting call participants’ ability to share their screens. Zoom’s announcement describes this feature in more detail.