Originally published April 3, 2020, Updated January 26, 2021
On April 8, 2020 Zoom announced an update that includes a new security button in the host toolbar making three of the recommendations below easier to implement. You’ll need to have the latest version of the Zoom client in order to use the new toolbar. We’ve made a few updates below to reflect the news.
10 months into the global pandemic, many of us have become very familiar with Zoom, but whether you join dozens of Zoom meetings a week, or only the occasional Zoom party with friends, we could all benefit from checking up on our Zoom privacy and security settings.
Last year as millions of people started working, socializing and exercising on a platform originally intended as an enterprise tool. As a result lots of questions about Zoom’s privacy and security surfaced. Researchers discovered a few privacy issues and deficiencies, but Zoom was responsive and worked to quickly address them.
While some privacy concerns relate to platform vulnerabilities, others are related to host and participant settings, so here are steps you can take – both as a host and a participant – to help protect your own privacy as well as that of others.
Tips for hosting a Zoom gathering:
Use your account with the latest version of Zoom
Sign-in and update to the latest version of the Zoom client or app. This will give you access to the meetings that are available to invited participants and ensure that your system has up-to-date security patches. You can also use a browser version of Zoom, but it does not include all the current features so some of these tips may not work.
Use password protection
You can make your meetings password protected to prevent people from guessing your room ID and joining. Free Basic and single licensed Pro accounts now have password protection on by default. Education accounts enrolled in Zoom’s K-12 program cannot turn off password protection.
- Note if you’re using a free, basic account, Zoom requires you to choose one of the following security options: a passcode, Waiting Room, or “Only authenticated users can join meetings”. If no security option is enabled, Zoom will secure all meetings with Waiting Room.
Control when a participant is able to join the meeting
Use the Waiting Room feature to decide who is allowed into your room, and when. For free Basic accounts, single licensed Pro accounts and K-12 education accounts, a waiting room is enabled by default. Now you can also choose to set up a waiting room after the meeting has begun – just access the setting under the Security icon on the host toolbar.
Keep your Personal Meeting ID private
Don’t use your Personal Meeting ID – especially for events you’re broadly publicizing. That will stop people from trying to enter your personal room at other times. Instead, generate a unique meeting ID by scheduling the meeting. Here’s how:
“Lock out” uninvited participants
Don’t share Zoom meeting invites or Meeting IDs on Social Media or with anyone you don’t want to join. For added security use the “Lock Meeting” feature under the participants pop-up-box so no one else can join once you have the participants you expect. Now, you can also lock the meeting from the security button in the host toolbar, too. Although if someone has to drop for some reason – or if their internet cuts out – they won’t be able to re-join until the lock is removed.
As a host, during live meetings, become familiar with the “Zoom security” button. The following features are available to you for an added layer of live-meeting security:
Utilize the “mute all” feature
Using the “manage participants” function, you can mute all participants. You should not unmute them again without telling them that’s what you’re doing.
Stop malicious content from being shared
You can stop participants from sharing their screen, or if necessary, stop their video. This is helpful if you’re inviting lots of people you don’t necessarily know so that someone can’t harass you and your participants – a practice now known as “zoombombing.” Control screen share permissions from either the security button or the “share screen” icon in the host toolbar.
You should know that once a video is “stopped,” a host does not have the ability to restart the video – that is, a host can revoke permission for a participant to share video, but cannot start video for another person – they can simply send a prompt requesting them to use video.
In a similar vein, you can turn off “annotation,” which allows participants to draw on shared screens.
Consider if you should allow participants to rename themselves during the call.
Respect chat privacy
Decide ahead of time if you will save the chat or record the video of the meeting and make sure all participants have agreed and know how you plan to use that information. Recording and saving chats may have legal implications so make sure you’ve checked into that before enabling these options. You can find the settings about chat in the “in meeting” section of your Zoom settings on the web-portal.
You can also use the Waiting Room feature to decide who is allowed into your room, and when.
Depending on the type of meeting you’re hosting, and how many participants there are, you may want to enable the option to mute all participants upon entering.
In the fall of 2020, Zoom released a technical preview of end-to-end encryption. You can now turn on end-to-end encryption in your account settings. Be aware that using end-to-end encryption will automatically disable several features (e.g. cloud recording, phone/SIP/H.323 dial-in). Note that in order to enable end-to-end encryption in a free account, you will need to provide and verify a phone number.
Tips for participating in a Zoom gathering:
Keep video and microphone off by default when joining a meeting
To avoid being caught unaware, or accidentally allowing other participants to overhear a family member who might be talking when you first join a Zoom meeting, turn off the camera and microphone by default. Go to settings and select video then check “Turn off my video when joining a meeting.” Do the same under audio for “Mute microphone when joining a meeting.” That way you can unmute your video and microphone when you’re ready to participate in the meeting.
Stay muted when you’re not speaking
You can choose when to turn on your video, depending on the culture of the call, and stay muted when not speaking (pro-tip: you can hit the space-bar to temporarily unmute!) Note that if you mute yourself, the host can send a request for you to unmute, but cannot unmute you without your permission (a pro-privacy change Zoom made in 2020!)
Protect the privacy of your home
Try to position yourself so that there’s a blank wall behind you during Zoom calls. If that’s not feasible, you can set up a virtual background to keep your home space private. As Consumer Reports points out, screenshots or recordings from Zoom chats could exist long past your meeting, and there could be numerous reasons you wouldn’t want that glimpse into your home to live on in perpetuity. While this option may not be available on all systems, if it is, you should see three standard Zoom backgrounds. Click here for a Firefox-themed option you can use. You can also find lots of options around the web, including on Canva, where you can add your own flair.
Be careful of what you type in chat
You should know that Zoom chats can be automatically saved and stored, or manually saved by your host. This could potentially include direct chats to another individual on the call. Separately, chats can also be saved along with a Zoom recording and could be visible to many if that recording is shared.
We encourage you to get informed about Zoom’s security and privacy features and read more about what we are doing to advocate for even stronger controls here — especially if you’re an account administrator or can turn off certain functions for an enterprise Zoom subscription.
Here at Mozilla we work to hold companies to account, to make privacy the default, and to ensure strong security standards. Stay tuned for more updates on how to maximize privacy and security when video conferencing.