The world has adopted Zoom for video chats with friends and family while we shelter, for good reasons: it’s free or inexpensive, it’s easy to use, and it works very well.
Naturally, there’s been a backlash, because, I don’t know, good things must be punished? So there has been relentless coverage of alleged security problems with Zoom. A New York Times columnist says sternly that Zoom’s alleged security incidents are “a consequence of the company’s deliberate choices to make video calling a breeze.” Damn them! They deliberately made it easy to use! What were they thinking?
Take a deep breath. Something causes a security freak-out every year or so – routers possessed by demons, or the Chinese government stealing our faces, say. The ruckus spills over to the mainstream press, gets overblown for a while, then recedes from view. The Zoom controversies are like that.
Let’s get a little perspective.
Zoom is perfectly safe to use for one-on-one and small group chats with people you know.
Zoom is safe for small groups and small businesses with some simple precautions. More about that below.
Zoom has not been hacked. Zoom employees/the government/China are not spying on your meetings
There are only a few qualifications.
- There are special challenges for meetings that are publicized on public websites and social media.
- Classrooms and meetings with kids are more likely to attract unwelcome attention from strangers and trolls.
- The free/inexpensive versions of Zoom aren’t right for people with extreme needs for confidentiality – journalists or human rights activists, for example. There are locked-down versions of Zoom for government agencies, the finance industry, medical professionals, and large enterprises.
“Precautions”? Let’s go back to that part
Our world was already plagued by trolls before the pandemic. Now the trolls are bored, which makes them even more obnoxious. They’re looking for Zoom meetings that they can disrupt by yelling obscenities or racist comments, or exposing themselves, or playing a porn video. The term “Zoombombing” spread quickly to describe these lovable urchins.
Zoom has an open design that lets anyone join a meeting if they learn the relatively simple code number assigned to the meeting. Trolls are seeking out those meeting numbers because, because . . . wow, it’s hard to finish that sentence. Because they think it’s funny? Because harassing people excites them? Because there is no vaccine against stupidity?
You don’t need to worry about zoombombing if you’re holding a one-on-one meeting or a small meeting with friends and family or co-workers.
But if your meeting is even remotely public, then the most important precaution for Zoom is, don’t share the Zoom link or code on social media. Trolls are developing automated routines to search for Zoom meeting codes on Facebook and Twitter, and distributing codes in seamy Reddit groups. Seriously, what is wrong with people?
Zoom has now set a default that helps prevent Zoombombing. The waiting room keeps anyone from joining a meeting until the host approves them. It’s an easy thing for meetings where everyone is known to you. You can turn the waiting room on and off during a meeting by clicking on Security at the bottom of the Zoom window. The waiting room is less practical for larger groups – online classes and lectures, say – or where anonymity is the point, like Alcoholics Anonymous.
If you schedule a meeting, Zoom now assigns a password by default that is required in addition to the meeting code. To password protect a meeting, you have to hit the Schedule button. You can’t add a password if you just hit the New Meeting button.
Theoretically, you can distribute the password separately for additional security – send the meeting link by email, send the password by text, say. As a practical matter, though, people attending the meeting need both the link and the password, so if someone posts the link on Facebook, it’s not hard to include the password. The password does prevent people from joining a meeting by using brute force to guess the code, which, sigh, some people try to do.
You may also want to use the Security settings during a meeting to turn off screen sharing for anyone but the host. That’s how trolls have been showing porn during meetings.
Students are special
Bored kids at home attending online classes. What could go wrong?
Zoom raids on classrooms can be requested by pranksters in a class who post the Zoom link and password online and let others do the disruption.
Sample chat sessions from PC Magazine:
“Can anybody troll my science class at 9 15,” wrote one user in the chat on Monday, which was accompanied by several other requests on the same day.
“I have a class in 30 minutes that I’ll send a link for.”
“My friend’s gonna give me the code to her hs pre calc class tomorrow morning.”
“So like who trying to raid my AP Bio Zoom meeting 11:30 tomorrow? West Coast.”
What a world.
This isn’t panicky enough. What about Facebook? The Chinese? Encryption?
The Zoom iPhone app sent data to Facebook!
(Zoom included a convenient way to use Facebook credentials to log in to Zoom. Facebook’s inexhaustible thirst for data meant that some info was sent to Facebook – not the meetings, just login details, but still overreaching. Zoom has now turned that off.)
Zoom sent data to China!
(For a short time, to deal with its explosive growth, Zoom routed some data through two servers in China. Zoom has stopped doing that.)
Zoom doesn’t use end-to-end encryption!
(Right. It said it did for a while, but the tech community made it clear that the company was playing fast and loose with a phrase that has a well-understood meaning. Zoom took it back and apologized. Meetings are encrypted as they leave your computer or phone; decrypted on Zoom servers; then encrypted again to send to other meeting participants. Zoom wouldn’t work if it did true end-to-end encryption.)
And on and on the headlines go.
But the US Senate told members not to use Zoom!
The Senate sergeant at arms warned all senators against using Zoom because of security concerns.
I can’t argue with that, so if you’re a US senator and you’re going to discuss classified secrets, don’t use Zoom. Good advice!
What’s that? You’re not a US senator? Well, that advice doesn’t really apply to you, does it? Kind of makes sense to have different security concerns for Elizabeth Warren than for your conversation with the kids.
When you read alarming stories about the US Senate or Google or NASA opting not to use Zoom, bear in mind that they have high bars for security for good reasons. I hold your meetings in high regard but let’s be honest, you’re probably not using them to do rocket science.
If Apple had opened up Facetime so it could be used on laptops and Android phones, we’d probably be using Facetime to stay in touch. But Apple keeps Facetime locked up, allowing Zoom to become our de facto means of staying in touch with each other.
Use Zoom! Be careful but don’t be afraid. Which also happens to be good advice for how to approach life these days. Stay well!
Thanks, Bruce. As usual, timely and informative. It’s so great to be able to count on your level-headed writing. 🙂