With much of the world's workforce suddenly working remotely in response to the COVID-19 pandemic, the video chat app Zoom quickly rose to great popularity. Chances are that you've used it at least once, but is it safe?
Let's take a look at the privacy and security issues Zoom has had, how to secure your chats, and some alternatives if you don't feel comfortable using it.
What Is Zoom?
Zoom is a video conferencing tool, similar to Skype, GoToMeeting, and other services. While the app has been around since 2011, it rose to extreme popularity in March 2020 thanks to the coronavirus situation.
If you've used other video chat apps, Zoom's functionality will be familiar. After installing the software on your computer, you enter a meeting ID to join a room and connect with others. Once you're connected, the software shows all other participants and lets you communicate.
Zoom's ubiquity means that you've probably been asked to use it at some point. Every kind of company, from businesses to schools to churches and many more, has started using Zoom to stay in touch during the pandemic.
However, Zoom has had several security and privacy issues that might make you want to look elsewhere when video calling.
Zoom's Privacy and Security Concerns
As Zoom rose to prominence, security researchers discovered several concerning aspects of the software.
One of the biggest is that Zoom claims it uses "end-to-end" encryption, but this isn't fully true. While the initial connection to the Zoom server is encrypted, the call itself is not. This means that all communication over Zoom is open to interception from Zoom itself.
In early April 2020, Zoom admitted that some calls were being "mistakenly" routed through China. This was a side effect of Zoom attempting to balance the load of increased use by offloading some traffic to servers in different locations when all of the nearby ones were busy.
Of course, storing call data on Chinese servers means that data is subject to Chinese privacy laws. Chinese authorities could therefore make Zoom turn over the keys to anything used on servers in their country.
Zoom has had several other missteps, including disclosing personal user data to Facebook, using an abusive workaround to install its app on Mac systems, and leaking user email addresses. It's not a stretch to say that Zoom has had some major issues that might make you question using it.
Unfortunately, you can't do much about this unless you're the one organizing Zoom calls and decide to stop using the service. If you do have to use Zoom, let's next look at a few ways to secure those calls, which is a separate issue.
How to Secure Zoom Calls
One of the most notable issues with Zoom calls is the problem of "Zoombombing." This occurs when an uninvited person joins a call and disrupts the meeting, which may include them broadcasting explicit material.
Prior to April 5, the default settings in Zoom didn't provide much protection against these kinds of attacks. The company has thankfully updated them, but it's still a good idea to review these options on your account.
Don't Share Your Zoom Meeting ID
Every Zoom call has a meeting ID, which allows anyone to join the meeting. Many people have shared screenshots of their Zoom calls on social media containing these IDs, which gives a way for unwanted company to jump into the call.
As an important step in keeping your meetings private, don't share the ID with anyone unless they're an approved participant.
Set a Meeting Password
In case someone does get ahold of your meeting ID, you can keep them out by requiring a password to join. Go to your Zoom profile on the web, sign in, and click Settings on the left sidebar to access this and other settings.
On the Meeting tab, it's smart to enable Require a password when scheduling new meetings and Require a password for instant meetings if they aren't already.
Don't Use Your Personal Meeting ID for Meetings
Zoom assigns each user a Personal Meeting ID (PMI) that you can use to instantly start a new meeting. While this is convenient, it's more secure to use a random meeting ID each time. That way, if an attacker learns the meeting ID, it won't let them try to connect in the future.
In Zoom's settings, on the same page as mentioned above, disable Use Personal Meeting ID when scheduling a meeting and Use Personal Meeting ID (PMI) when starting an instant meeting to set a random ID for these meetings instead.
Use the Waiting Room
The final important Zoom option is Waiting room, which is also available on the Settings page. With this enabled, the host must manually admit new participants into the meeting before they can join.
With all these options in place, the chance of a malicious individual getting into your call is very low. They'd have to find your meeting ID and enter the password before you even had to review their entry into the meeting.
Try a Zoom Alternative
While Zoom is easy to use and has a generous free plan, it's far from the only option in this sphere. If you can help it, it's wise to avoid Zoom and try another video calling app with better security.
Thankfully, you have many options for this. For personal calls, Google Duo offers free group calls on Android, iOS, and the web. Skype or Skype for Business have both been around for some time and offer better encryption than Skype.
We also like Jitsi Meet as an alternative to Zoom. It offers incredibly simple meetings in your browser, with only a meeting ID required. The service is fully encrypted, open source, and available free of charge. It works for everything from catching up with family to business calls.
Be Careful With Zoom
As we've seen, while Zoom is the popular video chatting app of the time, it's far from perfect. The company has responded to a lot of the security and privacy backlashes, but many of these issues shouldn't have been present in the first place.
If someone asks you to join a Zoom call, it's not the end of the world. But if you can avoid it, we recommend using another service that isn't plagued with these problems.
Using Zoom because you're working remotely? Take a look at our full guide to working from home.