Zoom, a videoconferencing service created for webinars and corporate meetings, has grown increasingly in the midst of the coronavirus epidemic.

With the number of daily users exploding from 10 million to 200 million from December to March, it became a forum for almost all types of social functions, including happy hours, yoga sessions, school classes, funeral services as well as Passover, Easter and (soon ) of Ramadan.

But hardly many had tried Zoom for the first time when they began to hear reasons why they might want to stay away.

a

The trolls have planted meetings, broadcast pornographic or racist insults on the screens. Security researchers released report after report on recently discovered vulnerabilities, including leaked emails and bugs that could have allowed hackers to access the webcams.

Google last week warned employees not to use the Zoom desktop application on their work computers “due to privacy and security breaches.” SpaceX, the US Senate and the New York School District have adopted similar restrictions.

If you are one of the tens of millions of people who have become regular Zoom users in recent weeks, you may be wondering what it means to you. Here is an introduction to some of the notable privacy and security breaches and how to protect your calls and data.

Does Zoom send my data to Facebook?

A Vice investigation showed that the Zoom app for iPhones sent data on users’ devices to Facebook, including users who did not have a Facebook account. The company was struck by two class actions in federal court by California residents who allege that Zoom violated the state’s new consumer protection law by disclosing information to Facebook without sufficiently warning or denying consumers.

Eric Yuan, CEO of Zoom, said in a blog post March 27 that the company has removed the code that sent the user data to Facebook in an updated version of the iOS app. The company has updated its privacy policy March 29 after a wave of concern from users.

“I think Zoom was not entirely honest,” said Bill Budington, senior technologist at the Electronic Frontier Foundation. “I think they’re going through a lot of growing pains.”

How else could my information have been compromised?

Zoom’s vulnerability reports predate the coronavirus crisis. Last July, a security researcher Jonathan Leitschuh revealed a flaw that allowed hackers to take control of Mac webcams via the app. The company solved the problem after a public interest research center filed a complaint with the Federal Trade Commission.

Thousands of personal Zoom videos have been left visible on the open web, including individual therapy sessions, telehealth calls, and classes in elementary schools, reports the Washington Post. People’s names, phone numbers and intimate conversations were revealed and the faces and voices of the children were exposed.

Experts say the company now appears to be making more serious efforts to quickly identify and correct vulnerabilities. He formed an advisory board of security officials from other companies and hired Alex Stamos, the former Facebook security officer, as an advisor. “This represents a lot of money for the problem in order to improve security. This is not negligible, “said Leitschuh, who discovered the vulnerability of the Mac camera last year.

Are Zoom calls encrypted, and does it matter?

Zoom has attempted to reassure users about privacy by claiming that its communications are protected by end-to-end encryption, which in fact makes it impossible for anyone, including the company itself, to spy on them. Recently, however, the interception revealed Zoom uses another type of encryption, called transport encryption, which allows the company to decode the content of calls.

This means the company could hypothetically be pressured by government officials to release communications, said Bill Marczak, fellow at the Citizen Lab and postdoctoral researcher at UC Berkeley.

However, this does not make these calls particularly vulnerable. Telephone calls and Skype calls on default settings, for example, are not end-to-end encrypted either, and the average person is unlikely to need this type of security. But journalists or dissidents under oppressive regimes, government officials discussing classified information, or large corporations wishing to keep their business strategies confidential might want to use a more secure platform, said Budington.

What information does Zoom give to my boss or my colleagues?

If you’ve been part of a boring long webinar, you might think there would be no harm in checking your email or Facebook feed to pass the time. Many were alarmed by the revelation of a “Attention tracking” function which allowed the meeting host to see when participants have clicked outside the Active Zoom window for more than 30 seconds. The company announced that it has removed the functionality in an April 2 blog post.

This is not the only way for hosts to collect information about participants. They can also record audio and video of meetings and record a recording of group discussions. Some Zoom users have been surprised to learn that if they use a tool that allows them to chat log from a call on their local devices – which many use as a means of documenting meeting minutes – this recording will include the private conversations they have sent in addition to the messages sent by the group.

What is “Zoombombing”?

Because Zoom is so easy to use, it has also been easy for people to use the app to wreak havoc or chaos. “Zoombombing” is when uninvited participants interrupt or derail a meeting. Sometimes it’s harmless trolling, but often it reaches the level of harassment.

Like USC and local school districts transition to online meetings , they reported zooming in on Zoombomb with racist taunts and pornographic images. Berkeley High School students were in the middle of a video conference on Tuesday when a man joined the Zoom meeting, exposed himself and shouted obscenities, Mercury News reported .

The New York Times found dozens of accounts on Instagram and Reddit and 4Chan discussion forums where users have coordinated to share meeting passwords and derail Zoom meetings.

The default setting of Zoom allowed anyone to join video calls if they had the meeting ID, which is a number between 9 and 11 long digits. These meeting IDs are easy to guess – with an automated tool ( called “war composition” ), you could access thousands of meetings in one day, just by making a lot of assumptions.

What steps can I take to make Zoom safer to use?

Pay attention to how you share meeting IDs. Do not publish them publicly.

Generate a new ID for each meeting you launch using the options panel, instead of using your personal meeting ID. This way, if someone obtains your personal ID, future meetings will not be disrupted by Zoombombers.

You can toggle the settings to ensure that meeting attendees need a password to access the meeting, which will further protect against disruption.

Activate Zoom’s “Waiting Room” feature, which allows meeting hosts to keep potential participants in a digital queue until they approve them to join the session. From April 4 , Zoom activated the “Waiting room” function by default, requiring additional password settings for free users. Zoom to a guide on the waiting room function on its website.

You can turn off a multitude of features that could be misused, if necessary, including private chats, file transfers, and custom backgrounds. The annotation feature, for example, could allow trolls to draw offensive shapes. You can also switch “Allow deleted participants to re-register” option. Zoom has a guide for hosting orders on its website.

Keep your desktop app up to date, so that the fixes that Zoom brings to security vulnerabilities are fixed on your device.

If you want to be extremely careful, use Zoom only on a mobile device, like an iPad or Android phone, as these versions are reviewed in app stores.

What are the alternative platforms?

Signal and WhatsApp communications are end-to-end encrypted. WhatsApp allows encrypted calls with up to four people. This is an appropriate option for very sensitive conversations.

There are also other video chat services, such as Skype, Google Hangouts, Cisco Webex, and FaceTime on Apple devices. Microsoft also offers powerful web, audio, and video conferencing tools through sound Microsoft Teams platform.

The essential

The reality is that you cannot see your friends, classmates and maybe your colleagues right now. You can’t eat in restaurants and you certainly can’t go to bars. Zoom is one of the platforms that people have ubiquitously embraced to replace these face-to-face interactions amid the coronavirus epidemic. And it works relatively well.

Users say it’s OK to use Zoom. Just think about how you use it and follow some precautions.