Good News: Zoom Improves Default Privacy Settings to Prevent Zoombombing
What’s happening: Last week, the FBI issued a warning that individuals were taking advantage of lax security on the video teleconferencing platform Zoom to disrupt virtual meetings (which is illegal in many cases). To mitigate the threat, Zoom has changed its default privacy settings so that all meetings require a password and added a virtual waiting room, where the meeting host can approve attendees prior to joining the meeting.
Zoom will soon turn on passwords and waiting rooms for meetings by default for users on its free tier and those with a single license on its cheapest paid tier in an effort to help prevent “Zoombombing,” or the recent trend of people disrupting Zoom meetings uninvited and sharing shocking or even pornographic content. The new defaults will add real friction to the process of joining a meeting — a process that Zoom had previously made as frictionless as possible to help spur its growth. The changes will take effect starting April 5th.
Zoom passwords were already turned on by default for new meetings, instant meetings, and meetings you joined with a meeting ID — what’s new starting April 5th is that they’ll be turned on for previously scheduled Zoom meetings as well. And once you’ve joined a meeting, you’ll have to wait for the host to let you in from the new virtual waiting room. The host of the meeting can choose to let people in individually from the waiting room or all at once.
You can see the new changes in this video from Zoom:
“We’re always striving to deliver our users a secure virtual meeting environment,” Zoom said in a statement to The Verge. “Effective April 5, we are enabling passwords and virtual waiting rooms by default for our Free Basic and Single Pro users. We strongly encourage all users to implement passwords for all of their meetings.”
Zoom usage has skyrocketed during the COVID-19 pandemic as people have turned to the free video conferencing service to stay in contact with friends, family, colleagues, and even their yoga teachers. But that increased usage has also made the platform a target for hacks, pranks, and harassment, often through Zoombombing. The issue has become serious enough that federal prosecutors are now warning there could be serious legal implications for Zoombombing perpetrators.
The service’s new default protections may also address other security issues with the platform. Yesterday, it came to light that some security researchers had developed an automated tool that is able to identify 100 non-password-protected Zoom meeting IDs in an hour and scrape information about those meetings — perhaps Zoom’s new passwords-by-default policy could prevent similar scanning tools from finding meeting IDs and private information in the future.
Yesterday, Zoom announced a 90-day freeze on releasing new features so it can focus on fixing privacy and security issues with the platform.