Every Zoom Security and Privacy Flaw, So Far, and What You Can Do to Protect Yourself

We’ve used it several times now for home and business without problems.
If the students are disrupting “classroom” education (not a new challenge) - the school needs to take charge.

David

"There are 1,126,501 students in the NYC school system, the largest school district in the United States. Of those students:

13.2 percent of students are English Language Learners
20.2 percent are students with disabilities
72.8 percent are economically disadvantaged"

https://www.schools.nyc.gov/about-us/reports/doe-data-at-a-glance

I couldn’t find a recent record for the number of teachers, but there were about 75,000 around the year 2010. The number is probably higher now. And the number of foreign languages spoken is high. I think it’s safe to assume that with a population this large and varied, students, teachers or administrators are of different levels of technical skills, and that personality and behavioral types are highly varied. MS Teams seems more likely to have better safety and privacy controls that can be managed more quickly and easily.

1 Like

It’s a lot more challenging to do so in virtual environments.

—these categories are probably not mutually exclusive…

1 Like

Many of these problems can be avoided with the appropriate meeting settings. For example, the teacher could set it up so that only he or she can share their screen to keep some random student or jerk from joining the meeting and displaying inappropriate content. The host can also kick a disruptive student out of the room into a waiting room for a virtual time-out.

It’s not just students – it’s outside bad actors, which makes it more problematic and more difficult.

With teams, the creator of a meeting has two settings that can be configured:

  • Who can bypass the lobby? The lobby is a place where people go after connecting and must be approved by the creator before being allowed into the meeting. It can be set to:
    • People in my organization. People whose Office login is part of the same organization as the creator skip the lobby
    • People in my organization and trusted organizations. Your Office administrator can declare other Office organizations as trusted. This setting allows them to skip the lobby
    • Everyone. The lobby isn’t used
  • Who can present? These are the people allowed to share their screen or otherwise present content. It can be set to:
    • Only me. Only the meeting creator can present
    • Specific people. The meeting creator can pick and choose who may present from the invited participants.
    • People in my organization
    • Everyone

I don’t know how schools typically set up their Office365 access, but I would think that it would make sense to have two organizations - one for instructors and one for students. The instructor organization should be trusted by the student organization. Maybe vice-versa as well.

Then, create meetings allowing trusted organizations to bypass the lobby. So students can go straight to the meeting if they use their university account, but will go through the lobby if they use a personal or other account. And set the meeting so only specific people can present.

A big part of the problem is that 72% of children in NYC are economically disadvantaged, and most of these kids are now using DOE loaner tablets and laptops, and the computers are of varying quality.

Again, we’re talking about 1,126,501 students and 75,000 teachers. The mileage will vary.

This isn’t a matter of teachers and students - they use whatever the school’s IT department says they should use, and all of these products are just as easy to use, once properly set up.

The IT department is supposed to be intelligent enough to evaluate options, pick one, set up the servers and send instructions to the teachers and students. If they are also clueless then it’s the blind leading the blind and no solution is going to work.

Thanks for a great article summarizing the issues and what we had to do about each one. I had seen headlines for some of them, but wanted a succinct summary like your wrote. I had an issue with updating my software as you suggested. I clicked on the link zoom.us provided in the article which took me to the web site where I could not find any “Check for updates” anywhere. Then I tried clicking on the software icon, which launches a program named zoom.us. And indeed there is the normal “Check for software” under the application name. Couldn’t you have just said, launch the application on your Mac and then Check for Updates? Or not made zoom.us a hot link to the web page? I am fairly experienced Mac user and this flummoxed me. Again thanks.

Thank you for an excellent and comprehensive review of Zoom. The company seems to be addressing the range of concerns and that is a good thing.

From a usability point of view, it is a relatively easy application for first timers to use and to participate almost immediately in discussions.

Given the impact on our workdays and on the need to self-isolate, then Zoom has been a blessing to help people stay employed (agreed not possible for every employee) and stay in touch with relatives and friends especially for those who are at a higher risk than most.

Technology is at the forefront of working towards a solution and of managing a complex global issue that nobody wanted.

Sorry! This is yet another way that Zoom can be confusing. The actual name of the Mac app is “zoom.us” and I didn’t anticipate that email apps would turn that into a URL. So just look in your Applications folder for zoom.us, open that, and then choose Check for Updates from the zoom.us application menu.

1 Like

About ⅔ of the way through this article I started thinking about the recent revelations that the CIA for decades owned the worlds most sought after encryption company until just two years ago, “Crypto AG” Makes it easy to speculate who really owns Zoom.

The school I work for mandated that we use Microsoft Teams. However, teams only allows you to see 4 individuals at a time (at least the way it is set up here). This might be fine for an information heavy class but is a deal breaker from medium size discussion based classes.

I don’t quite get the new password thing.

I attended a regularly scheduled weekly Zoom meeting and for the first time I was asked to enter a password. I sent a What’s App message to the host and she told me the password.

But how did she know it? As a test, I did an instant Zoom meeting with a friend in NY. Instead of just getting in, I saw her pop up as in the waiting room and I had to admit her.

Why didn’t she need a password though?

The admitting people from the waiting room is easier. But I’m curious about the password too, but didn’t see it anywhere.

doug

The host had access to the settings for the scheduled meeting, including the password.
Your instant meeting probably included the password in the invitation it sent to your friend.

All I sent to my friend, though, was the meeting link.

Don McAllister’s excellent Screencasts Online has a free episode on using Zoom.

Take a close look at that link. Normally at the end will be
“?pwd=[StringOfAlphaNumericCharacters]”

Nope. It’s the same link I gave her to use 2 years ago. I have it stored in my Memos app.