Zoom Settings and Security

I know a good number of folks have moved over to Zoom as an option. I did because of the ease of use, recording functions, and stability. And of course with all the new migrations over to it, a lot has been revealed about privacy/security issues with the app. They’ve dropped other features for the next three months to work on those things which is a good thing (since I’ve already invested in it). Here are some best practices for using it right now:

From an article on this:

"Here are some tips from the FBI, Zoom and other experts to prevent Zoombombing:
Keep meetings and classrooms private. Do this by requiring a meeting password. Additionally, the “Waiting Room” feature, which is turned on by default, can help hosts control who enters.
Do not share invites to Zoom meetings on social media. Instead, send the meeting password directly to attendees.
Use a random meeting ID, so it can’t be shared multiple times. According to Zoom’s website, this is safer than using a “Personal Meeting ID.”
Change screensharing settings to “Only Host,” so no one but the host can control the screen. The host can also mute participants in their settings.
Lock a Zoom session that has already begun so no one else can join. Do this by clicking “Participants” in the bottom of a Zoom window, then clicking “Lock Meeting.”
Remove participants by hovering over their name in the Participants menu, and clicking the “Remove” option. The removed participant will not be allowed back in, according to Zoom’s website.
The FBI advises users to make sure they have the most updated version of Zoom’s software. A recent security update added default passwords and disabled the ability to scan for meetings to join.”

If you keep chat logs for the Zoom session, then any private messages between participants show up there. I’d been keeping logs for reference, but I’m going to turn that function off.

Here’s an article from the EFF about how to harden your Zoom settings:


Nice tips. We are now moving onto jitsi, and we are liking it a lot.


Thank you for sharing this, @edige23! It was helpful not just for gaming but so many other situations in this “new normal” of working from home and self isolating. Stay safe and healthy!

Well …

Talking about security without building threat model is a little bit naive. Who’s the adversary for the online gaming use case? Does it matter that sometimes one time keys are generated on servers in China? China is not Borg, the adversary would have to be able to get access to the company resources or gain unauthorized access to these servers.

If nation state is an adversary in your threat then the fact that remaining keys are generated in the United States doesn’t protect anyone from NSL subpoenas and keys are no more safe than they would be in China.

Zoom’s response to these revelations seems to indicate incompetence, not malice. They are willing to work with the broader security community to improve their product.

1 Like

If you’re the host and want to keep a record of the chat log at the end of the session: Before you end the meeting, just click into the Chat window, “Select All”, “Copy”, click into a word processor or text editor (such as a Google Doc) and then select “Paste.” Save file.