Thinking of using Zoom? Please read this message from IST, first

Monday, April 6, 2020

In response to the COVID-19 pandemic, most University employees are now working from home. Finding the most suitable service(s) to replace our in-person meetings, presentations or lectures is integral to continued collaboration and productivity, and the University has several licensed technologies to support this work.

Individuals may prefer to use a solution not currently licensed or supported by the University, including Zoom (a video communications tool). You may be aware of the increased scrutiny Zoom has received over the last few weeks, highlighting several issues related to privacy and security. This has included reports of racist Zoom-bombing during a dissertation and a 3rd party security/privacy review of Zoom identifying shortcomings. If you are choosing to use Zoom, please carefully consider the following:

  1. The software itself has had several security vulnerabilities, some revealed last year and some more recently. Every piece of software has security vulnerabilities and Zoom has proven to be no different. It is important to keep all software (including Zoom) patched and up to date.
  2. There have been media reports of the company sharing certain data they collect from meeting participants with third parties. Some of these issues have already been fixed, and others are in the process of being fixed. The company has released a statement saying that they have never sold such information.
  3. Users of the software may be susceptible to having their meetings interrupted by individuals or groups with malicious intent. Advice on preventing this interruption (dubbed “Zoom-bombing”) is below and should be considered and applied to any other online presentation software.
  4. Zoom does not make use of end-to-end encryption. That is to say, while communications between various clients and Zoom are encrypted, those communications are potentially visible to Zoom employees. While this is true of many platforms, it underlines the importance of the service's privacy policies and practices. 
     

The Keep Learning and Staying connected while working remotely sites provide advice on our recommended tools for use in teaching, thesis defences, and meetings. If strict confidentiality is a primary concern for conversations, please contact IST for additional advice.

Prevent Zoom-Bombing

Advice on avoiding unpleasant intrusions includes:

  1. For each public meeting, use a unique ID - do not use your PMI (Personal Meeting ID).
  2. Do not share Zoom links publicly.
  3. If possible, require a meeting password.
  4. It is possible to create a waiting room, where people who want to enter the meeting must wait until the presenter admits them.
  5. Do not allow anyone other than the host(s) to share their screen.
  6. Once your meeting has started, if you can tell when everyone who needs to join the meeting has joined, lock the meeting.
  7. Force mute participants once they have joined the meeting. It is also possible to disable participant cameras, if required.
  8. Consider restricting the chat to prevent use of animated GIFs and similar files by disabling file transfers.
     

Note that only paid accounts can create invite-only meetings.
 

References

Questions or concerns? Please contact the IST Service Desk, helpdesk@uwaterloo.ca or ext. 44357.

  1. 2020 (59)
    1. May (8)
    2. April (11)
    3. March (13)
    4. February (10)
    5. January (17)
  2. 2019 (124)
    1. December (17)
    2. November (12)
    3. October (11)
    4. September (8)
    5. August (12)
    6. July (9)
    7. June (9)
    8. May (13)
    9. April (8)
    10. March (8)
    11. February (7)
    12. January (10)
  3. 2018 (112)
    1. December (6)
    2. November (7)
    3. October (8)
    4. September (10)
    5. August (9)
    6. July (11)
    7. June (11)
    8. May (12)
    9. April (9)
    10. March (8)
    11. February (5)
    12. January (16)
  4. 2017 (113)
  5. 2016 (135)
  6. 2015 (203)
  7. 2014 (210)
  8. 2013 (95)
  9. 2012 (187)
  10. 2011 (120)
  11. 2010 (114)
  12. 2009 (233)
  13. 2008 (100)
  14. 2007 (2)