How Does Zoom Work and is it Safe?

Zoom is an online video chat and conferencing platform that has become hugely popular with millions of people. Facing unprecedented demand among casual users and organisations alike, the platform is not without its own privacy and safety concerns. Find out how Zoom works, and read our advice for keeping your calls private and secure.

How Does Zoom Work and is it Safe?

Zoom is an online video chat and conferencing platform that has become hugely popular with millions of people. Facing unprecedented demand among casual users and organisations alike, the platform is not without its own privacy and safety concerns. Find out how Zoom works, and read our advice for keeping your calls private and secure.

10 min read

10 min read

What is Zoom?

Zoom is a cloud-based video conferencing service that allows you to virtually meet and keep in touch with family, friends and coworkers. Given the growing number of employees working from home, it has quickly become an essential tool for teams to connect and communicate with each other online.

The software is available for Windows PC, Android, macOS and iOS, alongside an Outlook plugin, Chrome extension, and Firefox add-on for integrated usage. A Zoom account is not required to join a meeting, but users can sign in with their Zoom account, Google, Facebook or SSO.

How does Zoom work?

Zoom Meetings allow users to host and attend meetings online, using video and audio (or both). Participants can join any meeting as long as they have the meeting ID and password (if required).

Zoom has a number of free and paid tiers, with pricing options that are suitable for businesses of any size. The free tier offers a comprehensive list of features, including unlimited one-on-one meetings, screen sharing, and virtual backgrounds. Free Zoom can also host group meetings for up to 100 people, but meeting times are capped at 40 minutes.

Paid users have the option to tweak even more settings, including setting up recurring meetings, a virtual waiting room, hosting polls, recording full audio and video, and transcribing calls. The time limit cap is extended to 24 hours and the number of participants is extended too – the Enterprise plan lets users host up to 1,000 attendees at a time.

Business users can also supplement this with an additional Zoom Room subscription. This is Zoom’s physical hardware set up that lets companies host Zoom meetings in their conference rooms.

Is Zoom safe?

Zoom’s sudden and rapid increase in popularity does not come without challenges. The company has been ill prepared for the sudden influx of new users, and many have found Zoom’s privacy and security features lacking.

While Zoom is GDPR compliant, various organisations have banned the use of Zoom due to a number of security and privacy issues.

Here are some of the issues that Zoom users have faced -

User accounts hacked and listed online

More than 500,000 Zoom accounts have been listed on hacker forums across the dark web – some accounts were being sold while others were given away for free. The account details were believed to have come from credential-stuffing attacks, where cybercriminals use stolen usernames and passwords from one site to try and break into accounts on other sites.

Misleading encryption claims

Security researchers raised concerns about Zoom’s ‘end-to-end encryption’ claims, which was promoted in their marketing materials. Normally, end-to-end encryption means that all communications are encrypted, and the only people who can decrypt them are the people on the call (AKA user to user). However, Zoom clarified they meant end-to-end encryption from user to Zoom server, meaning that Zoom employees and potentially law enforcement could decrypt users’ messages.

‘Zoom-bombing’

This is where uninvited participants, hackers or Internet trolls join Zoom meetings and disrupt the call or video. Once in a meeting, the individual hijacks the session by saying or showing rude or offensive content, compromising the meeting and forcing the hosts to shut it down.

Email address leak

Zoom’s ‘Company Directory’ setting automatically adds people to a user’s list of contacts if they signed up with an email sharing the same domain. The idea was to make it easier for employees to find and contact colleagues – but in reality Zoom pooled together thousands of random people and exposed their personal information to one another.

Zoom app sends data to Facebook

Zoom’s iOS app was sending device analytics data to Facebook – even if users didn’t have a Facebook account – without alerting the user. The app has since been patched to remove the Facebook SDK (software development kit) and a clause has been added to Zoom’s privacy policy to address the issue.

Top 5 Zoom safety tips

Zoom’s privacy and security issues could have affected up to 200 million users worldwide. Luckily, all it takes is a few changes in your settings to ensure your Zoom calls are watertight. The following options can either be set up on a meeting-by-meeting basis, or configured as defaults within your Zoom settings. Practicing basic account hygiene – using a strong password and enabling two-factor authentication (2FA) – will also help secure your Zoom account.

1. Use the right version

In recent months, there has been an increase in the number of malicious files with the same name as popular videoconferencing apps such as Zoom.

To avoid this, make sure to download Zoom from the official channels – via their website, Apple App Store or Google Play store. Additionally, ensure you’re using the latest version of Zoom to evade cybercriminals who might take advantage of loopholes in outdated software.

2. Enable Waiting Room

Switching on this setting sends users to a virtual waiting room upon joining a call, where they are put on hold until an administrator gives them approval to join. It also lets you kick an unwanted participant out of the meeting and back into the waiting room, if necessary.

3. Use a meeting password

You can generate a meeting password which participants need to use in conjunction with the Meeting ID to access a call or conference. Again, be careful who you share this password with, and avoid posting the password on public channels.

For extra security, you can disable the embed password option. Switching this off removes the one-click option and stops the password being embedded in the meeting link, requiring all attendees to manually enter the password.

4. Limit participant abilities

Hosts have access to a number of settings which can minimise disruption and help avoid any embarrassing moments. Starting the meeting with audio and video sharing off by default means participants have to explicitly switch on their audio/video before talking. As the host you can also restrict users from screen sharing – you can grant screen sharing privileges later if need be. Finally, hosts can lock a meeting room to stop any unexpected users from joining the call.

5. Generate a Meeting ID

Every Zoom meeting is based around a unique 9-digit Meeting ID. This ID is required to enter the meeting – meaning that if that ID becomes public or shared with external users, anyone can enter your audio or video call.

Secondly, ensure you generate a random Meeting ID each time rather than using your Personal Meeting ID. Anyone that has access to your Personal Meeting ID can subsequently use it to join any meeting you host, so it is important to keep this secure.

Alternatives to Zoom

Zoom has almost become a byword for video conferences, but they aren’t the only service on the market. We’ve rounded up a few alternatives that are equally good choices for businesses and organisations.

Google Meet (formerly Hangouts)

Google announced that its premium features would be free to users until September, including video calls with up to 250 people, livestreams for up to 100,000 people, and ability to record meetings. Audio and video calls are end-to-end encrypted, and Meet works entirely in the browser – users just need a meeting link to join.

Microsoft Teams

Part of Microsoft’s ecosystem, Teams can host calls with up to 250 people, extending this to 10,000 viewers using their presentation features. Built workplace collaboration around various ‘Teams’, participants can share files and desktops, as well as integrate with Skype and Office. However, users will need a Microsoft account.

Cisco Webex

A business-focused option with a similar look and feel to Zoom, Webex allows calls with up to 100 people, with no time limit on calls. External users can also dial in from their phones for meeting audio. End-to-end encryption is available for meetings but this setting is currently optional.

StarLeaf

StarLeaf is UK based and subject to local data privacy laws – the company allows consumers to choose where their user data is stored. The service is primarily aimed at large companies with 500+ employees, but also currently has a free offering. Paid plans can host up to 100 participants, with end-to-end encrypted video calls.

BlueJeans

Recently acquired by Verizon, BlueJeans is a business videoconferencing service and events platform. Video calls are encrypted by default, with no account creation or software download required. BlueJeans does not offer a free service, but paid users can host unlimited-time meetings with up to 100 people.