Skip to main content

Zoom turns on passwords, waiting rooms by default to plug privacy holes

Use of the popular video-conferencing app Zoom spiked as work moved into people’s homes following the spread of the novel coronavirus — but so did the backlash to the company’s handling of privacy and the increasing popularity of zoombombing.”

On Friday, Zoom announced that starting April 5, the company will automatically enable its more solid security features, like password entry and Waiting Rooms in order to “deliver you a secure virtual meeting environment.”

In an email sent out to users Friday, the company said, “Going forward, your previously scheduled meetings (including those scheduled via your Personal Meeting ID) will have passwords enabled,” adding that virtual waiting rooms will become default as well, in order to prevent “people from joining a meeting until the host is ready.”

In March, Zoom saw more than 600,000 downloads in one day as COVID-19 shelter-in-place orders were mandated for the first time across the U.S. It wasn’t long before people began to notice holes in the app’s security. 

Vice’s Motherboard revealed Zoom’s iOS app was sending data about its users to Facebook — an issue not made clear in the app’s privacy policy. The Intercept also found that the calls were not, as previously stated, end-to-end encrypted: Some Zoom users found they were sharing their location, the device they were using, and advertising identification data. 

Then came the zoombombing — where internet trolls browse social media for Zoom meeting links, then, uninvited, proceed to take over the app’s screen-sharing to show inappropriate content such as violent images and pornography.

Zoom’s latest move to automatically turn on its security features by default is no doubt in response to the wave of bad press regarding the app’s more public privacy hiccups. However, these security features are not new and were already a staple for some Zoom users but now, in an effort to quell uninvited guests in important business meetings, they will be a default starting April 5. 

Going forward, passwords will protect virtual meetings only if a user is joining manually — no password if needed if attendees are joining via a meeting link. As for the Waiting Room, hosts will have the ability to admit, manage, and view the full list of participants — admitting them one by one or collectively. 

Editors' Recommendations