Skip to main content

Zoom turns on passwords, waiting rooms by default to plug privacy holes

Use of the popular video-conferencing app Zoom spiked as work moved into people’s homes following the spread of the novel coronavirus — but so did the backlash to the company’s handling of privacy and the increasing popularity of zoombombing.”

On Friday, Zoom announced that starting April 5, the company will automatically enable its more solid security features, like password entry and Waiting Rooms in order to “deliver you a secure virtual meeting environment.”

In an email sent out to users Friday, the company said, “Going forward, your previously scheduled meetings (including those scheduled via your Personal Meeting ID) will have passwords enabled,” adding that virtual waiting rooms will become default as well, in order to prevent “people from joining a meeting until the host is ready.”

In March, Zoom saw more than 600,000 downloads in one day as COVID-19 shelter-in-place orders were mandated for the first time across the U.S. It wasn’t long before people began to notice holes in the app’s security. 

Image used with permission by copyright holder

Vice’s Motherboard revealed Zoom’s iOS app was sending data about its users to Facebook — an issue not made clear in the app’s privacy policy. The Intercept also found that the calls were not, as previously stated, end-to-end encrypted: Some Zoom users found they were sharing their location, the device they were using, and advertising identification data. 

Then came the zoombombing — where internet trolls browse social media for Zoom meeting links, then, uninvited, proceed to take over the app’s screen-sharing to show inappropriate content such as violent images and pornography.

Zoom’s latest move to automatically turn on its security features by default is no doubt in response to the wave of bad press regarding the app’s more public privacy hiccups. However, these security features are not new and were already a staple for some Zoom users but now, in an effort to quell uninvited guests in important business meetings, they will be a default starting April 5. 

Going forward, passwords will protect virtual meetings only if a user is joining manually — no password if needed if attendees are joining via a meeting link. As for the Waiting Room, hosts will have the ability to admit, manage, and view the full list of participants — admitting them one by one or collectively. 

Editors' Recommendations

Meira Gebel
Meira Gebel is a freelance reporter based in Portland. She writes about tech, social media, and internet culture for Digital…
Google bans employees from using Zoom over privacy concerns
Working remote

Google has banned its employees from downloading and using Zoom on their work computers over the videoconferencing service's recent security and privacy woes.

Google announced the new policy in an email to employees last week. The story was first reported by Buzzfeed News.

Read more
Zoom freezes development of new features to fix privacy issues
A user on a Zoom call with four other participants.

Coronavirus lockdowns have pushed Zoom to its limits, exposing a series of severe security cracks that have gone overlooked for years. The video-conferencing service announced Thursday it would pulling out all the stops to patch them.

In a lengthy blog post, Zoom CEO Eric S. Yuan announced the company is freezing development on new user features to exclusively focus on privacy improvements over the next 90 days.

Read more
SpaceX tells workers to ditch Zoom over ‘significant’ privacy concerns
Zoom Meeting

SpaceX has reportedly told its workers to stop using Zoom for teleconferencing as it has concerns over the software's safety.

With an increasing number of people now working from home due to the coronavirus outbreak, Zoom has seen a huge uptick in usage in recent weeks. But this has also resulted in greater scrutiny of the collaboration tool's security and privacy policies, with some experts slamming the software for not being up to the job.

Read more