Zoom Security: Be sure you’re updated to version 5 before coffee hour on Sunday

Post update May 29, 2020 by Mary Bennett

If you’ve been zooming, you might have been invited to update to version 5 – with higher security measures.

Zoom is making it mandatory after Saturday so you’ll need to do this before Sunday morning to connect to coffee hour.
If you phone into zoom, no problem. Continue as you were.
Here’s an article explaining why.

How do I upgrade to Zoom 5.0?

There’s no point waiting, you might as well upgrade your app right now, if you have time. Updating is pretty simple —if you don’t have the app you can download the latest version. If you already have the Zoom desktop client installed, you can check for updates by signing in, clicking your profile picture, and then clicking “Check for Updates.”

If you use the Zoom app on your mobile, the latest version is available from the Apple App Store or Google Play.

Zoom includes some detailed instructions in its Help Center. If you prefer a visual guide, a YouTube video is available explaining how to update.

Using Zoom securely Love it or hate it, most of us have to use Zoom at some point. Therefore, it’s important that we are as secure as possible when we do.

Embedded Passwords

The Communications Committee has confirmed that we can embed the password in a link but the zoom link will not be posted on any website or facebook and has never been used before. So for zoom calls, if you follow the shortlink (e.g. ucv.im/coffee-hour) you shouldn’t need to have a password. If there’s a problem, contact the person who set up the call.

In other words, if you’ve used the links that start with ucv.im in the past, those will still work: You just won’t have to type in a password.

You can test it out between 9 am and 10 am on Sunday morning if you’re not confident. I’ll have ucv.im/coffee-hour open for you to drop in and say hello.

Any questions about this decision, contact Communications Committee chair Marie Witt communications@gmail.com

Post update April 8 by Mary Bennett

Last Saturday, Zoom changed all zoom call settings to require passwords on all scheduled calls and disable the possibility of people joining before the host. Many UUs across Canada and beyond were emailing and discussing on facebook how to let their people watch the Sunday service (ours is on youtube, so it wasn’t a problem) and get into coffee hour discussions (we do use zoom for that.) CUC responded very clearly and quickly with updates and recommendations. Your communications committee discussed and three co-hosts were deputized (as Erin referred t it) so that we could carefully screen anyone wanting to join coffee hour. We had 25 people on line in 5 separate breakout rooms and things went smoothly. For the hosts this is more time-consuming so there could continue to be a bit of a lag time at the start.

In addition to what Zoom required, UCV has

  • enabled “waiting room” – so only identifiable people are let into a call
  • disabled the “embedded” password in invitations
  • removed all links to zoom calls on website and facebook replacing with a “shortlink” (which by the way makes it easier for you to remember e.g. ucv.im/coffee-hour for Sunday coffee hour)
  • started workshops for zoom hosts and co-hosts to learn how to help with these measures

Alternatives to zoom

Galen and Christian, part of our tech team, are also exploring alternatives to zoom.

Help the hosts of our zoom calls ensure security.

Here are some things you can do.

On your zoom account, put your own picture and a name that we would recognize, e.g. Jane and John Doe is better than JJ ipad.

Make note of the zoom links somewhere safe. We have removed links from the website, so keep a cheat sheet or put the link into your calendar, whether paper based or computer-based.

If you are left in the waiting room for long, it may be because we don’t recognize your name. If you send the host of that particular meeting a note in advance, it will help to be sure. For larger groups like coffee hour and neighbourhood check-in, we are putting people into breakout rooms quickly so as to keep the main session available for people needing time to connect with the zoom technology and as double insurance in the event that somehow a “zoom bomber” has managed to crash the meeting. Please click JOIN to go to the breakout room. When options are available like coffee hour, if you want a particular breakout room be ready to say that as soon as you’re on the call.

Don’t share the zoom links on a web page or facebook; emailing to a friend is fine, in fact, encouraged, but don’t send to email lists where you’re not sure who is on it.

For coffee hour, remember, it’s a drop-in session. You can join a conversation when you arrive, so taking a real “coffee break” after the service and joining at ten past 12 would mean a smoother approach for the hosts to let people in a few at a time and set up the breakout rooms.

Future possibilities

We are trying to assure privacy, while not making it too cumbersome and discouraging for people to connect, because connections right now are more important than ever.

Some calls may start restricting to “authenticated users only”. This just means you have to be logged into zoom before joining (as zoom bombers are usually just trying to join “on the fly”). Authenticated users have to give their email address to zoom.

If a participant tries to join the meeting or webinar and is not logged into Zoom, they will receive the following messages The host would likely tell you in advance if they are using this function.

New to zoom?

You may have discovered that depending on what device you’re using, the controls are in different places. Here’s a good getting started resource that includes links to the various devices to help you. https://support.zoom.us/hc/en-us/categories/200101697

Want to test your video or microphone before joining a meeting?

Here’s how: https://support.zoom.us/hc/en-us/articles/201362283-Testing-computer-or-device-audio

Zoom bombers

Many of us are using zoom for UCV events and also the many community and activist communities we’re involved with. You may have heard of “zoom bombers” who scour websites for new zoom links to “bomb” your meetings with pornography or racism, creating havoc. Zoom bombers can also just use random numbers so even if the number isn’t publicly posted, they may find it. The controls mentioned above should be enough to make our calls safe from zoom bombers.

Peter Bowden is a UU congregational consultant who offers web training on communications and social media for UU congregations. Here’s his 15-minute video about security for zoom.

It’s well worth watching (as our his various videos on welcoming guests and growing membership.)

Prevent Zoom Bombing: Tips, Settings, and Controls to Help Protect Your Meetings

What is Zoom doing about this?

Blog Post from CEO Eric Yuan

A Message to Our Users

To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million. In March this year, we reached more than 200 million daily meeting participants, both free and paid.

However, we did not design the product with the foresight that, in a matter of weeks, every person in the world would suddenly be working, studying, and socializing from home. We now have a much broader set of users who are utilizing our product in a myriad of unexpected ways, presenting us with challenges we did not anticipate when the platform was conceived.

These new, mostly consumer use cases have helped us uncover unforeseen issues with our platform. Dedicated journalists and security researchers have also helped to identify pre-existing ones.

More in-depth article about the issues

https://www.bizjournals.com/sanjose/news/2020/04/03/zoom-ceo-outlines-changes-as-platforms-security.html

Among the changes the company has made, he said, was publishing guidelines last month for users on how to avoid being “Zoombombed” — a phenomenon in which intruders crash into Zoom meetings and display pornography or other shocking content.

Zoom has also removed a link with Facebook in which the Zoom app was sending user data to Facebook, unbeknownst to the user, and has updated its privacy policy, Yuan said.


Categories:

Community • Recent News