Preventing Zoom-bombing
What is Zoom-bombing?
Zoom-bombing is when uninvited guests join your Zoom meeting and share their screens to bombard real attendees with disturbing pornographic and/or violent imagery. Most of these attacks occur due to publicly available Zoom links but not all. Below are ways to protect you and your guests.
Protect your Personal Meeting ID
If you share your meeting link on social media or another public location and the meeting is not password/passcode protected, anyone with the link can join your meeting. To avoid Zoom-bombing:
- Avoid using your Personal Meeting ID (PMI) to host public events. Your PMI is essentially one continuous meeting and people can come and go at any time. Learn about meeting IDs and how to generate a random meeting ID at the 0:27 mark in this Zoom video tutorial.
- Familiarize yourself with Zoom’s settings and features. Understand how to protect your virtual meeting space. For example, the Waiting Room (details below) is a helpful feature for hosts to control who comes and goes.
Quickly access security settings
You can quickly access many security features by clicking on the Security icon on the menu bar. Descriptions of Zoom's security features are included below.
Manage screen sharing
To prevent participants from screen sharing, use the host controls at the bottom of your screen. Click the arrow next to Share Screen and then click Advanced Sharing Options.
Under “Who can share?” choose Only Host and close the window.
You can also lock the Screen Share by default for all your meetings in your web settings at https://princeton.zoom.us. Sign in and click on Settings in the left menu. Scroll until you find the Screen Sharing options. There you can select Only Host.
Manage your participants
- Allow only signed-in users to join: If someone tries to join your event and isn’t logged into Zoom with the email they were invited through, they will receive a "This meeting is for authorized attendees only" message. This is useful if you want to control your guest list. For full details about authentication profiles for meetings and webinars, visit the Zoom website.
- Lock the meeting: When you lock a Zoom Meeting that’s already started, no new participants can join, even if they have the meeting ID and password (if you have required one). In the meeting, click on Manage Participants at the bottom of your Zoom window. In the Participant’s window, click More and choose Lock Meeting.
- Generate a random Meeting ID: Generate a random Meeting ID when scheduling your event and require a password to join. Then you can share that Meeting ID through a public setting, but only send the password to join through a direct message to the intended participants. Visit the Zoom site for instructions on generating a random Meeting ID.
- Remove unwanted or disruptive participants: Click Manage Participants and mouse over a participant’s name and click on More. Click Remove.
- Allow removed participants to rejoin: When you do remove someone, they cannot rejoin the meeting by default. But you can change your settings to allow removed participants to rejoin (in case you remove the wrong person). Visit https://princeton.zoom.us, sign in, and in the left menu click Settings. Scroll down until you find “Allow removed participants to rejoin” and click on the toggle button to turn it on.
- Disable video: Hosts can turn someone’s video off. This will allow hosts to block unwanted, distracting, or inappropriate video. Click on the participant’s video, click More, and click Stop Video.
- Mute participants: Hosts can mute/unmute individual participants or all of them at once. In the meeting, click on Manage Participants at the bottom of your Zoom window. In the Participant’s window, click Mute All or click on an individual in the list and click Mute. You can also enable mute upon entry when scheduling a meeting or by changing your settings at https://princeton.zoom.us.
- Disable renaming participants: Hosts can disable the ability for participants to rename themselves. You can disable this feature using the Security icon on the menu bar or by navigating to https://princeton.zoom.us, signing in, and clicking on Settings. Scroll down until you find “Allow participants to rename themselves” and click on the toggle button to turn it off.
- Turn off file transfer, annotation, and private chat: In-meeting file transfer allows people to share files through the in-meeting chat. Toggle this off to keep the chat from getting bombarded with unsolicited pics, GIFs, memes, and other content.
- You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from using it.
- Zoom has in-meeting chat for everyone or participants can message each other privately. Restrict participants’ ability to chat amongst one another while your event is going on and cut back on distractions.
- File transfer, annotation, and private chat settings can be managed at https://princeton.zoom.us. Sign in and click on Settings in the left menu. Scroll until you find the feature and click on the toggle button to turn it on or off.
- You and your attendees can doodle and mark up content together using annotations during screen share. You can disable the annotation feature in your Zoom settings to prevent people from using it.
Use a Waiting Room
The Waiting Room is a virtual staging area that stops your guests from joining until you’re ready for them.
Meeting hosts can customize Waiting Room settings for additional control, and you can even personalize the message people see when they enter the Waiting Room. This message is the perfect place to post rules or guidelines for your meeting.
The Waiting Room is a great way to screen who’s trying to enter your event and keep unwanted guests out. To learn about Waiting Room's visit the Zoom website.
End-to-end encryption (E2EE)
If you require an extra degree of security for your meeting, consider using end-to-end encryption (E2EE).
- What is Zoom end-to-end encryption (E2EE)?
While Zoom meetings are already encrypted by default, they are not end-to-end encrypted. With the product’s default encryption setting, Zoom manages the encryption and key sharing with participants. With E2EE, Zoom does not have access to the key. Users generate their own encryption key locally and share it with other video conferencing users on the call.
- When should I use Zoom E2EE?
Use E2EE when you want enhanced privacy and data protection for your meetings. Keep in mind that several product features are not available when using E2EE (see below).
- Will the user experience be any different?
E2EE disables several Zoom features:
- Breakout rooms
- Group polling
- Join before host
- Cloud recording
- Streaming
- Live transcription
- 1-on-1 private chat
- Meeting emoji reactions
- How do I get started?
E2EE can be enabled and disabled per meeting, giving you the freedom to choose the level of privacy and functionality for each call you host.
First, you need to turn on Zoom’s E2EE in your user settings before you can use it for a meeting:
- Sign in to Princeton’s Zoom web portal (https://princeton.zoom.us/).
- Go to Settings > Meeting > Security.
- Enable “Allow use of end-to-end encryption is enabled.”
- Click “Turn On” when prompted to verify the change.
- Next, select your default security level. “Enhanced encryption” is best if you want to keep using all of Zoom’s features (You can still use E2EE for individual calls). Selecting “End-to-end Encryption” will use E2EE for all meetings but restricted features will always be disabled for calls you host.
- Click “Save.”
Now when you schedule a meeting (through the web portal or the app), you will now have a choice of encryption type.
To learn more, visit Zoom Support at: https://support.zoom.us/hc/en-us/articles/360048660871-End-to-end-E2EE-encryption-for-meetings
Enabling recording notifications
Multiple recording notifications can be enabled for a user, group, or entire account. If multiple recording notifications are enabled, participants connected to the computer audio or by telephone will hear a notification each time the recording is started, paused, resumed from being paused, or stopped. To enable this setting visit https://princeton.zoom.us, sign in, and in the left menu click Settings. Next, click on the Recording tab, scroll down until you find “Multiple audio notifications of recorded meeting” and click on the toggle button to turn it on.
Miscellaneous security and privacy tips
Do not click on links in chat particularly when you don’t know all of the participants in the Zoom session. A recently announced vulnerability with Zoom for Windows (3/31/20) involves its chat function and links sent in chat. A malicious link in chat which connects to another computer could be used to execute dangerous programs and compromise your computer.
Always download the Zoom software client directly from Zoom. The Zoom software installer for Macintosh has been criticized (3/30/20) in that it potentially enables malicious actors to modify the installer in ways that would put systems at risk.
If you require an extra degree of security for your meeting, consider using end-to-end encryption (E2EE): See above E2EE section for details.