Zoom…Much Ado About Nothing?

By Sjoerd Stoffels

The launch of Zoom at Maastricht University took many of us by surprise. A launch that also lacked necessary information regarding the ins and outs of this application. The result of this information vacuum: turmoil among staff and students. This turmoil was also fueled by news coverage about Zoom. Until recently, many would never have had heard about Zoom-bombings and Zoom-trolls. Now, these expressions have almost become common knowledge.

Many of these reported issues can be linked to users’ unsafe and incorrect use of Zoom. This has also been my answer in response to the concerns arriving in my mailbox. It inspired me to use Shakespearian phrases for my recent Zoom webinar and this article. Capturing the diverse interests in times of drama, tragedy and comedy too.

The following three fundamental facts are crucial:

  1. A data protection agreement was signed between Zoom and the university, assuring our usage of Zoom to be compliant with the EU’s General Data Protection Regulation (GDPR). In addition, user settings have been adjusted in order to comply with GDPR and privacy guidelines. This means that recording a session has been disabled for all UM-users, because Zoom recordings are stored on servers outside the EU.
  2. The UM license enables extra Zoom parameters for security and privacy, that are fixed on central level. However, staff and students still have their own responsibility in how safe, secure and private their use of Zoom is; safeguard these by exerting control over the tool. I will get back to this in a moment.
  3. Zoom sessions are currently “encrypted” instead of “end-to-end encrypted”. In general, messaging and call services such as WhatsApp use the latter for communication between senders and receivers. On the scale of encryption security, Zoom presumably is less safe than WhatsApp. Yet, end-to-end encryption also is far from bullet proof. Some of you may recall that even Amazon CEO Jeff Bezos’ phone was hacked through WhatsApp.

Returning to my previous remarks about safeguarding safety, privacy and security when using Zoom, it is essential that you take the following into consideration.

  • Finetuning the Zoom meeting settings for your account is a must. This can be done by signing in to Zoom with help of your browser and go through your settings. At least this should be done:
    • Don’t use the personal meeting ID for meetings with multiple participants. Create a new unique generic meeting ID instead for each session.
    • Set up meetings with a meeting password.
    • Lock the Screen Share by default for your meetings, so that only you as a host can share. Several reported Zoom incidents could take place, because the host allowed participants to share their screens as well.
    • Use a Zoom Waiting Room for your sessions. It’s is a virtual staging area that prevents participants from joining until you allowed them to enter.
    • Lock your Zoom meeting after all invited participants are present.
    • You can also set up a meeting that requires the participants to register with their name and email address. Additionally, that only authenticated Zoom users can join this registration. Only take in mind that students who do not have a Zoom-account, will not be able to join the meeting. Furthermore, it might create the idea that big brother is watching.
  • Never share Zoom meeting details (the meeting link, ID, password) with others, nor share these details on open platforms. Zoom bombings and trolling happened because meeting details were (publicly) shared.
  • Never sign in to Zoom with a Facebook or Google account. When you sign in with Facebook or Google, you are opening the door to these platforms to harvest personal data. Needless to say, the same kind of data mining will happen when using Facebook or Google applications. There are well-respected colleagues who regard Zoom as possibly worse than Google. True, Google Hangouts uses end-to-end encryption as a security measure. Yet, Google is mining your data in its G Suite apps and all other services!
  • Invited participants can join a Zoom meeting without the need to login. Nevertheless, staff should sign in with their Zoom-account that is linked to the UM-license. Students should create a free Zoom account – by means of the student email address and full name. The UM is busy extending the campus license to students as well. The moment that this will be the case, the UM-email-based free Zoom account can be linked to the campus license.
  • Students must be aware, that whenever they organise Zoom sessions themselves, as a host they have to safeguard the same security and privacy settings as lecturers do.

Naturally, your encounters in Zoom will work out even more safe and sound, if your meeting rules are known to the participants before a meeting starts. I created a template text called ‘The Zoom Rules‘ that lecturers can adjust and use for communication with their students.

Though the university will replace Zoom by Microsoft Teams in a few months, all current experiences will lead to a better understanding of using video conferencing tools for online education. To conclude with a last adapted Shakespearian saying: men at some time are masters of their technology; the fault is not in there, but in ourselves…

About the author

Sjoerd Stoffels is project leader and consultant educational technology at FASoS. He has long-term experience in this domain, also being an eyewitness of its genesis. Sjoerd is active in several faculty, university and nation-wide educational technology projects or steady-state processes. He was awarded with the UM Education Prize once, plus nominated two more times.