A lot is happening at once at the video conference company Zoom. It is one of the few economic success stories of the Corona crisis. At the end of February, the service lifted restrictions on non-paying users from China to do its part to cope with the corona crisis, as CEO Eric Yuan said. Yuan grew up in Shandong Province, China, and still feels connected to the region, he said in a blog post. The platform had already recorded strong growth before the crisis, since then the number of users has exploded and the company’s stock market value has risen rapidly. No wonder, in the past few months, millions of new users have been organizing their day-to-day work using the platform – and sometimes also their free time.

However, with the surge in users, awareness of security and privacy issues has increased. Over the past two weeks, IT experts have uncovered a variety of potential vulnerabilities. For example, Zoom shared user data from Apple devices with Facebook without informing them of this in the terms of use. The company falsely claimed that video calls made via the platform were encrypted end-to-end. And finally, Zoom provided a feature that video call hosts could use to control whether participants were actually watching the presentation, or whether they were doing sideline activities such as consuming YouTube videos or writing social media posts.

Corona virus updates – twice a day via email or push message

All reports on the current situation in Germany and worldwide as well as the most important news of the day – twice a day with SZ Espresso. Our Newsletter brings you up to date in the morning and evening. Free registration: sz.de/espresso. In our News app (download here) you can also subscribe to the espresso or breaking news as a push message.

Trolls also quickly discovered that the platform was relatively easy to drive. Non-wild users switched to unprotected, ongoing video sessions and shared obscene pictures and messages on their screens, a practice for which the name “zoom bombing” has become established.


However, the company reacted quickly and comparatively confidently to most of the problems and closed gaps. The company deals with the criticism unusually openly. In a blog post, CEO Eric Yuan addressed researchers at Citizen Lab’s Canadian civil rights activists and admitted that the current encryption mechanisms do not currently meet modern standards. “We understand that our encryption design could be better,” Yuan wrote, announcing that he would be working with outside experts and the community to make improvements quickly.

Video calls are now password-protected by default

Actions such as these are probably not empty words show actions that could be observed at around the same time. In the next 90 days, Zoom will refrain from developing new features in order to concentrate entirely on the further development of privacy protection and the security settings of its services. At the same time, the platform eliminated the controversial attention tracking feature and changed the platform’s default settings so that new and inexperienced users are automatically better protected when creating video conferences and no longer run the risk of being bothered by undressed strangers in video chats.

The app offers a variety of setting options with which users can find a level of security that suits their personal usage situation. Several websites have published detailed information on this in the past few days, including the US civil rights organization Electronic Frontier Foundation (EFF). To clarify your own needs, questions such as: Do I use the program for work or leisure? Is the number of participants limited to a fixed group? Should the session be secured with a password or not? Do I want to add each participant myself? Each of these settings can be changed individually in the app menu, most of them are comparatively self-explanatory.


Troublemakers have repeatedly disrupted video conferences in recent weeks. There were two main ways of doing this. At Zoom, the meeting IDs for the conferences are always the same, so trolls could either try to guess meeting IDs, or they found shared meeting IDs online or on social media pages. If the meeting did not require a password, the uninvited visitors landed directly in the conference.

The right settings ensure privacy

In order to protect zoom users from the zoom bombing already mentioned, every meeting with zoom has been protected with a password for a few days by default. Users should only change this in justified exceptional cases. This way they stay protected from unregistered visitors. If you want to further increase security, you can assign your own password for the meeting and distribute it to the participants via an independent channel (if they are known in advance). Otherwise, users can also distribute a link that already contains the encrypted password. Then anyone with the link can join the meeting. Trolls who continue trying to guess Meeting IDs will remain outside.

The setting of the waiting room has also been switched on by default for a few days. This practical function gathers potential participants in a kind of virtual antechamber before the host manually adds them to the meeting room. This can help to keep an overview. If you want to prevent legitimate participants from disturbing the session, for example during a presentation or teaching situation, you can also specify that only the host can share his screen.


Many virtual meetings are currently taking place in your own four walls. The background visible to the webcam may contain information that users do not want to share with the world. It is therefore recommended for hosts to allow the use of virtual backgrounds and for the participants to use one of them.

Corona crisis and family: How are you doing?:Readers’ discussion