Privacy, security, & misuse

Options to protect your privacy during Zoom sessions include:

• Turn off your camera
• Use a virtual background
• Do not use a profile picture
• Adjust how your name is displayed
• Be mindful of what you say in chat

March 25, 2020

Dear Faculty,

As we prepare for remote instruction for Spring quarter and you spend more time with UCI’s learning management system (LMS), with Canvas and with Zoom, I write to offer the following:

1. We have prepared this script for you to announce at the beginning of class meetings:“This [class meeting/discussion group/etc.] is being conducted over Zoom.  As the instructor, I will be recording this session.  I have disabled the recording feature for others so that no one else will be able to record this session.  I will be posting this session to the course’s website at [LMS/Canvas location].  If you have privacy concerns and do not wish to appear in the recording, you may turn video off (click “stop video”) so that Zoom does not record you.  If, when you disable live video, you also want to use a profile image (other than a picture of you) instead of your name, please let me know which image you will be using so that I know who you are during the session.  If you would like to ask a question, you may do so privately through the Zoom chat by addressing your chat question to me only (and not to “everyone”), or you may contact me by another private method.  If you have questions or concerns about this, please contact me.”
2. You can protect the privacy of your students and enable students with disabilities to absorb each session by taking the following steps:
   1. Record your sessions in Zoom (after modifying your settings as described below), record the session locally, and upload the recording into YuJa for embedded distribution with YuJa Media Chooser.  This will: (i) make it very difficult for someone to grab the link and share/download the session and (ii) allow you to modify the settings in your Zoom profile settings.
   2. Modify settings as follows in your Zoom profile:
      1. Settings/meeting: turn OFF “auto saving chats”
      2. Settings/meeting: turn ON “allow host to type closed captions or assign a participant/third party device to add closed captions”
      3. Settings/recording: turn OFF “local recording: allow hosts and participants to record the meeting to a local file”
      4. Settings/recording: turn ON “cloud recording: allow hosts to record and save the meeting in the cloud”
3. I encourage you to provide your remote instruction via UCI’s LMS/Canvas.  Although it is not perfect (and we are working to improve it), it provides you with the best protection related to copyright issues in two ways: (a) you have more protection from claims that you have infringed someone else’s copyrights when you use another’s work in your materials if your course is delivered via LMS/Canvas, and (b) the technology of LMS/Canvas makes it more difficult for anyone to copy and distribute your materials.

Thank you for all you are doing for our students so that they can continue their academic progress,

Michael Dennin
Professor of Physics and Astronomy
Vice Provost of Teaching and Learning and
Dean, Division of Undergraduate Education

UCI Privacy has a variety of resources related to privacy practices, including new resources prepared in light of COVID-19.

The key in many cases is: flexibility. Instructors are encouraged to be mindful of students’ varied remote learning contexts. For instance, not all students may be able or comfortable enabling their video during virtual class sessions.

For more information, see:

• UCI Privacy
  • COVID-19 Privacy Update

If you are in the middle of a Zoombombing, this is the quickest way to intervene:

• Suspend Participant Activities – Press the Host Tools (previously called “Security”) button and click on “Suspend Participant Activities.” This feature is available to Hosts and Co-Hosts.
  • Upon activation, all user video, user audio, in-meeting chat, screen sharing, annotation, and profile images will stop. 
  • This gives the Host an opportunity to Report and Remove any offenders. 
  • The Host or Co-Host can unmute their own audio and video to continue the meeting.

There are 6 types of Zoombombing. Here are the individual ways to recover and the preventive steps you can take to avoid Zoombombing: 

• Audio interruptions – unmuting and speaking during the meeting
  • Individual: Press Participants, locate a specific individual, press Mute.
  • Preventative: Press Participants, then Mute All. On the pop-up, uncheck “Allow participants to unmute themselves.”
    
• Video interruptions – displaying inappropriate video or gestures in a live or virtual background 
  • Individual: Press Participants, locate a specific individual, press Stop Video.
  • Preventative: Under the “More” menu, enable “Focus Mode” to spotlight all speakers while hiding all profile photos and video from other participants. Only the Hosts and Co-Host will still be able to see all participant videos.
  • Tip: To disable video from Hosts and Co-Host, press Host Tools (previously called “Security”) button and under “Allow Participants to” uncheck the box next to “Start Video.”
    
• Chat interruptions – typing something inappropriate or using private chat to harass others
  • Individual: To delete an individual Chat message, hover over the message and press (…) then select Delete.
  • Preventative: Press Chat then the menu (…) on top right to manage chat settings. Activate the setting “Participants can chat with: Hosts and Co-Hosts.”
  • Tip: Before your next meeting, sign in via https://uci.zoom.us, go to Settings > Meeting > In Meeting (Advanced) and enable Q&A in Meetings then follow Preventive steps to set Chat to “No One”
    
• Screen share interruptions – sharing inappropriate content with all attendees
  • Individual: Press Participants, locate a specific individual, press Stop Sharing.
  • Preventative: Press the Host Tools (previously called “Security”) button and under “Allow Participants to” uncheck the box next to “Share Screen.”
  • Tip: The default is to only allow the host to share. If a non-Host needs to share screen, temporarily make them a Co-Host then remove the privilege when done sharing.
    
• Annotation interruptions – drawing something inappropriate on the screen during a screen share (this feature is disabled by default)
  • Individual: If annotations are enabled during a screen share, under the Host Tools (previously called “Security”) button, uncheck “Annotate on Shared Content.”
  • Preventative: Before your next meeting, sign in via https://uci.zoom.us, go to Settings, Under “Annotation,” after enabling, check the option “Only the user who is sharing can annotate.”
    
• Whiteboard interruptions – interrupting a presentation with the opening of a Whiteboard and / or unexpectedly drawing something inappropriate.
  • Individual: On the top right side of the Whiteboard next to the Share button, press the red X to close the Whiteboard.
  • Preventative: Press the Host Tools (previously called “Security”) button and under “Allow Participants to” uncheck the box next to “Share Whiteboards.”
  • Tip: The default is to only allow the host or co-host to create Whiteboards. If a non-host needs to create a Whiteboard, temporarily make them a Co-Host then remove the privilege when done.
    
• Profile Name interruptions — distracting Host, Co-Host, and Participants by renaming profile names to something inappropriate
  • Individual: There is no option to prevent a single person from changing their name in the meeting. 
  • Preventative: Press the Host Tools (previously called “Security”) button and under “Allow Participants to” uncheck the box next to “Rename Themselves.”
  • Tip: Hosts and Co-Host can rename a participant by pressing Participants, locate a specific individual, press Rename.
    
• Profile Photo interruptions – displaying an inappropriate profile photo
  • Preventative: Under Security, check the option to “Hide Profile Photos.” Profile photos will be replaced with participant names.

Before ending your meeting and even if you used Remove on several users, if you wish to Report individuals to Zoom, press the Host Tools (previously called “Security”) button then press Report… Select the name or names of users from a dropdown list and complete the form. On the bottom, press Send. Please note that these reports are sent only to Zoom’s Trust & Safety team. Consequently, these reports are not shared with UCI Zoom campus admins or any other UCI affiliates. Reporting a user in this way does NOT initiate any form of investigation or other action by UCI staff.

Report disruptions to UCI

If the incident involves UCI students or if the interruption may include a criminal act, please email TechPrep@uci.edu with the meeting ID and any details you can provide. This information will be investigated and turned over to UCI Security, Dean of Students, and/or the UCI Police Department as appropriate under campus policies and relevant legal requirements. More information on Managing Participants in a Zoom meeting:
https://support.zoom.us/hc/en-us/articles/115005759423-Managing-Participants-in-a-meeting

While most Zoom-Bombing incidents are disruptive pranks, some can be extremely graphic, including violence, sexual assault, and racial comments. These images, texts, and spoken words may be highly troubling to Hosts and Participants, who may benefit from timely professional assistance.

If you are an employee and would like to speak about a Zoom incident, please reach out to the Employee Assistance Program: http://wellness.uci.edu/facultystaff/eap/introduction.html

If you are a student and would like to speak about a Zoom incident, please reach out to the UCI Counseling Center:  https://counseling.uci.edu/

“Zoombombing” is the exploitation of publicized or hacked Zoom links combined with misconfigured user settings designed to interrupt live conferencing with the posting of pornographic or otherwise inappropriate images or video, hate speech, harassing commentary, threats, and other disruptive content. This can be initiated by one individual, a small group, or a coordinated global attack typically activated when a Zoom link is posted on a public forum or twitter account monitored by bad actors.

The good news is that nearly all Zoombombing incidents can be prevented if the Host configures Zoom settings appropriately for their meeting format. For example, the Host of a small collaborative meeting (where Participants are all known to each other) may encourage everyone to chat publicly and privately, exchange files through chat, allow everyone to freely share their screens and annotate, or enable microphones to go on and off at any time. In contrast, the Host of a public meeting (where Participants are not known to each other), would likely need to have a number of limitations in place so the presentation doesn’t get interrupted and other Participants aren’t distracted by inappropriate actions.

The challenge is in allowing certain Zoom features to be enabled given the meeting format AND for every Host to have a proper understanding of Zoom settings so they can 1) lockdown specific features until they are needed, and 2) quickly halt interruptions when they arise.

For instruction and meetings where everyone has a UCI Zoom account, we encourage the Host to enable the Waiting Room option for Guest Participants only. This allows authenticated UCI Zoom accounts to immediately join the meeting while all other users are left in the Waiting Room until expressly permitted by the Host, Co-Host, or Alternate Host. A second option for meetings is to enable “Only authenticated users can join” where anyone who has a uci.edu email address will immediately get into the meeting while all others are prevented from joining. This is a good option when all Participants have a UCI email account OR an account on another UCI-affiliated Zoom service such as UCI-Hipaa Zoom, UCI Health Sciences Zoom, Merage Zoom, UCI Law Zoom, etc. Once your meeting requires users to be logged in, the scope of interruptions is limited to a smaller set of Participants.

In some cases (such as public meetings), the requirement of authentication is not possible. Here are some ways you can evaluate the risk of your Zoom configuration for your Zoom event.