Privacy, security, & misuse

Protect your privacy

Options to protect your own privacy during Zoom sessions include:

  • Turn off your camera
  • Use a virtual background
  • Do not use a profile picture
  • Adjust how your name is displayed
  • Be mindful of what you say in chat

What sort of misuse can occur with Zoom?

There are a variety of ways a malicious actor may misuse Zoom. For example, “Zoom bombing” refers to the exploitation of publicized or hacked Zoom links combined with misconfigured user settings that allow malicious actors to interrupt live sessions by posting inappropriate images or video, hate speech, harassment, threats, and other disruptive content. This can be initiated by an individual, a small group, or a coordinated global attack typically activated when a Zoom link is posted on a public forum or twitter account monitored by bad actors.

Consequences

Use of UCI Zoom is subject to the campus Computer & Network Use Policy. Violations of this policy involving UCI Zoom may result in serious consequences just like violations of this policy in any other campus-associated online tools & services. Usage violating Zoom’s Terms of Use may also result in significant consequences up to and including the suspension of user accounts.

Secure your meetings in advance

Fortunately, nearly all Zoom bombing incidents can be prevented if the meeting host configures Zoom settings appropriately for their meeting or event!

For a helpful overview of different meeting settings to control who can attend, what they can do, and more read Zoom Blog – How to keep uninvited guests out of your meeting

Key considerations and settings include:

  1. Who should be allowed to attend?

    If the meeting or event does not need to be public, configure it so that unwanted attendees are not allowed to enter at all. There are multiple options for doing this, such as enabling a waiting room that requires a host or co-host to manually admit anyone who tries to attend, but doesn’t meet a particular condition (for instance, logging in with a UCI-affiliated Zoom account, which is automatically available to everyone with a valid UCInetID) or setting a meeting password.
     
  2. What should meeting participants be allowed to do?

    Meeting hosts can control which Zoom features are available to meeting attendees and different settings are appropriate for different contexts. For example, a meeting host may want to allow participants to turn on their cameras and microphones in a small working meeting with colleagues, but would be well-advised to turn those options off if they’re hosting a larger, public or semi-public event instead.
     
  3. How should the meeting or event link be publicized?

    Most major Zoom bombing incidents come down to a combination of public disclosure of a meeting or event link and meeting settings that fail to prevent misuse. Unless a meeting or event is truly intended to be public, consider only sharing meeting links with invited attendees or in non-public, access-controlled spaces. Never assume that keeping a link private is, in itself, sufficient to protect a meeting against malicious actors; if you secure your meetings with appropriate controls on participant actions, you can prevent bad behavior even if your link is or becomes public!
     

If you’re ever unsure what settings are best for your meeting, particularly if that meeting may be public, high-profile, or high-risk in any way, please contact us for help choosing appropriate meeting settings.

Make it easy: choose strict default settings

UCI Zoom admins have configured all UCI Zoom accounts such that some basic meeting restrictions are implemented by default. You can also customize your own account settings so that any new meetings you schedule or start will use those settings by default while retaining the option for you to tweak individual meeting settings as-needed.

Tip: Consider the kind of meetings you tend to host and configure your account settings appropriately for your most sensitive or restrictive meetings. You can always make a particular meeting’s settings less strict when you schedule it or adjust its settings. This is an ‘err on the side of caution’ approach that assumes it would be worse to accidentally have more permissive settings than intended, than it would be to accidentally have less permissions settings than intended.

To access your account settings, login via uci.zoom.us and press Settings on the left side of the page.

Stop misuse immediately

If misuse does occur during a meeting, the meeting host or co-hosts can stop misuse immediately by suspending participant activities in just two clicks:

  1. Press Host Tools
  2. Select Suspend Participant Activities
The quickest way a host can shut down any inappropriate meeting behavior is to open Zoom's "Host Tools" and select "Suspect participant activities"

This will immediately disable and/or hide:

  • All meeting attendee video
  • All meeting attendee audio
  • All in-meeting chat
  • All screen sharing
  • All annotation
  • Profile images

The host will also be prompted with an opportunity to report and remove any offending participants. Once the offending participants are handled, the host and any co-hosts can unmute their own and/or selected meeting participants’ audio, video, etc. as-needed to continue the meeting.

Alternatively, hosts can respond in a more limited way to control specific types of disruption.

Audio interruptions – unmuting and speaking during the meeting

Individual: Press Participants, locate a specific individual, and press Mute

Preventative: Press Participants, then Mute All and on the pop-up, uncheck Allow participants to unmute themselves

Video interruptions – displaying inappropriate video or gestures in a live or virtual background 

Individual: Press Participants, locate a specific individual, press Stop Video.

Preventative: Under the More menu, enable Focus Mode to spotlight speakers while hiding all profile photos and video from other participants; only hosts and co-hostß will still be able to see participant videos

Tip: To disable video, press Host Tools and under Allow Participants to uncheck the box next to Start Video

Chat interruptions – typing something inappropriate or using private chat to harass others

Individual: To delete an individual chat message, hover over the message and press (…) then select Delete.

Preventative: Press Chat then the menu (…) on top right to manage chat settings. Activate the setting Participants can chat with: Hosts and Co-Hosts

Tip: Before your next meeting, sign in via https://uci.zoom.us, go to Settings > Meeting > In Meeting (Advanced) and enable Q&A in Meetings then follow Preventive steps to set Chat to No One

Screen share interruptions – sharing inappropriate content with all attendees

Individual: Press Participants, locate a specific individual, press Stop Sharing.

Preventative: Press Host Tools and under Allow Participants to uncheck the Share Screen box

Tip: The default is to only allow the host to share. If a non-host needs to share their screen, temporarily make them a co-host and then remove the privilege when done sharing.

Annotation interruptions – drawing something inappropriate on the screen during a screen share (this feature is disabled by default)

Individual: If annotations are enabled during a screen share, under Host Tools, uncheck Annotate on Shared Content

Preventative: Before your next meeting, sign in via https://uci.zoom.us, go to Settings, enable Annotation and check the Only the user who is sharing can annotate box

Whiteboard interruptions – interrupting a presentation with the opening of a Whiteboard and / or unexpectedly drawing something inappropriate.

Individual: On the top right side of the Whiteboard next to the Share button, press the red X to close the Whiteboard.

Preventative: Press Host Tools and under Allow Participants to uncheck the Share Whiteboards box

Tip: The default is to only allow the host or co-host to create whiteboards so if a non-host needs to create a whiteboard, temporarily make them a co-host and then remove that privilege when done

Profile Name interruptions — distracting host, co-host, and Participants by renaming profile names to something inappropriate

Individual: There is no option to prevent a single person from changing their name in the meeting

Preventative: Press Host Tools and under Allow Participants to uncheck the box next to Rename Themselves

Tip: Hosts and co-hosts can rename a participant by pressing Participants, choosing the individual, and pressing Rename

Profile Photo interruptions – displaying an inappropriate profile photo

Preventative: Under Security, check Hide Profile Photos and all profile photos will be replaced with participants’ names

Report misuse afterwards

If misuse occurs during a meeting you host, please make a report to Zoom before you end the meeting:

  1. Press Host Tools
  2. Select Report…
  3. Select the name(s) of disruptive meeting participant(s) from a dropdown list and complete the form
  4. Press Send.

Important: These reports are only sent to Zoom’s Trust & Safety team; no one at UCI receives these reports and reporting a user in this way does NOT initiate any form of investigation or other action by UCI staff.

If an incident involves UCI students or if the interruption may include a criminal act, please email TechPrep@uci.edu with the meeting ID and any details you can provide. This information will be investigated and turned over to UCI Security, Dean of Students, and/or the UCI Police Department as appropriate under campus policies and relevant legal requirements.

For more information about Zoom’s reporting process, see Zoom – Reporting inappropriate behavior in a meeting

Resources

Resources from UCI Privacy

UCI Privacy has a variety of resources related to privacy practices, including new resources prepared in light of COVID-19.

The key in many cases is: flexibility. Instructors are encouraged to be mindful of students’ varied remote learning contexts. For instance, not all students may be able or comfortable enabling their video during virtual class sessions.

For more information, see:

Support following a Zoom bombing event

While most Zoombombing incidents are disruptive pranks, some can be extremely graphic, including violence, sexual assault, and racial comments. These images, texts, and spoken words may be highly troubling to meeting hosts and attendees who may benefit from timely, professional assistance.

If you are an employee and would like to speak about a Zoom incident, please reach out to the Employee Assistance Program: http://wellness.uci.edu/facultystaff/eap/introduction.html

If you are a student and would like to speak about a Zoom incident, please reach out to the UCI Counseling Center:  https://counseling.uci.edu/

Zoom and Privacy Consideration for Faculty During COVID-19

March 25, 2020

Dear Faculty,

As we prepare for remote instruction for Spring quarter and you spend more time with UCI’s learning management system (LMS), with Canvas and with Zoom, I write to offer the following:

  1. We have prepared this script for you to announce at the beginning of class meetings:“This [class meeting/discussion group/etc.] is being conducted over Zoom.  As the instructor, I will be recording this session.  I have disabled the recording feature for others so that no one else will be able to record this session.  I will be posting this session to the course’s website at [LMS/Canvas location].  If you have privacy concerns and do not wish to appear in the recording, you may turn video off (click “stop video”) so that Zoom does not record you.  If, when you disable live video, you also want to use a profile image (other than a picture of you) instead of your name, please let me know which image you will be using so that I know who you are during the session.  If you would like to ask a question, you may do so privately through the Zoom chat by addressing your chat question to me only (and not to “everyone”), or you may contact me by another private method.  If you have questions or concerns about this, please contact me.”
  2. You can protect the privacy of your students and enable students with disabilities to absorb each session by taking the following steps:
    1. Record your sessions in Zoom (after modifying your settings as described below), record the session locally, and upload the recording into YuJa for embedded distribution with YuJa Media Chooser.  This will: (i) make it very difficult for someone to grab the link and share/download the session and (ii) allow you to modify the settings in your Zoom profile settings.
    2. Modify settings as follows in your Zoom profile:
      1. Settings/meeting: turn OFF “auto saving chats”
      2. Settings/meeting: turn ON “allow host to type closed captions or assign a participant/third party device to add closed captions”
      3. Settings/recording: turn OFF “local recording: allow hosts and participants to record the meeting to a local file”
      4. Settings/recording: turn ON “cloud recording: allow hosts to record and save the meeting in the cloud”
  3. I encourage you to provide your remote instruction via UCI’s LMS/Canvas.  Although it is not perfect (and we are working to improve it), it provides you with the best protection related to copyright issues in two ways: (a) you have more protection from claims that you have infringed someone else’s copyrights when you use another’s work in your materials if your course is delivered via LMS/Canvas, and (b) the technology of LMS/Canvas makes it more difficult for anyone to copy and distribute your materials.

Thank you for all you are doing for our students so that they can continue their academic progress,

Michael Dennin
Professor of Physics and Astronomy
Vice Provost of Teaching and Learning and
Dean, Division of Undergraduate Education