Zoom privacy & security
Options to protect your privacy during Zoom sessions include:
- Turn off your camera
- Use a virtual background
- Do not use a profile picture
- Adjust how your name is displayed
- Be mindful of what you say in chat
March 25, 2020
As we prepare for remote instruction for Spring quarter and you spend more time with UCI’s learning management system (LMS), with Canvas and with Zoom, I write to offer the following:
- We have prepared this script for you to announce at the beginning of class meetings:“This [class meeting/discussion group/etc.] is being conducted over Zoom. As the instructor, I will be recording this session. I have disabled the recording feature for others so that no one else will be able to record this session. I will be posting this session to the course’s website at [LMS/Canvas location]. If you have privacy concerns and do not wish to appear in the recording, you may turn video off (click “stop video”) so that Zoom does not record you. If, when you disable live video, you also want to use a profile image (other than a picture of you) instead of your name, please let me know which image you will be using so that I know who you are during the session. If you would like to ask a question, you may do so privately through the Zoom chat by addressing your chat question to me only (and not to “everyone”), or you may contact me by another private method. If you have questions or concerns about this, please contact me.”
- You can protect the privacy of your students and enable students with disabilities to absorb each session by taking the following steps:
- Record your sessions in Zoom (after modifying your settings as described below), record the session locally, and upload the recording into YuJa for embedded distribution with YuJa Media Chooser. This will: (i) make it very difficult for someone to grab the link and share/download the session and (ii) allow you to modify the settings in your Zoom profile settings.
- Modify settings as follows in your Zoom profile:
- Settings/meeting: turn OFF “auto saving chats”
- Settings/meeting: turn ON “allow host to type closed captions or assign a participant/third party device to add closed captions”
- Settings/recording: turn OFF “local recording: allow hosts and participants to record the meeting to a local file”
- Settings/recording: turn ON “cloud recording: allow hosts to record and save the meeting in the cloud”
- I encourage you to provide your remote instruction via UCI’s LMS/Canvas. Although it is not perfect (and we are working to improve it), it provides you with the best protection related to copyright issues in two ways: (a) you have more protection from claims that you have infringed someone else’s copyrights when you use another’s work in your materials if your course is delivered via LMS/Canvas, and (b) the technology of LMS/Canvas makes it more difficult for anyone to copy and distribute your materials.
Thank you for all you are doing for our students so that they can continue their academic progress,
Professor of Physics and Astronomy
Vice Provost of Teaching and Learning and
Dean, Division of Undergraduate Education
UCI Privacy has a variety of resources related to privacy practices, including new resources prepared in light of COVID-19.
The key in many cases is: flexibility. Instructors are encouraged to be mindful of students' varied remote learning contexts. For instance, not all students may be able or comfortable enabling their video during virtual class sessions.
For more information, see:
Zoombombing occurs when a Zoom meeting link is exploited or hacked by bad actors seeking to disrupt meetings by posting pornographic or otherwise inappropriate images or video, hate speech, harassing commentary, threats, and other disruptive content. Nearly all Zoombombing incidents can be prevented if the Host configures Zoom settings appropriately for their meeting format.
Public meetings and classes require a different list of Zoom security settings than collaborative team meetings. Get familiar with key settings before or at the start of your Zoom Meeting.
Report a Zoombombing event
A Zoom Meeting is designed to show all Participants on the screen throughout the presentation. As such, there are a few things to keep in mind. A user may have an inappropriate Virtual Background. A user may be making inappropriate gestures. A user might have roommates, partners, or spouses who are inappropriately dressed. There is no setting in Zoom Meetings to globally disable the video from all users. As such, it’s best to have an Alternate Host (assigned before the meeting) or a Co-Host (assigned during the meeting) who can quickly identify any users with inappropriate video and disable their ability to show a video during the meeting.
Stopping Video of a Participant
Removing a Participant
Should a participant need to be removed from your meeting. The fastest way is to use the new Security button. If you do not have this button, upgrade your Zoom Client for Meetings by visiting https://uci.zoom.us/download
If you know the name of the individual, press the Security button, and select Remove Participant. A list of all Participants will appear on the right. Select Remove next to any Participants and press OK.
You can also remove someone while in Gallery View
Before ending your meeting and even if you used Remove on several users, if you wish to Report individuals to Zoom, press the Security button then press Report… Select the name or names of users from a dropdown list and complete the form. On the bottom, press Send. Please note that these reports are sent only to Zoom’s Trust & Safety team. Consequently, these reports are not shared with UCI Zoom campus admins or any other UCI affiliates. Reporting a user in this way does NOT initiate any form of investigation or other action by UCI staff.
Report disruptions to UCI
If the incident involves UCI students or if the interruption may include a criminal act, please email TechPrep@uci.edu with the meeting ID and any details you can provide. This information will be investigated and turned over to UCI Security, Dean of Students, and/or the UCI Police Department as appropriate under campus policies and relevant legal requirements.
More information on Managing Participants in a Zoom meeting:
While most Zoom-Bombing incidents are disruptive pranks, some can be extremely graphic, including violence, sexual assault, and racial comments. These images, texts, and spoken words may be highly troubling to Hosts and Participants, who may benefit from timely professional assistance.
If you are an employee and would like to speak about a Zoom incident, please reach out to the Employee Assistance Program: http://wellness.uci.edu/facultystaff/eap/introduction.html
If you are a student and would like to speak about a Zoom incident, please reach out to the UCI Counseling Center: https://counseling.uci.edu/
“Zoombombing” is the exploitation of publicized or hacked Zoom links combined with misconfigured user settings designed to interrupt live conferencing with the posting of pornographic or otherwise inappropriate images or video, hate speech, harassing commentary, threats, and other disruptive content. This can be initiated by one individual, a small group, or a coordinated global attack typically activated when a Zoom link is posted on a public forum or twitter account monitored by bad actors.
The good news is that nearly all Zoombombing incidents can be prevented if the Host configures Zoom settings appropriately for their meeting format. For example, the Host of a small collaborative meeting (where Participants are all known to each other) may encourage everyone to chat publicly and privately, exchange files through chat, allow everyone to freely share their screens and annotate, or enable microphones to go on and off at any time. In contrast, the Host of a public meeting (where Participants are not known to each other), would likely need to have a number of limitations in place so the presentation doesn’t get interrupted and other Participants aren’t distracted by inappropriate actions.
The challenge is in allowing certain Zoom features to be enabled given the meeting format AND for every Host to have a proper understanding of Zoom settings so they can 1) lock down specific features until they are needed, and 2) quickly halt interruptions when they arise.
For instruction and meetings where everyone has a UCI Zoom account, we encourage the Host to enable the Waiting Room option for Guest Participants only. This allows authenticated UCI Zoom accounts to immediately join the meeting while all other users are left in the Waiting Room until expressly permitted by the Host, Co-Host, or Alternate Host. A second option for meetings is to enable “Only authenticated users can join” where anyone who has a uci.edu email address will immediately get into the meeting while all others are prevented from joining. This is a good option when all Participants have a UCI email account OR an account on another UCI-affiliated Zoom service such as UCI-Hipaa Zoom, UCI Health Sciences Zoom, Merage Zoom, UCI Law Zoom, etc. Once your meeting requires users to be logged in, the scope of interruptions is limited to a smaller set of Participants.
In some cases (such as public meetings), the requiring of authentication is not possible. Here are some ways you can evaluate the risk of your Zoom configuration for your Zoom event.
|Risk of Zoombombing||Description||Impact|
|Low Risk||Immediate entry is given to authenticated users while guests are either moderated (Waiting Room) or denied entry (Only authenticated users can join).||UCI affiliated audiences are less likely to interrupt the presentation. We recommend this approach for instruction.|
|Medium Risk||In meetings where authentication is not possible, one approach is to restrict the meeting URL by using a sign-up sheet (external survey for registration). This allows reminder notices to be sent in advance and the direct sharing of a meeting link one or two days prior with a limited number of Participants.||By limiting the distribution of the meeting link to only those individuals who register, there will be less opportunity for bad actors to interrupt the meeting. Locking down all collaborative features is still recommended.|
|High Risk||In some cases, it is necessary to advertise the meeting link in a Zotmail, on a poster, in a press release, etc. When this is absolutely required, it is essential that steps be taken to lock down all collaborative features.||There are bad actors who search for advertised meeting links, share with friends, post on twitter and forums, then attempt to exploit Zoom collaborative meeting settings with intent to disrupt.|
This page last updated:
September 22, 2020