The video communications service Zoom, also in use at the University of Helsinki, has received a great deal of attention lately. Potential threats related to the service’s information security and privacy protection have been discussed in the media. Below, you can find detailed information on the service’s information security, as well as tips for managing your video conferences.
Funet Miitti (Zoom) and the public Zoom service are different services
The University of Helsinki uses the Funet Miitti (Zoom) service, which is provided by CSC and implemented through the NORDUnet in cooperation with other Nordic countries. The service is implemented in compliance with Finnish law and European data protection regulations. The Zoom service provided by CSC and NORDUnet is technically different from the Zoom service provided by the US-based Zoom Video Communications, Inc.
The news on the transmission of phone numbers or credit card information do not concern the service provided by CSC and NORDUnet. The NORDUnet environment does not use Zoom cloud storage, and Zoom has no access to the video or audio from meetings. The service description of Funet Miitti is public and you can find it on the CSC wiki.
Update the Zoom iPhone application
On 25 March, we learned from the media that the Zoom iOS application (iPhone, iPad) sends information from the device to Facebook, but Zoom had not mentioned the transmission of information in the privacy policy published on the App Store. The transmission of information was related to the application’s ‘Login with Facebook’ feature (Facebook SDK), which would send data from the device to Facebook whenever Zoom was opened or closed. Zoom has removed the Facebook SDK that sent the information from its iOS application. On Friday 27 March, Zoom published an updated version (4.6.9) of its iOS application. We recommend that iOS users install the update.
The information sent from Zoom to Facebook did not include personal data or data related to meetings, such as names of attendees. The information included technical data on the device used, as well as other data that cannot be used to identify individual people.
- Please note: Facebook login to the University of Helsinki Zoom service has not, at any time, been possible.
- Read the Zoom press release.
Limiting the number of attendees
According to the media, some Zoom meetings have been interrupted by uninvited guests, while other meetings have been distracted with inappropriate video material. Keep in mind that if the host of the meeting organizes an open Zoom meeting, anyone with the participation link can attend the meeting. Only share the link with people you want to invite to the meeting. You can also require registration for larger meetings (“Registration” under the meeting settings), allowing you to get a list of participants in advance and making management easier.
- Please note: If you only send invitations to people you want to invite, you will not have any unwanted guests attending your meeting. The links for open meetings can be shared in the same way as for other cloud services.
There are many ways to limit access to a meeting:
1. The host may limit access to the meeting by setting up a password. The host of the meeting can create a password in the room settings by selecting “Require meeting password” and specifying a password. If selected, only people who know the password can log in to the meeting.
2. The host can determine whether the meeting is open for everybody or only for authenticated users. You can do this by selecting “Only authenticated users can join”.
3. The host can lock the meeting by using the ‘Lock meeting’ function once everybody invited is present. After you have locked the meeting, new participants may no longer join. To lock the meeting, open the list of attendees, click ”more” and select “lock room”.
During the meeting, the host can remove individual attendees by hovering the pointer over the attendee’s name, clicking “more” and then selecting “remove”. In addition, the host can specify who is allowed to share their screen or use the chat.
Read Zoom’s instructions for hosting a meeting.
Attendee attention tracking is not enabled for Zoom at the University of Helsinki
The media have also pointed out that the host of a video conference can monitor whether other users have the application window open and active when someone is sharing a screen. The function is called Attendee attention tracking. This functionality has been turned off for the University of Helsinki Zoom service since the initiation of the service.
Stay up to date on university IT news by following us on Twitter @IT_HelsinkiUni!