At UserTesting, the security and privacy of your data are extremely important to us. We’ve recently received some questions about the security of Live Conversation sessions using Zoom as the video conferencing software vendor. Here are some of the common questions we’ve heard from customers:
Q: What does UserTesting do to prevent “Zoombombing”?
A: “Zoombombing” is a recent term describing a situation where uninvited attendees join and potentially disrupt a Zoom-hosted meeting. To protect your Live Conversation sessions from Zoombombing, UserTesting requires a password for each session. Uninvited guests cannot join your session by guessing a 9 digit meeting ID. And to keep the experience simple for you and your participants, we embed the meeting ID and password in the private URL required to join a meeting. A single click or tap starts the meeting with enhanced security.
Q: Is the URL that UserTesting provides for Live Conversation sessions secure?
A: UserTesting uses industry best practices for the security of Live Conversation meetings. The URL is long and complex. It cannot readily be guessed. The password portion alone is 32 characters long. And to keep it even more secure, we don’t expose it directly to users until the session is going to begin. Live Conversation participants don’t receive the actual URL until 15 minutes before the session is scheduled to start.
Q: Can an uninvited user gain access to a meeting by viewing and entering a meeting ID in the Zoom window?
A: No. In the latest release of Zoom, the meeting ID is not visible. Even with a meeting ID, an uninvited user would not be able to access a meeting because all Live Conversation sessions also require a password.
Additionally, we adhere to these aspects of Zoom 5.0 features:
- All traffic is encrypted to the AES 256 standard now
- None of our traffic will flow through China, which is a concern for some regarding international interference
Q: There were reports that there were some issues related to Zoom installation problems on Macs. Is installing Zoom on Macs safe?
A: An earlier version of the Zoom installer for Mac OS performed some tasks without permission. This approach potentially made it possible for malware to access the system undetected. Zoom updated their installers to fix the problem. Apple also made changes to prevent old installers from causing problems when they were still in use.
Q: There were reports that there were problems with Zoom exposing user credentials through chat. Has this issue been addressed?
A: An earlier version of Zoom included an issue related to chat in windows. This was fixed by Zoom shortly after it was reported.
Q: How does UserTesting transmit and store Live Conversation data and files?
A: We use industry best practices to protect the audio and video as it moves across the internet from participants to Zoom and from Zoom to the UserTesting platform. All transmissions are encrypted using industry-standard protocols (TLS 1.2 or greater). And the recorded video and audio are encrypted at rest as well using industry-standard encryption (AES-256).
Q: Where can I learn more about Zoom security?
A: Zoom has been posting information about their security on their blog.
Q: Where can I find additional information about UserTesting’s data and information security?