Friends are added by entering in their exact username or allowing the app to look through your contacts or Facebook friends. If you allow the app to see your location, you can also request to be friends with people physically near you (kind of moot during a global shutdown).
Because you’re likely to end up with a very diverse list of friends, it’s important to get to know the “lock” feature. Hitting the padlock once a chat’s going makes it so nobody else can drop in without asking. By default, people using Houseparty can see when their friends are in a room and will be able to barge right in, so you could conceivably end up in a chat with friends of friends you don’t know. If you never want to be in an open room like this, you can enable private mode in settings to automatically lock every room you’re in.
Houseparty has become a popular app for school-aged kids who want to keep up with friends from home. If you’re worried about your child using Houseparty you should make sure they know to use the lock or private mode options, and that they’re only adding people they know personally. Houseparty is a less scary service than many in this sense, because you can essentially only add people you know, but if you don’t lock the rooms or if you’re playing fast and loose accepting Facebook friend requests it could still get dicey. Consider downloading the app yourself and asking your kid to add you; that way you can always check in to see who they’re in a room with.
Finally, there were rumours circulating last month that installing Houseparty allowed hackers to take control of your other accounts including Spotify and even banks. This is very likely not the case. The Houseparty app only asks for permissions it needs (microphone and camera, plus optionally contacts, Facebook or location), and there’s no indication it has suffered any kind of data breach.
Focused less on socialising and more on remote conferencing for businesses and schools, Zoom has also seen a massive uptick in users since social isolation measures began, with the company behind the service saying there are now 200 million people using it, up from 10 million just weeks ago. This is a much more versatile program with a lot of features and settings, which is great for general business use but has caused some issues now that there are 20 times more people on board.
Potential weaknesses in Zoom’s encryption standards have seen companies, including NASA and more recently Google banning their employees from using Zoom when working from home. While iffy encryption is a serious concern for secretive businesses and government agencies, most regular folk don’t need to worry as much. You should be more concerned with locking down your settings to block out scammers and interlopers.
By default Zoom trades quite a bit of security for increased convenience, and while the company has been working to strike a better balance since reports of “Zoombombing” started making international headlines, there are still several things you should do.
By default you need a meeting ID and a password to join a Zoom call, and making sure you only distribute these to the people you actually want to join is the most important step to prevent uninvited guests, or Zoombombers. Do not post the details of your meeting on Facebook or Twitter, or anywhere on the internet they might be seen by anyone other than the intended attendees.
You also have the option of sending a Zoom URL, which combines the ID and password so users can join the meeting in a single click. This is the most convenient option, but not the safest. Aside from making it easier for an invitation to fall into the wrong hands, it also encourages people to click apparent Zoom URLs that land in their email inbox, which are increasingly being used by scammers to steal personal info. To be safe, distribute meeting IDs and passwords instead. Attendees can enter these in the Zoom app or website to access a meeting.
Every Zoom user also has a personal meeting ID, which other users can use to connect directly to you at any time. Think of it like your own office, where people you know can drop by unannounced. You have the option to use this ID when setting up meetings, but from a security standpoint that’s a bad idea. Stick to generating new, randomised meeting IDs each time, and prevent your personal ID from being published on the internet in any capacity.
And just in case, despite your best efforts, someone dodgy does make it into your Zoom chat, there are a couple of settings in your profile you should change from the defaults to limit the potential damage. Specifically, make it so that only the host (i.e. you) can share their screen, and turn off file transfers. If you are Zoombombed, the last thing you want is for your meeting to become an impromptu pornography party, or for the scammer on the other end to start distributing malware.
Tim is the editor of The Age and Sydney Morning Herald technology sections.