Most videoconferencing platforms are appropriate for low-risk work, like team happy hours and on-the-record interviews, but highly-sensitive work exposes data that requires a higher standard of protection.

Ask yourself: Am I planning to use this tool to communicate data that is important to me, or people close to me?

• Between confidential conversations and community panels, the discussions you have in video meetings cover a range of topics. Some topics are more sensitive than others.

The more sensitive the conversation topic, the greater the consequences will be if an unwanted guest learns about who’s on the call, or what’s discussed.

Ask yourself: If that data were to get into the wrong hands, what would be the consequences?

• Harm manifests itself in many different ways. If the wrong person or group accesses your call data, the consequences may cause different types of harm, ranging from psychological (e.g distress from harassment), to physical (e.g., an escalation to physical surveillance or arrest), to economic (e.g., job loss from reputational damage).

The higher the risk everyone on the call is taking, the fewer trade-offs you can afford to take when selecting where you'll host the conversation. In the next sections, we'll discuss the security and privacy features you'll want to prioritize if you’re doing high-risk journalism or activism. We’ll also ask some questions to help you think through usability, accessibility, and anti-abuse characteristics that are essential for community-building in our changing times.

Evaluating the platform’s security properties

When evaluating the security of any tool, we want to look for signs that the platform takes the job of protecting your data seriously. In addition to establishing technical safeguards that limit the chances your data might fall into the wrong hands, a security-minded service provider also responds to data breaches quickly and transparently.

Let’s talk encryption. For everyday closed-room meetings, or public video streams, the industry’s standard of transit encryption meets your security needs. If you need confidentiality for your next videoconference, you’ll want to look for a tool that supports end-to-end encryption. When a call is end-to-end encrypted, no uninvited party can eavesdrop, and not even the platform facilitating the call has the ability to monitor it.

Looking for past instances of a security breach of the tool is a helpful practice, too. You can learn how the people behind the platform respond to security issues from sources like news clippings, security announcements, and auditor reports.

Here are questions we ask to evaluate the security properties of a videoconferencing tool:

• Does the platform support two-factor authentication? By what methods?
• Does the platform support transit encryption? How is it implemented?
• Does the platform support end-to-end encryption? How is it implemented?
• Has the platform undergone an independent security audit? If so, what were the results, and how did the platform respond to any identified vulnerabilities?
• Has the platform been breached before? How did they respond?

Evaluating the platform’s privacy properties

Every relationship we have with a platform involves trust. In general, we trust videoconferencing tools with all sorts of personal data, such as account information, call logs, contacts, and IP addresses. To gain a sense of how a platform respects the privacy of their users’ personal data, you can look at promises in their terms of service agreement and privacy policy. In addition to reviewing a platform’s legalese, you might learn more from transparency reports, news clippings, and court records, which may reveal if the platform has a history of violating user privacy, either knowingly or through negligence.

We understand that not every meeting requires strict privacy; in fact, sometimes you’ll want a call streamed to a wide audience. When privacy is important to you and the participants on the call, prioritize selecting a platform that collects little or no participant account information, logs very limited call metadata, and doesn't share user data with third parties. Investigate the privacy the platform promises, and think about how well it fulfills your needs.

Here are questions we ask to evaluate the privacy properties of a video conferencing tool:

• How does the platform handle contact discovery?
• Can I use the platform without making an account?
• What user metadata and content is logged by the platform?
• What user data does the platform sell?
• How long does the platform hold on to user data after the user deletes it, or shuts down their account?
• Can I self-host?
• Does the platform publish a yearly transparency report?
• Does the platform alert users to requests for their data?
• Are there any publicly documented cases of law enforcement requests for user data?

Can I get the job done easily and without abuse?

When we communicate with people, it’s important we do so in as safe and comfortable an environment as possible. Depending on who you are, or what topics your community discusses, your definition of “safe and comfortable” is going to be different.

Online abuse can run rampant if left unchecked, especially if the speakers in your video call identify with groups at a higher risk of being targeted with online harassment. In cases when there’s a possibility that a guest in your call might say, spam or share abusive content, you’ll want to use a tool that offers features like password protection on the meeting link, and muting or removing abusive call participants.

In order to participate in a video call, many users need visual and hearing assistance. These accessibility features may look like support for real-time captioning on dialogue, or designing the tool’s interface in a way that plays well with screen readers.

To ensure that a videoconferencing tool meets your minimum standards, you’ll want to evaluate it based on how it protects its users from abuse and prioritizes accessibility needs.

Here are questions we ask to evaluate the abuse-prevention and accessibility properties of a videoconferencing tool:

• Does the platform offer the ability to broadcast?
• Can I use this platform to host closed-room meetings?
• Can I control who can access my call if I want to?
• What is the maximum meeting group size?
• Are there accessibility features? If so, what are they?
• Who can record meeting video? Audio? Chats?
• Is there a way to mute participants in the call? How does it work?
• Is there a way to kick participants off the call? How does it work?