Don’t Bomb at Zoom

ZoomBombing—the disruptive trolling of online meetings—has taken off in recent weeks as many workers abruptly transitioned from their usual work day to working from home. It’s not an intractable problem—here’s how to protect yourself (and your employees) from trolls and keep your meetings classy.

A Vital Link Gone Viral

I’ve been using technology to bridge the geographic gap between my home office and my clients around the world for years. I live on the side of a mountain at the tail-end of the Rockies—technology is vital to my small business’s survival.

One of the tools I’ve used consistently has been Zoom, initially because of its wide adoption in the telehealth setting. Technological tools employed in health care and research—email, databases, cloud storage, video conferencing, etc.—require high levels of security and privacy. (In my experience, not every institution follows those guidelines, but that’s another story.)

There is mounting evidence, however, that Zoom’s privacy policy has expanded as its platform has evolved, and not necessarily in all the right directions. Anyone who follows cybersecurity was alarmed by the latest changes to the policy, with push back and horror springing up all over Twitter. (For more information, see the Consumer Reports piece from 30 March 2020.) Vice News reported that Zoom’s iOS app is sending data to Facebook—whether or not the user actually has a Facebook account. (More about FB below.)

While these changes are incredibly disappointing, they should be almost immaterial. If you are discussing highly sensitive topics over Zoom or any other platform, you are assuming a certain amount of risk no matter what the provider’s policy may be. Time and again, we see servers being hacked and sensitive data moved to the dark web, regardless of privacy policies. Some information may simply be better shared via end-to-end encrypted email,  over secure networks, between secure computers. (Yes, Zoom claims to have end-to-end encryption, but this claim has been questioned by The Intercept. Read Proton’s assessment here.)

It’s not enough to scare me off…yet. So let me share what I’ve learned about running a secure meeting on Zoom, plus a couple other tips for staying safe and keeping it classy (always remember: they can see you).

Protecting Yourself from ZoomBombing in 9 Easy Steps

With the sudden influx of so many people who are new to the Zoom platform, some weird things have been happening. It’s called ZoomBombing—meetings getting porn-bombed or pelted with hate speech. So here’s my easy list of things to know about Zoom for new users who want to use it safely and porn-free:

  1. Don’t share your Personal Meeting Room ID. That is a static (unchanging) URL for your use with friends and colleagues only, your personal virtual meeting room that’s always “on.” Just like you would not allow random people off the street access to your physical meeting space in your office, control your virtual meeting space by limiting who you share that PMI with.
  2. Don’t broadcast your meeting links. You’re not getting “hacked” if you give everyone the link to your meeting, you’re getting trolled (there’s no skill involved in clicking on a link and being a hateful jerk). So, just like you lock your doors so you can control who enters your home, don’t leave the front door to your meeting wide open. Don’t post that link on social media.
  3. Do require a password to join a meeting. This is the default setting. Give the password only to people invited to the meeting.
  4. Use the waiting room feature. As the meeting host, you can see who is waiting to join the meeting and approve attendees on an individual basis.
  5. Lock the meeting once everyone has joined. This prevents “crashers.”
  6. Don’t allow others to share their screens. As host, by default you can always share your screen, but you can allow others to as well if you choose. If you are concerned about trolls, then make sure your settings disallow screen sharing by anyone other than you, the host.
  7. Disable file transfers. This will assure that no malware (or porn or other unwanted materials) is being passed around to your participants if a troll does manage to enter your meeting.
  8. Use the “remove” feature if needed and disable the “allow removed participants to rejoin” option. If a meeting attendee gets inappropriate, they may be removed from the meeting with the click of a button. Don’t allow them back in.
  9. Use the webinar function. If you are having less of a meeting and more of a training session, then participants are hidden from view in the webinar mode. You can even disable the chat function, or set the chat function to be for the eyes of the host/panelist only. And yes, you can boot someone from a webinar using the remove function, too. On the flipside, you can have selective audience participation during a webinar if you choose via chat shared with all attendees, plus the ability to promote an attendee to a speaker or even panelist role (which can be removed with the click of a button by the host).

And of course there is always the mute feature that allows the host to mute attendees. As a host, I use it all the time, because there’s that one person who, without fail, does not think the request to mute mics when not speaking applies to them and their potato chips. (Without fail.) You can also cut the video feed from a participant (but I’ve never had to do that!).

Similarly, if you are an attendee, mute your mic to limit background noise, but also to limit the potential for “oversharing”—your family members or roommates stuck inside with you deserve to have some privacy, too! Plus, the cat meowing for attention. And the dog yelling at the bobcat or bear out in the yard (Like they care. They don’t, which drives the dog even more nuts).

Regarding video, if you are on camera, be aware that others can see not just you, but the room you are in. Be very careful about what you passively “share.” At worst, you don’t want some creeper to know your location due to something that can be seen out of your window. At best, even if it is tidy, in most professions your colleagues don’t want to see your bedroom. Keep it professional, even if you are wearing a sweatpants with your dress shirt. A tidy, uncluttered area works well. And just give up now and realize your cat will make an appearance, and that’s okay, unless your meeting is with dogs (in which case it might be disruptive).

One Last Thought: Zoom Is Not Anonymous

Just so you know, the host of the meeting or webinar knows when you come and go from the meeting. There is a function that tracks “attentiveness”—basically, how long the window for the session is open on that attendee’s computer (i.e., it knows when they switch away from the Zoom screen). And, if you log in using your Facebook credentials, it collects info from your Facebook profile. (Remember, use unique credentials for every app and service if you want privacy—do not use your Google and Facebook credentials to open other accounts!!)

Further, meetings and webinars can be recorded. When a session is being recorded, a red light with a “recording” message appears in the upper left part of the Zoom screen. The host should announce if a meeting is being recorded and obtain permission, but that does not always happen, so be proactive and watch for that red light. If you are not comfortable being recorded, you can either limit your participation (mute mic, cut video) or leave the meeting/webinar.

Recorded sessions may be stored on the host’s drive or stored on a drive at Zoom. In fact, there is some concern that the privacy notice from Zoom gives the company wide latitude for the use of those recordings, something Zoom disputes. As I said at the beginning: That’s almost immaterial. If you are discussing highly sensitive topics over Zoom or any other platform, you are assuming a certain amount of risk no matter what the company’s policy may be—some information, simply, may be better shared via encrypted email, over secure networks, between secure computers.

Have any additional tips? Share them in the comments!

One thought on “Don’t Bomb at Zoom”

Comments are closed.