© matiasdelcarmine - stock.adobe.com
<h2>“<a href="https://www.nytimes.com/2020/03/20/style/zoombombing-zoom-trolling.html" target="_blank">Zoombombing</a>” in case you haven’t heard, is the unsavoury practice of posting distressing comments, pictures or videos after gatecrashing virtual meetings hosted by the videoconferencing app <a href="https://zoom.us/" target="_blank">Zoom</a>.</h2>
<p>In some cases, online trolls have crashed alcohol support group meetings held via the app. “Alcohol is soooo good,” <a href="https://thehill.com/policy/technology/490467-zoom-deeply-upset-after-online-trolls-interrupt-virtual-aa-meetings" target="_blank">the trolls reportedly said</a> to one group of recovering alcoholics.</p>
<p>In another incident, a Massachusetts-based high school teacher conducting an <a href="https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic" target="_blank">online class</a> had someone enter the virtual classroom and shout profanities, before revealing the teacher’s home address.</p>
<h2>Easy targets</h2>
<p>The problem is that Zoom meetings lack password protection. Joining one simply requires a standard Zoom URL, with an automatically generated nine-digit code at the end. A Zoom URL looks something like this: https://zoom.us/j/xxxxxxxxx</p>
<p> ;</p>
<p>Gatecrashers may only have to try a handful of code combinations before successfully landing a victim. The meeting’s host doesn’t need to grant permission for others to join. And while hosts can disable the screen share function, they’d have to be quick. Too slow, and the damage is done.</p>
<p>Last week, Zoom upgraded security on its <a href="https://support.zoom.us/hc/en-us/articles/360041591671-March-2020-Update-to-sharing-settings-for-Education-accounts," target="_blank">default settings</a>, but only for education accounts. The rest of the world needs to do this manually.</p>
<h2>Video conferencing is incredibly valuable</h2>
<p>Video conferencing technology has matured in recent years, driven by <a href="https://www.theverge.com/2020/4/1/21202584/zoom-security-privacy-issues-video-conferencing-software-coronavirus-demand-response" target="_blank">massive demand</a> even before COVID-19.</p>
<p>With social distancing restriction, virtual meetings are now the norm everywhere. Platforms like Zoom, Microsoft’s Skype and <a href="https://www.uctoday.com/collaboration/video-conferencing/top-10-video-conferencing-providers-2019-whos-king-of-collaboration/" target="_blank">others</a> have stepped up to meet demand.</p>
<p>Zoom is a <a href="https://azure.microsoft.com/en-us/overview/what-is-cloud-computing/" target="_blank">cloud-based</a> service that allows users to freely talk to and share video (if bandwidth allows) with others online. Notes, images and diagrams can also be shared to collaborate on projects. And meetings can have up to <a href="https://zoom.us/pricing" target="_blank">hundreds, even thousands, of participants</a>.</p>
<h2>How to stop the trolls</h2>
<p>Zoom is primarily a corporate collaboration tool that allows people to collaborate without hindrance. Unlike social media platforms, it was not a service that had to engineer ways to manage the bad behaviour of users – until now.</p>
<p>In January, Zoom <a href="https://support.zoom.us/hc/en-us/articles/201361953-New-Updates-for-Windows" target="_blank">issued a raft of security patches</a> to fix some problems. If you get a prompt from Zoom to install updates, you should – but only if these updates are from Zoom’s own app and website, or via updates from Google Play or Apple’s App Store. Third-party downloads may contain malware (software designed to cause harm).</p>
<p> ;</p>
<p>While up-to-date software is your first line of defence, another is to keep your meeting URL away from public forums such as Twitter. Anyone with meeting’s URL can join, after which they’re free to post comments, pictures and videos at will. If you’re hosting a meeting that gets Zoombombed, disable the “screen sharing” option as quickly as possible.</p>
<p>Another option for more security is to use the “waiting room” function. This makes people wanting to join visible to the host, but keeps them out of the main meeting until they’re allowed in. This option is turned off by default. You can enable it by signing-in to your Zoom account at <em><a href="https://zoom.us/" target="_blank">https://zoom.us/</a></em> and clicking “Settings”.</p>
<p>Other tips:</p>
<ul>
<li>
<p>ensure screen sharing is possible for the host only</p>
</li>
<li>
<p>turn off the function that allows file transfer</p>
</li>
<li>
<p>turn off the “allow removed participants to rejoin” setting</p>
</li>
<li>
<p>turn off the “join before host” setting</p>
</li>
<li>
<p>turn on the “require a password” setting for meetings.</p>
</li>
</ul>
<figure><iframe src="https://www.youtube.com/embed/XhZW3iyXV9U?wmode=transparent&;start=0" width="440" height="260" frameborder="0" allowfullscreen="allowfullscreen"></iframe><figcaption><span class="caption">This video explains the ins and outs of setting up a safe Zoom session.</span></figcaption></figure>
<h2>Who are the trolls?</h2>
<p>With many Zoomombing attacks being on educational institutions, it’s likely a large number of these trolls are simply mischievous students who obtain meeting URLs from other students or chatrooms.</p>
<p>But zoombombing is by no means restricted to the classroom. With the world in lockdown, extremists of all kinds are finding ways to relieve their confinement frustration. We’ve known for some time that being able to operate anonymously on the web <a href="https://www.psychologicalscience.org/observer/who-is-that-the-study-of-anonymity-and-behavior" target="_blank">does not bring out the best in people</a>.</p>
<p>At present, it doesn’t appear Zoombombing is an organised criminal activity. That said, it’s probably only a matter of time before someone finds a way to leverage financial reward from the practice. This could take the form of business intelligence gleaned from listening in to the meetings of rivals and competitors, in a similar fashion to planting a “bug” in the room.</p>
<p>Similarly, we could see a black market for Zoom URLs emerge among professional hackers, who would have new incentives to hack various systems to obtain valuable URLs.</p>
<p>Cybersecurity experts, privacy advocates, lawmakers and law enforcement are all <a href="https://www.theverge.com/2020/4/1/21202584/zoom-security-privacy-issues-video-conferencing-software-coronavirus-demand-response" target="_blank">concerned</a> Zoom’s default privacy settings don’t do enough to protect users from malicious actors.</p>
<h2>The bottom line</h2>
<p>As the COVID-19 pandemic leads the world to do their work online in isolation, the technology that allows this freedom must come under close scrutiny.</p>
<p>Zoombombing is progressing from a student prank to <a href="https://www.adl.org/blog/what-is-zoombombing-and-who-is-behind-it" target="_blank">more serious</a> incidents of <a href="https://www.buzzfeednews.com/article/salvadorhernandez/zoom-coronavirus-racist-zoombombing" target="_blank">racist, sexist</a> and <a href="https://www.huffingtonpost.com.au/entry/nazi-zoombombing-jewish-yeshiva-university_n_5e84f704c5b692780506d519?ri18n=true" target="_blank">anti-semitic</a> hate speech.</p>
<p>Fortunately, safeguards aren’t difficult to build into such videoconferencing technologies. This just requires a willingness to do so, and needs to be done as a matter of urgency.<!-- Below is The Conversation's page counter tag. Please DO NOT REMOVE. --><img style="border: none !important; box-shadow: none !important; margin: 0 !important; max-height: 1px !important; max-width: 1px !important; min-height: 1px !important; min-width: 1px !important; opacity: 0 !important; outline: none !important; padding: 0 !important; text-shadow: none !important;" src="https://counter.theconversation.com/content/135311/count.gif?distributor=republish-lightbox-basic" alt="The Conversation" width="1" height="1" /><!-- End of code. If you don't see any code above, please get new code from the Advanced tab after you click the republish button. The page counter does not collect any personal data. More info: https://theconversation.com/republishing-guidelines --></p>
<hr />
<h6><a href="https://theconversation.com/profiles/david-tuffley-13731" target="_blank">David Tuffley</a>, Senior Lecturer in Applied Ethics &; CyberSecurity, <em><a href="https://theconversation.com/institutions/griffith-university-828" target="_blank">Griffith University. </a></em>This article is republished from <a href="https://theconversation.com" target="_blank">The Conversation</a> under a Creative Commons license. Read the <a href="https://theconversation.com/zoombombers-want-to-troll-your-online-meetings-heres-how-to-stop-them-135311" target="_blank">original article</a>.</h6>

EXCLUSIVE: Teachers used to be paid two to three times more than minimum wage workers,…
After an “overwhelming” vote to reject the latest Government offer, secondary school teachers will begin…
Second-language learning should be compulsory, says a new report from a forum bringing together academics,…
A new entitlement aimed to improve access to learning support coordinators for schools with students…
Educators have raised questions about the Ministry of Education’s new secondary school subjects, set to…
Professional learning and development (PLD) for teachers needs to be higher impact for teachers and…
This website uses cookies.
