Trolls Exploit Zoom Privacy Settings...
Mar. 30, 2020
Working and socializing from home has brought new risks to everyday life, as webcam meetings and chatroom cocktail hours contend with privacy invasions, phishing attacks and “ZoomBombings” – uninvited guests abusing the popular video service
Trolls exploit Zoom privacy settings as app gains popularity
‘Zoombombers’ broadcast explicit imagery or abuse other users in video hangouts
Working and socialising from home has brought new risks to everyday life, as webcam meetings and chatroom cocktail hours contend with privacy invasions, phishing attacks and “zoombombings” – uninvited guests abusing the popular video service to broadcast shocking imagery to all.
Public Zoom hangouts have become a popular way to spend time for isolated remote workers, who are joining calls with names such as “WFH Happy Hour” to spend time in the company of others.
But the default settings of the service are configured in the expectation of trust between participants, meaning trolls can wreak havoc. Some zoombombers have used the screensharing feature to broadcast pornography and violent imagery. Others have revelled in the opportunity for exhibitionism, while security experts have said the file transfer feature that is switched on by default could be used to spread malware.
Zoom: the $29bn video-call app you’d never heard of until coronavirus
During one WFH Happy Hour last week, for instance, a troll joined the group and, using the screensharing feature, aired a pornographic clip to the call’s 40 participants. Because the call was public – so that anyone wanting some company in the evening could swing by, replicating a welcoming pub – the anonymous user simply rejoined and continued to broadcast, eventually forcing the hosts, Hunter Walk and Casey Newton, to close the event.
Newton, a journalist, told TechCrunch shortly afterwards: “I want to apologise to all our attendees — including my parents, Jim and Sally, who joined WFHappyHour today for the first time. Today we all learned an important lesson about disabling screen-sharing and saw once again the importance of good content moderation.”
Other zoombombing instances have been more malicious. Ruha and Shawn Benjamin told NBC News of their experience when a racist troll – wearing nothing but a thong – gatecrashed their reading session for children stuck at home and began repeating the N-word multiple times. “Then we knew it was a malicious, targeted thing. My husband and I are both African American,” Ruha Benjamin said.
Other aspects of the service have also come under criticism. One Zoom feature allows hosts to tell if guests are looking at a window other than the Zoom chat – perfect for bosses who want to ensure their employees are paying attention, but an unexpected invasion of privacy for many. On Thursday, Vice News reported that the service’s iOS app was sending some analytics data to Facebook, even if users did not have a Facebook account.
The company said in a statement: “We have been deeply upset to hear about the incidents involving this type of attack. For those hosting large, public group meetings, we strongly encourage hosts to change their settings so that only the host can share their screen. For those hosting private meetings, password protections are on by default and we recommend that users keep those protections on to prevent uninvited users from joining. We also encourage users to report any incidents of this kind directly to our support so we can take appropriate action.”
Share your story
Share your stories
If you have been affected or have any information, we'd like to hear from you. You can get in touch by filling in the form below, anonymously if you wish or contact us via WhatsApp by clicking here or adding the contact +44(0)7867825056. Only the Guardian can see your contributions and one of our journalists may contact you to discuss further.
In a blogpost addressing the rise in zoombombings, the company said: “Like most other public forums, it’s possible to have a person (who may or may not be invited) disrupt an event that’s meant to bring people together.” It offered a list of tips on how to prevent them, such as not posting links on public social media when possible.
Colin Tankard, the managing director of Digital Pathways, a cybersecurity company, said the technical security of Zoom was strong and protected callers against eavesdropping. He said: “The security risks using such services hinge more around how secure your password is in gaining access to your conference dashboard, as if weak passwords are used, a hacker could copy the meeting ID and then connect during the call hiding their identity or appearing as a valid caller.”
But none of the concerns have hurt the fortunes of Zoom Video, the company behind the software. It has become so popular in the last two weeks that on Thursday the US Securities and Exchange Commission suspended trading in stocks in Zoom Technologies, an unrelated company but one with the stock market ticker ZOOM. Zoom Video’s is actually ZM.
That same day an app called Zoom became the third most popular paid app on Apple’s App Store. That Zoom is a £3.99 magnifying glass app. The chat service Zoom is free.
America faces an epic choice...
... in the coming year, and the results will define the country for a generation. These are perilous times. Over the last three years, much of what the Guardian holds dear has been threatened – democracy, civility, truth. This US administration is establishing new norms of behaviour. Anger and cruelty disfigure public discourse and lying is commonplace. Truth is being chased away. But with your help we can continue to put it center stage.
Rampant disinformation, partisan news sources and social media's tsunami of fake news is no basis on which to inform the American public in 2020. The need for a robust, independent press has never been greater, and with your support we can continue to provide fact-based reporting that offers public scrutiny and oversight. Our journalism is free and open for all, but it's made possible thanks to the support we receive from readers like you across America in all 50 states.
Our journalism relies on our readers’ generosity – your financial support has meant we can keep investigating, disentangling and interrogating. It has protected our independence, which has never been so critical. We are so grateful.
We hope you will consider supporting us today. We need your support to keep delivering quality journalism that’s open and independent. Every reader contribution, however big or small, is so valuable. Support the Guardian.