Zoombombing

There has been a lot of talk in the past few days about “zoombombing” – having an interloper interrupt a Zoom session with racist, sexist, or pornographic material.

Since Zoom and other video platforms are bearing the brunt of the load for letting us interact with each other at a distance, this can be a real problem, particulalrly for teachers and students using the platform to conduct education remotely. First, let me suggest that this is not a problem with Zoom’s security per se – the streams are encrypted in both directions, and Zoom has not, to my knowledge, had a significant problem with hackers except for instances where some linking software has hooked Zoom into other platforms (most noteably, Cisco). So, zoombombing is apparently a classic example of the thing that causes most security problems online – user behavior.

The basic problem seems to be that log in URL’s and passwords are being shared in a way that makes them vulnerable to hacking and stealing (or are inappropriately given to bad actors by legitimate attendees). So, the first line of defense is to protect the URL’s and passwords. Doing so can be a bit onerous, but in situations where the information you are dealing with is sensitive, it’s worth the effort. So, some of the options are to use a URL and a password, but not to send the URL and password together, or to send one via email and supply the other by phone, or to use encryption devices to pass log on information to participants.

If you are a host, there are some settings you can change that will help you either block or expel bombers if they get into your session:

1) Disable “Join Before Host” so people can’t cause trouble before you arrive;

2) Enable “Co-Host” so you can assign others to help moderate;

3) Disable “File Transfer” so there’s no digital virus sharing;

4) Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in.