This article is a preview of The Tech Friend newsletter. Sign up here to get it in your inbox every Tuesday and Friday.
When Zoom video calls became inescapable in early 2020 due to the pandemic, so did Zoom-bombing intrusions.
That year, a virtual student government meeting at the University of Florida and an Atlanta-area high school class were derailed by intruders shouting racial slurs and other hateful material. Harassers crashed Alcoholics Anonymous meetings to troll people who abstained. A Zoom chat hosted by Chipotle ended after a participant broadcast pornography to hundreds of people’s screens.
Fast forward to 2023 — Zoom-bombing still happens but security experts say it is far less prevalent than it was in 2020 and not only because we’re interacting more in person.
Zoom actually helped tame Zoom-bombing partly by making its product more difficult for you and for online harassers to use. Essentially, the company traded some of your convenience for your safety.
I have tips at the end of this article for how you can further beef up your protections from Zoom-bombing. But the point is, you probably don’t have too. The company did a lot of the protection for you.
There is a lesson here. The success of reducing Zoom-bombing shows how the zeal to make technology a breeze for you comes with trade-offs.
And with more of you concerned about security of your digital accounts, nagging robocalls or bullying of children online, the taming of Zoom-bombing is proof that you don’t have to accept horrible downsides as the price of being connected.
Let’s take stock of why the risk of Zoom-bombing declined: Zoom changed. And so did we.
Zoom-bombing was possible in the first place largely because of the company’s choice to make video calling easy.
It was simple to organize a virtual meeting or join one, but that feature became a weapon for trolls. Just as you could join your school district’s Zoom meeting with one click, so could anyone else who saw the meeting link on Twitter and wanted to disrupt it.
After Zoom was embarrassed by Zoom-bombing headlines and castigated by public officials, the company was forced to change its ways. The company ended one-click easy access to meetings for everyone.
Now before you enter a meeting, you have to be invited or enter a password set by the host. There is a virtual “waiting room” and you won’t be allowed into the call without permission. Or, a virtual meeting might allow in only people who are logged into a Zoom account with their name and other personal information.
Those were all options you could choose on the platform in the Zoom-bombing peak of 2020. But now at least one of those safety measures is automatic for every Zoom meeting you create or participate in. Essentially, the virtual gatherings got safer from intrusions without you having to do anything.
“That’s the right way to do it — we call it ‘secure by default,’” said Chris Evans, the chief information security officer of cybersecurity firm HackerOne.
What Zoom did might not sound like a big deal, but it is.
Technology companies love to brag about how they remove “friction,” or erase any small barriers to you using their product. Buying $1,000 patio furniture with one click on Amazon is no friction. Having to hunt in your email for the password to your Zoom knitting group is friction.
Zoom made its product a little more annoying for you to use to cut the risk that your knitting group would be bombarded with porn. It is a reminder, too, that the built-in settings in our technology really matter.
Zoom isn’t declaring victory against Zoom-bombing. (And the company uses the term “meeting disruptions” rather than Zoom-bombing.) But Zoom told me that making everyone jump through more hoops made it less appealing for jerks who were looking for an easy way to be a jerk.
Zoom-bombing is “an opportunistic bad act,” said Josh Parecki, head of trust and safety at Zoom Video Communications.
He cautioned that the company will have to change its tactics against Zoom-bombing as people figure out new methods to interrupt your meetings. “The one thing I want to make super clear is like spam, meeting disruptions will always evolve,” Parecki said.
Zoom also increased the staff responsible for security, started to notify meeting hosts proactively if Zoom believed their meetings were at risk of Zoom-bombing and began to offer cash rewards for technology specialists who alert to security flaws in its product.
But Zoom wasn’t the only one that changed — we also became more careful about video calls.
After his March 2020 meeting about religion and mental health was interrupted by racial slurs, Zahed Amanullah said he and his colleagues altered their behavior.
Now when he organizes large Zoom sessions with the Institute for Strategic Dialogue, an organization opposed to extremism and social polarization, participants must register in advance. People are blocked from chiming into web sessions until the question-and-answer portion.
The group also stopped posting the links to their seminars on social media, where it was easy for would-be harassers to find. Instead the social media posts recommend that interested participants contact organizers privately over WhatsApp for more information including the Zoom link.
“We were able to see that there were multiple steps that we had overlooked with security,” Amanullah said.
Amanullah essentially stopped Zoom-bombing by becoming more suspicious of everyone. It’s sensible and also a little sad.
As with spam, robocalling, online bullying, and cyberattacks, you can take steps to make yourself less vulnerable to Zoom-bombing, but the responsibility cannot be yours alone.
Systemic technology problems aren’t fixed through individual action. That’s what was so powerful about what Zoom did to make meetings more locked down by default. It’s not always so straightforward to repair what you don’t like about technology in your life.
The Zoom experience is also a moment to reflect on how much you are willing to give up for safety and peace of mind for yourself and others. There’s no simple answer.
How would you feel, for example, if your credit card company required you to take an extra step to prove your identity when you buy something online? Some countries including Great Britain require this by law for some online purchases. Extra verification reduces fraud but it’s annoying. Some of your legitimate purchases might be declined or delayed.
Some companies and apps, including pornography sites and streaming video services, are also asking people for identification to keep out kids. It’s a hassle and it’s intrusive.
In Zoom’s case, it was a good trade off to give up a little convenience to stop intrusions. But it’s not always so simple to know how much you should give up for the promise of safety and security.
Tips to protect yourself from Zoom-bombing:
If you’re hosting a private book club or a work meeting with people you know, you don’t have to worry too much about being Zoom-bombed.
But if you have safety concerns or are hosting a relatively large and public Zoom event like a virtual memorial service or a neighborhood meeting, try one or more of these extra measures to make your online gathering more secure from intruders:
1. Choose the feature to “Enable Waiting Room.” This lets you decide one-by-one which people are permitted to enter your Zoom call.
To turn this on, pick “Schedule” to plan a meeting in the future. Under “Security,” flip the switch for “Enable Waiting Room” so the button is green.
2. Choose “Approve or Block Entry for users from specific countries/regions.” If you’re hosting a neighborhood meeting in Tucson, you might not want people from South Carolina or Brazil to join.
To use this feature, select “Schedule” to set a Zoom call in the future. Then select Meeting Options → Advanced Options → Approve or Block Entry for Users from Specific Countries/Regions.
3. Don’t post links to Zoom meetings on Facebook, Twitter or other public social media. If possible, use social media only to publicize an email address or other contact information for people who are interested in attending your event. You can vet the would-be attendees and share the event link privately only with them.
4. If someone does Zomb-bomb your meeting, you have two emergency options.
- “Remove participant” to eject a person who is disrupting your meeting. Depending on how you use Zoom, you might find this feature under the “Security” options at the bottom of your Zoom screen or under More → Security at the bottom of the screen in your Zoom smartphone app.
- Or select “suspend participant activities” to pause everything until you have a chance to figure out what went wrong. Again, you might find this feature under the “Security” options at the bottom of your Zoom screen or under More → Security at the bottom of the screen in your Zoom smartphone app.
- If you select this option, your meeting continues but everyone’s audio and video is disabled. You have the option to select “suspend and report,” which automatically records details from the Zoom call and, if you choose, sends that information to Zoom to investigate. Once you have figured out who is interrupting the meeting, you can slowly unlock the participants who are welcome and turn on their audio and video individually.
- You can also choose “lock meeting” from the Security options to stop additional people from joining if your meeting grows too large.
If you’ve been asked to help a friend or a relative with a tech problem, Chris Velazco has great news for you.
Most Windows and Mac computers come with built-in and free technology to reach out and take control of someone’s computer to fix problems when you are not in the same room. It’s handy! It’s also not super easy.
Chris (and Betty) have recorded a video and Chris has written instructions walking you through how to use these remote assistance features.
Help Desk tech reporter Chris Velazco lays out how you can use tools in Windows and Apple computers to fix your parent or friend's computer. (Video: Monica Rodman/The Washington Post)