This Won’t Stop Us

We’re simultaneously devastated and emboldened. And when we feel like this, our response is to buckle down and do some reflecting, research, and planning to improve what comes next. 

So, here’s what happened: we were zoom-bombed. On Sunday, June 7th, we were thrilled to offer a 2-hour online Black Wellness Retreat led by Kamilah Majied and Ruth King. The retreat was freely offered and shared widely on social media. Over 900 people registered, by far our largest online gathering ever. We’ve been coordinating webinars for 11 years and had never seen this scale of response, demonstrating the value and need of a gathering like this.

And it was a beautiful gathering. Full of heart and healing. And then…

A little over halfway into the retreat, we were zoom-bombed. It happened at a point where participants were sharing their thoughts; mics were unmuted. Once the attack happened, we tried to locate the attacker(s) as quickly as possible, but with hundreds of attendees to search through, the quickest thing to do to stop the attack was to end the meeting. We did our best to regroup with a link to a new Zoom meeting, and about half of the participants were able to gather again after the attack. 

This was devastating. It was incredibly harmful. It was frustrating. But it won’t stop us. We are committed to providing online space for our community and we will not be discouraged.

We are learning what more we can do to improve the safety of our program attendees for future events. We want to share what we’re learning, because these attacks are an increasingly common problem, especially for open, public, and educational gatherings. We hope this information is helpful for increasing the safety of the online events happening in your communities. If you have further resources, please send them to us at info@contemplativemind.org

In community,

CMind

 

To Help Prevent Zoom-Bombing

First, consider the kind of participant interaction you wish to have: it’s an unfortunate reality that more opportunities for interaction create more opportunities for attacks.

  • Do participants need to see each other, share their screens or files, live chat, have screen drawing privileges, or work in small breakout groups? Each of these modes of interaction has been abused by zoom-bombers, so your planning will need to take that into account.
  • If you only require a presentation and little to no interaction, consider using a service like GotoWebinar instead, or the Zoom Webinar format, as it does not allow users to interact or take over the presentation.

Zoom does now offer meeting passwords and waiting rooms, but these seem most effective if you are hosting a closed meeting where you know each individual: in such a situation, you can share passwords among your known group members and easily recognize intruders. But for large, open, public events where you simply can’t approve each attendee, you will need to think through additional security measures.

If attendee interaction is required/desired during your open, public gathering:

  • Consider how to alter your registration form to ask for more contact information; consider making these fields required. Spammed and spoofed registrations often have incoherent or nonsensical/bot-style responses. Consider manually approving each registrant instead of using the automatic approval option.
  • Make sure that at least one meeting host selects the “speaker view” as opposed to “gallery view” to be able to more quickly identify the disruptors.
  • Recruit volunteer(s) whose role is just to scan for trouble and to alert the host and/or co-hosts. (Only hosts or co-hosts can access the features required to ban an attacker from the meeting.)
  • Raise awareness and preparedness. Consider ways to let your participants know that you are taking measures to prevent zoom-bombing, but depending on the nature and methods of the attack, it may not be enough, and if the disruption occurs, you’ll run your action plan.

Additional Control Options
As a Zoom meeting host, there are a number of settings you can access. 

These are found at the bottom of the attendee list (check the menu under the “More” button there, too): 

  • Mute participants on entry.
  • Mute all attendees. If applicable, make sure to deselect the option to allow attendees to unmute themselves (once in the meeting).
  • Lock the meeting once it begins. This will prevent people from being able to join. Note that this is unfortunate for participants who are running late or who mix up the time zones, but it can prevent situations like what we experienced yesterday (the attackers entered partway through). Let your registrants know that they will not be able to join the meeting late.
  • Chat options (once in the meeting): it is possible to disable chat entirely. Another option is to allow participants to chat with the host only. This option could be used during a Q&A session. 
  • For additional information about managing participants click here. 

These are found in the meeting’s settings menu:

  • Select that only the host of the meeting can share their screen. 
  • Disable file sharing. Learn more about file sharing. 
  • Create one or more meeting co-hosts whose primary responsibility is to be on the lookout for attacks and help coordinate the response.

In Case It Happens…Ready Your Action Plan
Rehearse this scenario so that you know how to quickly access all of the required controls:

  • Force mute all attendees (without the option to unmute themselves)
  • Disable the chat (you may wish to allow attendees to send messages to the host)
  • Identify the attacker and remove them from the meeting. 
  • Confirm the group’s security; pause, breathe, respond, and do your best to continue.
  • After, report the incident to Zoom; learn how here. 

Other Considerations

  • Free events seem especially vulnerable to attack. We wonder if requiring payment could be a deterrent, depending on the attack. (This is especially frustrating as we would like to continue to offer free, public online events.)
  • Use an alternative to Zoom for large public events, such as GoTo or YouTube Live. Note that each platform has its own potential issues.
  • Use pre-recorded / asynchronous content that is impervious to zoom-bombing.
  • If your platform allows a broadcast delay, use that to provide a buffer to screen what is being broadcast to your gathering. Broadcast delay isn’t available for regular Zoom, but it IS an option if you live stream your Zoom event via YouTube. This enables a 20-second delay. Learn more about this option here.