From the horse’s mouth
During the COVID-19 pandemic causing us to work or study from home, we have been seeing increased use of videoconferencing platforms like Zoom.
It has led to the convergence of business and personal use of popular multiparty videoconferencing platforms; be it business platforms of the Zoom and Microsoft Teams ilk serving personal, social and community needs; or personal platforms like Skype and WhatsApp being used for business use. This is more so with small businesses, community organisations and the like who don’t have their own IT team to manage this software. The software developers even support this convergence through adding “personal and social” features to business users that also gain free social-user tiers or adding business features to personal platforms.
But this has brought along its fair share of miscreants. A key example of this is “Zoombombing” where these miscreants join a Zoom meeting in order to disrupt it. This manifests in disruptive comments being put in to the meeting or at worst all sorts of filth unfit for the office or family home appearing on our screens. Infact there have been a significant number of high-profile Zoom virtual events disrupted that way and a significant number of governments have encompassed this phenomenon as part of raising questions about videoconferencing platform security.
This has been facilitated by Zoom and similar business videoconferencing platforms allowing people to join a videoconference by clicking on a meeting-specific URL This is compared to Skype, Viber, Facebook Messenger, WhatsApp and similar personal videoconferencing platforms operating on an in-platform invitation protocol when joining these meetings.
But these Weblinks bave been posted on the Social Web for every man and his dog to see. There have been some online forums that have been hurriedly set up for people to solicit others to disrupt online meetings.
Zoom recently took action by requiring the use of meeting passwords and waiting-room setups and operating with that by default. As well meeting hosts and participants have been encourage not to place meeting URLs and passwords on any part of the Web open to the public. Rather they are to send the link via email or instant messaging. As well, they are encouraged to send the password under separate cover.
They also have the ability to lock the meeting so no further attendees can come in, which is good if the meeting is based around known attendees. There is also the ability for the host to control resource-sharing and remote-control functionality that Zoom offers. Let’s not forget that they also added meeting-wide end-to-end encryption for increasingly-secure meetings.
But Zoom has taken further action by offering meeting hosts more tools to control their meeting, a feature available to all client software and to all user classes whether free or paid.
There is the ability for the Zoom meeting host to pause the meeting. Once this is invoked, no activity can take place during the meeting including in any breakout rooms that the meeting has spawned. They also have the ability to report the meeting to Zoom’s platform=wide security team and to selectively enable each meeting feature. They can also report users to Zoom’s platform security team, which allows them to file the report and give the disruptive user the royal order of the boot from that meeting.
Another feature that has been introduced thanks to the “join by URL” method that Zoom supports is for meeting hosts to be alerted if their meeting is at risk of disruption. Zoom facilitates this using a Webcrawler that hunts for meeting URLs on the public Web and alerts the meeting host if their meeting’s URL is posted there such as being on the Social Web. Here, they are given the opportunity to change the URL to deflect any potential Zoombomb attempts.
But this year has become a key year as far as multiparty videoconferencing is concerned due to our reliance on it. Here, it may be about seeing less differentiation between business-use and personal-use platforms or the definition of a basic feature set that these videoconferencing platforms are meant to have with secure private operation being part of that definition.