Beware of ‘ZoomBombing’: screensharing filth to video calls

The world is vulnerable to a new type of trolling as people turn to Zoom video calls to feel connected amidst quarantines. Jerks are using Zoom’s screensharing feature to blast other viewers with the most awful videos from across the internet, from violence to shocking pornography.

That’s just what happened today on the WFH Happy Hour, a popular daily public Zoom call hosted by The Verge reporter Casey Newton and investor Hunter Walk. Suddenly, dozens of attendees were bombarded with disturbing imagery. A troll entered the call and screenshared Two Girls, One Cup and other horrifying sexual videos. Attempts to block the attack were thwarted as the perpetrator simply re-entered the call under a new name and screenshared more gross-out clips. The hosts ended the call rather than subject viewers to the assault until they could stop it.

Just imagine the most frightened look on all these people’s faces. That’s what happened.

The problem stems from Zoom’s policy that “The host does not need to grant screen share access for another participant to share their screen.” However, hosts can disable this option in their settings or the Admin controls of a call. You can either change this in your pre-meeting Settings or in the in-call admin settings for Share Screen -> Advanced Sharing Settings.

Anyone publicly sharing Zoom links where they could be discovered by trolls, like on Twitter, should be sure to change screensharing to “Host Only” before a call starts or as soon as they see the feature being abused. Some tips from entrepreneur Alex Miller for other ways to protect your Zoom calls include:

  • Disable “Join Before Host” so people can’t cause trouble before you arrive.
  • Enabling “Co-Host” so you can assign others to help moderate.
  • Disable “File Transfer” so there’s no digital virus sharing.
  • Disable “Allow Removed Participants to Rejoin” so booted attendees can’t slip back in.

My question for Zoom is, why couldn’t it default screensharing to “off” but have participants send a real-time request to the host if they want to share their screen? Mayb most of Zoom’s usage is between trusted enterprise colleagues, but for the millions of people setting up free accounts right now, a safer default makes sense.

“I want to apologize to all our attendees — including my parents, Jim and Sally, who joined #WFHappyHour today for the first time. Today we all learned an important lesson about disabling screen sharing and saw once again the importance of good content moderation” Newton tells me. When asked if he had any photographic evidence of the attack, he told me, “Lol I was not taking screenshots! I was screaming!”

This is just one of the many new vectors for abuse we’re experiencing in the coronavirus age. We’ve seen phishing attacks purporting to offer health screenings, scams claiming people’s electricity would be shut off during quarantine if they don’t pay and fake COVID-19 testing kits on sale. There’s always someone willing to exploit a tragedy for money or just to see the world burn, so it’s more important than ever to stay vigilant and keep that “block” button handy.