by Jack Aponte
[Also check out our technical guide to Zoombombing self-defense!]
While the coronavirus pandemic has slowed down or entirely shuttered much of our world, neither organizing nor the hatred and violence that makes that work essential have stopped. Much of our collaboration and gathering has moved onto the internet; there, we have begun to encounter "Zoombombing" and other kinds of disruption and harassment familiar to gamers and others who have long used the internet for much of their social interaction and engagement. By combining the community safety principles, practices and skills we already use in our movement work with some easily accessible technical know-how, our organizations and communities can become better equipped to prevent and defend against the violent disruption of our work as it moves online.
As more events move online and are held via video services like Zoom, more people are being exposed to tactics of disruption and harassment that people longer immersed in internet subcultures have witnessed for decades, a phenomenon that's shape-shifted from IRC flooding of text-based chat rooms, to fun-spoiling trolling in online video games, to a relatively new method, dubbed "Zoombombing" after the ubiquitous platform, but just as possible on other video conferencing platforms that also allow calls and meetings to be publicly accessible if you have the right URL.
How Zoombombing Works
Zoombombing is a disruptive occurrence in which uninvited individuals find and join a Zoom call, then use audio, video, screen-sharing and file sharing to flood the call with unwanted and often racist, sexist, homophobic, violent or sexually explicit content.
Zoom calls can either be private, requiring a password to join the call, or public, allowing anyone with the link for the call to join without any form of registration or permission from the call hosts. Zoom links end in a unique 9- or 10-digit string. These randomly-generated meeting IDs are very difficult but not impossible for opportunists to correctly "guess" using an app that repeatedly tries random combinations of numbers until one results in a successful Zoom connection.
More commonly, would-be intruders get Zoom links that are deliberately publicly posted on websites or social media, or accidentally publicly shared by people who either don't understand the possible repercussions or don't realize that they're even sharing in a public way. Zoom meeting links can also be obtained by maliciously subscribing to mailing lists on which the call details are shared or hacking the email or social media accounts of someone with whom the information was shared. Those meeting links can then be further shared, most commonly among other trolls -- people whose primary motivation is "lulz," or amusement and entertainment -- or more seriously-motivated antagonists targeting specific groups, activities or meetings for political reasons.
Once discovered and shared, intruders use the meeting link to join the meeting, often joining in groups or logging in with multiple accounts at a time to maximize overall impact and disruption. They then take advantage of whatever options are left enabled by meeting hosts to spew inflammatory audio and visuals into the space. The intruders often publish screenshots and video clips of the Zoombombing, boasting of the damage they've done and mocking the people they've upset.
Bringing Community Safety to our Digital Spaces
How do we fight back against Zoombombing? Part of the answer definitely involves technical knowledge of the various settings for Zoom meetings and how to use them to properly lock down your meetings before they start and while they're in progress. (We'll dig deeper into those details in another piece coming soon!) But keeping our online community events safe and intentional also involves the same kind of advanced planning, communication, and people power that many of our communities and organizations have already been using for safety and security at our real-life events.
As a member of LGBTQ+ people of color organizations and communities in NYC and Oakland I've been a part of safety teams for many community events, from parties and fundraisers to rallies and marches. Through this work I've learned how to utilize strategies and practices that are grounded in our communities' commonly-held values to reduce violence and increase safety without relying on the police, the state, or other oppressive forms of "security." Many of the key concepts and lessons I've learned while doing community safety and security work can and should be applied to our Zoom meetings and other online forums as we move more and more of our work, art and lives onto the internet during this pandemic. Here I've translated those learnings into suggestions for practicing community safety online.
Safety Teams for Virtual Spaces
Each online event should have a dedicated safety team responsible for planning and preserving the needed level of security. The safety team should ideally be focusing on security and safety throughout the event; they shouldn't also be facilitating, moderating, speaking, performing or presenting. As I've learned on many a safety team in the past, it's not always the most glamorous or fun role and doesn't usually allow for full "normal" participation in the event, just like any of the other logistical roles needed for a successful event! That should be understood and accepted by the safety team so that they're prepared to focus fully on their safety team duties during the event.
Online events most likely don't need as high a ratio of safety team members to participants as real-life events; I imagine that most Zoom meetings and similar video conferencing calls would be well-served by one to three safety team members.
The safety team should be coordinated in advance and should fully understand the answers to a few key questions:
- What is allowed, expected and/or tolerated from attendees during the event, and what isn't? Will the community be actively participating, or only watching or listening? Should attendees be able to share their screens or files, enable their video or unmute themselves, with or without permission from event hosts? Can attendees ask questions at any time, or only during designated times? How much debate and cross-talk is appropriate in the space?<
- What are probable threats to the event and the community gathered for it, and how likely is it that those threats will occur? Different events and communities will face different risks based on who is participating, what the topic matter is, whether the event is public or private, and other factors. The security team should have a good idea of what to expect, including what has happened during past real-life and virtual events and any new, special or timely concerns.
- How does the community or the organization wish to respond to threats that materialize during the event? Should attendees be allowed to use video, audio, chat, file-sharing or screen-sharing at all during the event? If yes, should disruptive individuals be kicked out of the event immediately, or muted and approached in attempted deescalation? Does the appropriate approach depend on who is doing the disrupting or the nature of the disruption?
The safety team should be trained in advance on both the technical and non-technical skills needed to respond to the security needs for the event and to any possible threats. These skills include:
- How to properly configure the meeting in advance to prevent as many threats as possible while still allowing needed levels of participation;
- How to spot, mute, turn off video for and/or kick out crashers and disruptors; and
- How to deescalate with participants who are disrupting the event in ways that don't merit immediate expulsion.
Palante has compiled a technical guide on how to secure Zoom meetings in advance and during events; check it out for detailed information on the many different configurations and features you can use to increase your community's safety during your virtual events.
You can also check out these resources for technical information on how to prevent Zoombombing on your calls:
- This PDF shared via Google Docs is a handy guide to the different Zoom meeting settings that you may want to review to ensure the security of your meetings.
- These articles from Pocket-lint and The Verge explain Zoombombing and the settings you can change in Zoom to avoid it.
- Zoom also published its own guide on how to prevent Zoombombing.