How to avoid «Zoom Bombing»
This document describes how to mitigate «Zoom Bombing», a phenomenon where unwanted participants join a meeting or lecture in order to display shocking or illegal material, such as profanity, racist remarks and hate speech.
How to avoid Zoom Bombing
In order to avoid Zoom Bombing, the most important step is to protect the meeting ID and the link to the meeting (which contains the ID).
Protect the Meeting ID
Do not post the link or Zoom meeting ID on public channels if at all possible. This is by far the most effective mitigation against unwanted participants and Zoom bombers.
In addition, Zoom has several settings that can be utilized to further mitigate Zoom bombing, these are discussed below.
Employ Zoom's waiting room
When using a waiting room the host (or other participants if you so choose) can vet participants before they are let into a meeting. You may enable waiting room for only guests, or for both guests and logged-in users. You'll find the setting for waiting room in the «Advanced Features» part of the Zoom client configuration:
When participants are in the waiting room, this is visible in the participants list. They can then be admitted by the host, any co-hosts or already admitted participants if allowed (see picture above):
Additional mitigation steps
There are several additional steps you may take to protect your meeting or lecture. These are covered in the Frequently Asked Questions (FAQ) section. They include:
Use generated meeting ID
How to stop Zoom Bombing when it happens
Despite almost all mitigation efforts Zoom Bombing could still happen. If someone joins your meeting and begins displaying unwanted material then, as the host, you can kick that participant from the meeting.
From the participants list, select More.. for the user you wish to remove, and select Remove:
Preparations for larger meetings
For larger meetings it can be a challenge to effectively vet and remove participants that misbehave. For best possible preparedness, do the following:
- Before the meeting, assign co-hosts to help with managing the meeting
- Make sure that the co-hosts understand their role, and that a part of that role is to manage the participants
For very large lectures that for various reasons need to be open to the public, a webinar is probably more suitable as only the host and panelists will be able to share video.
What is «Zoom Bombing»?
The term «Zoom Bombing» is used to describe a phenomenon where unwanted participants join a meeting or lecture in order to display shocking or illegal material, such as profanity, racist remarks and hate speech. The participants can be individuals doing this manually, or automated programs created for this purpose. The motivation for Zoom Bombing ranges from simply wanting to create chaos, to political in nature.
While Internet trolling is nothing new, this particular phenomenon is relatively new and has gained significant traction during the COVID-19 crisis, where so many of us are working from home and using video conference calls instead of regular meetings and lectures.
Zoom Bombing mostly works in the following way:
- The link to the Zoom meeting (i.e. the meeting ID) is obtained somehow, usually through traditional open channels such as Facebook posts
- The individual or automated program joins the meeting or lecture using the meeting ID or link obtained, and shows some shocking and highly unwanted material
In many cases, the showing of material is done by faking a web camera locally, which means that it not sufficient to simply disable screen sharing for participants.