This is part of the endless story of zoom, a story which is true as it happened to me and about 100+ other people.
The open rights group run an event every Friday afternoon related data privacy and ethics. Its been hosted on zoom for the last few weeks and the guests have been good. When I heard Lilian Edwards and Rachel Coldicutt were going to talk about a possible way forward for the debate around covid-19 contact tracing. I was onboard to watch again.
It centers around this proposed legal document which Lilian spearheaded with Rachel and others.
I highly recommend you have a read…especially since some promises seem to be broken.
To support this initiative we've drafted a model statute https://t.co/o7UVx5LnXa for discussion about basic safeguards re data collection, repurposing, and discrimination. It applies scrutiny drawn from human rights based on transparency, legitimacy and proportionality. 2/n pic.twitter.com/PsHvCLWkxd
— Lilian Edwards (@lilianedwards) April 13, 2020
Back to the incident on the zoom call…
I joined a bit late but setup my chromebook casting to my TV via the chromecast. Settled in to watch while working on my Dell XPS laptop. As Lilian finished her presentation, someone drew a cock and balls on top of her final slide. Lilian laughed it off while the hosts the open rights group went about blocking, booting and changing the permissions of the zoom call.
As things moved forward, someone was attempting to draw a swastika on the video. Someone was using the zoom overlay feature or something but it was removed before it was fully drawn. It was about then when we moved to Rachel and before she could really get going someone hijacked the video and showed child abuse/porn. It was shocking and I couldn’t believe it. I looked at the chat room and people were equally upset. It lasted about 10-15 secs but it was just vile/horrible.
Someone pleaded that the hosts take control, and they replied they are ending the whole thing now. Then it was all gone. The lasting effect was felt and although I felt truly shaken by what I had seen, I also knew I had to reach out to others.
Since then, I called my partner for support, line manager to report what happened and check he wasn’t on the call too. I also wanted to check other BBC staff wasn’t on the call I knew. I had previously shared the link around our internal slack and with others interested in contact tracing. I’m lucky the BBC has a employee assistance programme, where I was able to talk to a trained professional who suggested I might feel some comfort in blogging about it (hence this blog)
We reported to the authorities as soon as we could (earlier this evening) and will support with any investigation.
— Open Rights Group (@OpenRightsGroup) April 17, 2020
I noticed while blogging, theres a twitter thread about the whole thing now. No ones blaming the openrightsgroup but this guide written by Michael J. Oghia. But there is a good list of all the things to lock down and change on zoom for anyone before it happens again. Its likely the people behind this illegal act were going zoom to zoom.
I can't believe it. I'm in a political discussion group right now on @zoom_us that was just bombed by child porn. Like, WTF is wrong with people?? I feel so traumatized!
Digital rights folks: are there any best practices to deal with this?
— Michael J. Oghia (@MikeOghia) April 16, 2020
I recently noticed that a few organisations are using youtube for broadcasts and discussions, with another system for feedback and questions. It certainly cuts down on abuse compared to zoom and you can easily share the public link out. The idea of switching to jitsu or skype may not necessarily help solve this type of problem. But changing the way its done completely could.
18th April 2020 – 1am
I got a email from the Open Rights Group…
This afternoon an unknown actor severely disrupted our public online discussion about Covid-19 and we were forced to immediately end the call.
We were horrified by what occurred and would like to apologise for having exposed viewers to such horrific imagery. We are deeply sorry that this occurred on ORG’s watch.
If you would like to speak with us directly I am personally available to speak to anyone and everyone that was on the call.
We have reported the incident to the Police and are taking necessary steps to secure our systems. We will be reviewing the way we conduct meetings to ensure this is never possible again.
If you would like to speak to a counselling or advice service, the Police recommend contacting Samaritans. They accept calls from anyone on any emotional issue at this number 116 123.
Sincere apologies.
Jim
_______________Jim Killock
Executive Director
Open Rights Group
I was shocked and tweeted that ORG would be using zoom 3 weeks ago. As advocates for privacy and freedom they certainly aren’t practicing what they preach here when better, open platforms exist. Like Jitsi. That said. I am saddened by this and hope everyone on the call who needs to reaches out after seeing such shocking criminal abusive footage.
I was surprised too but then again we use it in a corp environment too. I gather its a practical issue, having installed Jitsi myself.
But I think I’d much rather they used Jitsi or Whereby with a smaller number of people and then POSSE (publish on your own site syndicate everywhere).
It doesn’t have the live element but respects the importance of what ORG stands for maybe?
It was veil and I hope everyone can get the support they need after seeing such total illegal material
Hi Ian, thank you for sharing your story (and for linking to the guide). It doesn’t make it better, but by uniting in solidarity, I hope our collective force can help end this (and get the bastard(s) who did this).
Agreed… The more we talk about this, the more people will be aware and hopefully speak about it. As its too important to brush under the carpet.
I was on that Zoom call too and agree with all the above. I just wanted to point out another issue that happened during that call. The drawings appeared with the name of a participant at the top. This resulted in several other participants blaming that individuals in the Chat window. Apparently the miscreant who drew over the slide had changed their nickname to that of this legit participant. This created another aggravation on this call as some were very quick to post accusations.
That’s also a good point, forgot about that as it was over shadowed by the illegal abuse. I also wasn’t watching the chat all the time as it was on my Chromebook while I was using my Dell laptop.
I am the participant who had the finger pointed at them, it wasn’t very pleasant, especially when I was accused of talking nonsense when I pointed out that this is a problem with Zoom. (OK, in the heat of the moment I may have been a bit too general in my criticism, but even so….). Jim Killock and Mike Morel have since both been in touch, which is much appreciated. It is conceivable that this was not a random act: as a campaigning group the ORG may attract attention from people opposed to its aims. I’m sure that the lessons for future meetings have been learned.
Its clear it happened to another zoom call just before the ORG call. But yes it could be a way of disrupting meetings of your enemies.
I noticed you can change your name on the fly in the call, which is obvious & lazy problem with Zoom.
Why would you need to change your name in the middle of a call?
Glad ORG got in touch.
Wonder how many people have tried to dial into that zoom id?
Yesterday I was on a zoom call which was hijacked or zoombombed with something not just horrible but totally illegal. Because of this I have pretty much lost all trust in zoom.
This is of course very difficult as its what we use at work and of course being in the middle of the covid19 lockdown, makes things tricky. Because of this, I’m going to still use it but with much more caution and I’m going to be a lot more forceful about the hosting side of it.
Its clear war-dialers for public Zoom meetings is so easy and well used by inscrutable groups of people. Zoom could make sharable links much more difficult to war dial, similar to the way Google docs uses combinations of characters and numbers to make a much longer url, a lot harder to war-dial.
The defaults of Zoom, is setup for a semi trusted corporate environment. I understand the covid-19 pandemic changed everything but there has been many updates and only now is the defaults only just safe. Their share prices have rocketed but they are only now focused on security ahead of more features?
Their idea of end to end encryption is a total dump on top of the security findings saying some calls are being routed via China.. Today they announce you can choose your routing but you need to pay for it. More governments and companies are blocking zoom because they just don’t trust it.
Likewise neither do I… but I will use it… with caution.
I have been thinking about an equivalent, and thought about two.
I lost trust in Facebook a long while ago but still use it for volleyball events and the occasional post about something I feel could be important for friends, family and the public who don’t read my blog (as its posted on the internet already, I post publicly adopting the indieweb Posse approach, much to the surprise of some friends). For example I posted what happened on zoom yesterday there today.
Facebook was hardly trustworthy to start with and over and over again they took the living daylights with our data.
There was a point when Windows Vista pushed as the step/edition of Windows XP and I didn’t like what Microsoft had done to it. To be fair I didn’t trust them and saw shadows of where things were heading. So I switched to Ubuntu.I know the new Microsoft is quite different of course but the damage was done.
If you are hosting a Zoom call, please do lock it down theres a number of guides to help including this one.