Illegal zoom bombing is out of control

Zoombombing

This is part of the endless story of zoom, a story which is true as it happened to me and about 100+ other people.

The open rights group run an event every Friday afternoon related data privacy and ethics. Its been hosted on zoom for the last few weeks and the guests have been good. When I heard Lilian Edwards and Rachel Coldicutt were going to talk about a possible way forward for the debate around covid-19 contact tracing. I was onboard to watch again.

It centers around this proposed legal document which Lilian spearheaded with Rachel and others.

The Coronavirus (Safeguards) Bill 2020: Proposed protections for digital interventions and in relation to immunity certificates

I highly recommend you have a read…especially since some promises seem to be broken.

Back to the incident on the zoom call…

I joined a bit late but setup my chromebook casting to my TV via the chromecast. Settled in to watch while working on my Dell XPS laptop. As Lilian finished her presentation, someone drew a cock and balls on top of her final slide. Lilian laughed it off while the hosts the open rights group went about blocking, booting and changing the permissions of the zoom call.

As things moved forward, someone was attempting to draw a swastika on the video. Someone was using the zoom overlay feature or something but it was removed before it was fully drawn. It was about then when we moved to Rachel and before she could really get going someone hijacked the video and showed child abuse/porn. It was shocking and I couldn’t believe it. I looked at the chat room and people were equally upset. It lasted about 10-15 secs but it was just vile/horrible.

Someone pleaded that the hosts take control, and they replied they are ending the whole thing now. Then it was all gone. The lasting effect was felt and although I felt truly shaken by what I had seen, I also knew I had to reach out to others.

Since then, I called my partner for support, line manager to report what happened and check he wasn’t on the call too. I also wanted to check other BBC staff wasn’t on the call I knew. I had previously shared the link around our internal slack and with others interested in contact tracing. I’m lucky the BBC has a employee assistance programme, where I was able to talk to a trained professional who suggested I might feel some comfort in blogging about it (hence this blog)

I noticed while blogging, theres a twitter thread about the whole thing now. No ones blaming the openrightsgroup but this guide written by Michael J. Oghia. But there is a good list of all the things to lock down and change on zoom for anyone before it happens again. Its likely the people behind this illegal act were going zoom to zoom.

I recently noticed that a few organisations are using youtube for broadcasts and discussions, with another system for feedback and questions. It certainly cuts down on abuse compared to zoom and you can easily share the public link out. The idea of switching to jitsu or skype may not necessarily help solve this type of problem. But changing the way its done completely could.

18th April 2020 – 1am

I got a email from the Open Rights Group…

This afternoon an unknown actor severely disrupted our public online discussion about Covid-19 and we were forced to immediately end the call.

We were horrified by what occurred and would like to apologise for having exposed viewers to such horrific imagery. We are deeply sorry that this occurred on ORG’s watch.

If you would like to speak with us directly I am personally available to speak to anyone and everyone that was on the call.

We have reported the incident to the Police and are taking necessary steps to secure our systems. We will be reviewing the way we conduct meetings to ensure this is never possible again.

If you would like to speak to a counselling or advice service, the Police recommend contacting Samaritans. They accept calls from anyone on any emotional issue at this number 116 123.

Sincere apologies.
Jim
_______________

Jim Killock
Executive Director
Open Rights Group

Imagine a public service video conference service

Its pretty disheartening to hear about people who seeking/getting help for addiction being trolled. Business insider’s article about Trolls breaking into AA meetings held on Zoom and harassing recovering alcoholics. Speaks volumes about where we currently are with our technology and society.

Its easy to blame the people who would troll people who are seeking help and support. Yes but also Zoom are to blame? Well thats a very easy target and they are not doing themselves any favors although they recently seem to be sorting themselves out. The problem with default settings is a well known problem and the easy thing to do is switch to another platform right?

Looking at the list in the Guardian, its clear the amount which are profit making businesses just like zoom. Its not exactly their fault, the scenario of the public using your service for to run a help group wasn’t in the business plan.

Maybe its time there was a business which did have that in their plans? Maybe not a business at all? Maybe an organisation with public interest & benefit at the centre of its remit?

This is something I was thinking through with Herb the other day, as we talked through the problems with Zoom. Could an organisation like for example the BBC run a video conferencing system for the benefit of the public?

Wouldn’t this conflict with existing commercial businesses and be a problem? Nope not if done correctly. I used healthcare when talking with Herb.

The NHS is a catch all and provide baseline health care. If you want to pay for better/quicker healthcare you can pay BUPA or someone else. In the same way, could the BBC or others provide baseline video conferencing aimed to give everybody a free platform which is  basic but focused on important things like privacy, security, anonymity, etc. This means no custom backgrounds, no filters, no full HD, etc. Thats the realm of the  commercial providers.

I know its a thin line but we can’t such important public services be hostage to commercial factors/models.

There is another aspect to this, the public sector could finally double down on services which preserve privacy and security of the public with software which is audit-able, has levels of transparency and is decentralised & distributed in nature.  For example I was checking out Jitsi with its webRTC support. Jitsi meet might struggling if everybody is hitting the main site but as its self installable, suits a more decentralised model. A public company could easily set it up and run it for under-served audiences?

Thoughts?