I lost all trust for Zoom yesterday…

British PM on Zoom
Wonder how many people have tried to dial into that zoom id?

Yesterday I was on a zoom call which was hijacked or zoombombed with something not just horrible but totally illegal. Because of this I have pretty much lost all trust in zoom.

This is of course very difficult as its what we use at work and of course being in the middle of the covid19 lockdown, makes things tricky. Because of this, I’m going to still use it but with much more caution and I’m going to be a lot more forceful about the hosting side of it.

Its clear war-dialers for public Zoom meetings is so easy and well used by inscrutable groups of people. Zoom could make sharable links much more difficult to war dial, similar to the way Google docs uses combinations of characters and numbers to make a much longer url, a lot harder to war-dial.

The defaults of Zoom, is setup for a semi trusted corporate environment. I understand the covid-19 pandemic changed everything but there has been many updates and only now is the defaults only just safe. Their share prices have rocketed but they are only now focused on security ahead of more features?

Their idea of end to end encryption is a total dump on top of the security findings saying some calls are being routed via China.. Today they announce you can choose your routing but you need to pay for it. More governments and companies are blocking zoom because they just don’t trust it.

Likewise neither do I… but I will use it… with caution.

I have been thinking about an equivalent, and thought about two.

  1. I lost trust in Facebook a long while ago but still use it for volleyball events and the occasional post about something I feel could be important for friends, family and the public who don’t read my blog (as its posted on the internet already, I post publicly adopting the indieweb Posse approach, much to the surprise of some friends). For example I posted what happened on zoom yesterday there today.
    Facebook was hardly trustworthy to start with and over and over again they took the living daylights with our data.
  2. There was a point when Windows Vista pushed as the step/edition of Windows XP and I didn’t like what Microsoft had done to it. To be fair I didn’t trust them and saw shadows of where things were heading. So I switched to Ubuntu.I know the new Microsoft is quite different of course but the damage was done.

If you are hosting a Zoom call, please do lock it down theres a number of guides to help including this one.

Illegal zoom bombing is out of control

Zoombombing

This is part of the endless story of zoom, a story which is true as it happened to me and about 100+ other people.

The open rights group run an event every Friday afternoon related data privacy and ethics. Its been hosted on zoom for the last few weeks and the guests have been good. When I heard Lilian Edwards and Rachel Coldicutt were going to talk about a possible way forward for the debate around covid-19 contact tracing. I was onboard to watch again.

It centers around this proposed legal document which Lilian spearheaded with Rachel and others.

The Coronavirus (Safeguards) Bill 2020: Proposed protections for digital interventions and in relation to immunity certificates

I highly recommend you have a read…especially since some promises seem to be broken.

Back to the incident on the zoom call…

I joined a bit late but setup my chromebook casting to my TV via the chromecast. Settled in to watch while working on my Dell XPS laptop. As Lilian finished her presentation, someone drew a cock and balls on top of her final slide. Lilian laughed it off while the hosts the open rights group went about blocking, booting and changing the permissions of the zoom call.

As things moved forward, someone was attempting to draw a swastika on the video. Someone was using the zoom overlay feature or something but it was removed before it was fully drawn. It was about then when we moved to Rachel and before she could really get going someone hijacked the video and showed child abuse/porn. It was shocking and I couldn’t believe it. I looked at the chat room and people were equally upset. It lasted about 10-15 secs but it was just vile/horrible.

Someone pleaded that the hosts take control, and they replied they are ending the whole thing now. Then it was all gone. The lasting effect was felt and although I felt truly shaken by what I had seen, I also knew I had to reach out to others.

Since then, I called my partner for support, line manager to report what happened and check he wasn’t on the call too. I also wanted to check other BBC staff wasn’t on the call I knew. I had previously shared the link around our internal slack and with others interested in contact tracing. I’m lucky the BBC has a employee assistance programme, where I was able to talk to a trained professional who suggested I might feel some comfort in blogging about it (hence this blog)

I noticed while blogging, theres a twitter thread about the whole thing now. No ones blaming the openrightsgroup but this guide written by Michael J. Oghia. But there is a good list of all the things to lock down and change on zoom for anyone before it happens again. Its likely the people behind this illegal act were going zoom to zoom.

I recently noticed that a few organisations are using youtube for broadcasts and discussions, with another system for feedback and questions. It certainly cuts down on abuse compared to zoom and you can easily share the public link out. The idea of switching to jitsu or skype may not necessarily help solve this type of problem. But changing the way its done completely could.

18th April 2020 – 1am

I got a email from the Open Rights Group…

This afternoon an unknown actor severely disrupted our public online discussion about Covid-19 and we were forced to immediately end the call.

We were horrified by what occurred and would like to apologise for having exposed viewers to such horrific imagery. We are deeply sorry that this occurred on ORG’s watch.

If you would like to speak with us directly I am personally available to speak to anyone and everyone that was on the call.

We have reported the incident to the Police and are taking necessary steps to secure our systems. We will be reviewing the way we conduct meetings to ensure this is never possible again.

If you would like to speak to a counselling or advice service, the Police recommend contacting Samaritans. They accept calls from anyone on any emotional issue at this number 116 123.

Sincere apologies.
Jim
_______________

Jim Killock
Executive Director
Open Rights Group

Imagine a public service video conference service

Its pretty disheartening to hear about people who seeking/getting help for addiction being trolled. Business insider’s article about Trolls breaking into AA meetings held on Zoom and harassing recovering alcoholics. Speaks volumes about where we currently are with our technology and society.

Its easy to blame the people who would troll people who are seeking help and support. Yes but also Zoom are to blame? Well thats a very easy target and they are not doing themselves any favors although they recently seem to be sorting themselves out. The problem with default settings is a well known problem and the easy thing to do is switch to another platform right?

Looking at the list in the Guardian, its clear the amount which are profit making businesses just like zoom. Its not exactly their fault, the scenario of the public using your service for to run a help group wasn’t in the business plan.

Maybe its time there was a business which did have that in their plans? Maybe not a business at all? Maybe an organisation with public interest & benefit at the centre of its remit?

This is something I was thinking through with Herb the other day, as we talked through the problems with Zoom. Could an organisation like for example the BBC run a video conferencing system for the benefit of the public?

Wouldn’t this conflict with existing commercial businesses and be a problem? Nope not if done correctly. I used healthcare when talking with Herb.

The NHS is a catch all and provide baseline health care. If you want to pay for better/quicker healthcare you can pay BUPA or someone else. In the same way, could the BBC or others provide baseline video conferencing aimed to give everybody a free platform which is  basic but focused on important things like privacy, security, anonymity, etc. This means no custom backgrounds, no filters, no full HD, etc. Thats the realm of the  commercial providers.

I know its a thin line but we can’t such important public services be hostage to commercial factors/models.

There is another aspect to this, the public sector could finally double down on services which preserve privacy and security of the public with software which is audit-able, has levels of transparency and is decentralised & distributed in nature.  For example I was checking out Jitsi with its webRTC support. Jitsi meet might struggling if everybody is hitting the main site but as its self installable, suits a more decentralised model. A public company could easily set it up and run it for under-served audiences?

Thoughts?