The Washington PostDemocracy Dies in Darkness

Remember Zoom-bombing? This is how Zoom tamed meeting intrusions.

Zoom made its product more annoying to use to make you safer. And we wised up, too.

A line of people wait to get into a Zoom meeting.
(Elena Lacey/The Washington Post; iStock)
9 min

This article is a preview of The Tech Friend newsletter. Sign up here to get it in your inbox every Tuesday and Friday.

When Zoom became inescapable in early 2020 due to the pandemic, so did Zoom-bombing intrusions.

That year, a virtual student government meeting at the University of Florida and an Atlanta-area high school class were disrupted by intruders shouting racial slurs and other hateful material. Harassers crashed Alcoholics Anonymous meetings to troll people. Chipotle ended a Zoom chat after a participant broadcast pornography to hundreds of people’s screens.

Fast forward to 2023 — Zoom-bombing still happens but security experts say it is far less prevalent than it was in 2020. That’s not only because we’re interacting more in person.

Zoom helped tame Zoom-bombing partly by making its product more difficult for you (and for online harassers) to use. Essentially, the company traded some of your convenience for your safety.

I have tips at the end of this article for how you can further beef up your protections from Zoom-bombing. But the point is, you probably don’t have to. The company did a lot of the protection for you.

There is a lesson here. The success of reducing Zoom-bombing shows how the zeal to make technology a breeze comes with trade-offs.

And with more of you concerned about security of your digital accounts, nagging robocalls or bullying of children online, the taming of Zoom-bombing is proof that you shouldn’t accept horrible downsides as the price of being connected.

Let’s take stock of why the risk of Zoom-bombing declined: Zoom changed. And so did we.

Zoom-bombing was possible in the first place largely because of the company’s choice to make video calling easy.

It was simple to organize a virtual meeting or join one, but that was a weapon for trolls. Just as you could join your school district’s Zoom meeting with one click, so could anyone else who saw the meeting link on Twitter and wanted to disrupt it.

After Zoom was embarrassed by Zoom-bombing headlines and castigated by public officials, the company ended one-click easy access to meetings for everyone.

Now before you enter a meeting, you have to be invited or enter a password. There is a virtual “waiting room” and the host must allow you into a call. Or, a call might permit only people who are logged into a Zoom account.

Those were all options you could choose in the Zoom-bombing peak of 2020. But now at least one of those safety measures is automatic. Essentially, Zoom gatherings got safer from intrusions without you having to do anything.

“That’s the right way to do it — we call it ‘secure by default,’” said Chris Evans, the chief information security officer of cybersecurity firm HackerOne.

Zoom’s choices added steps for you to pop into your virtual knitting group, but the benefit is your meeting is less likely to be bombarded with porn.

Opting to make a product clunkier to use might not sound like a big deal, but it is.

Technology companies obsess over removing “friction,” or barriers to using their product. Buying $1,000 patio furniture with one click on Amazon is no friction. Having to hunt in your email for the password to a Zoom knitting group is friction.

Zoom isn’t declaring victory against Zoom-bombing. (And the company uses the term “meeting disruptions” rather than Zoom-bombing.) Maybe we could have avoided a surge of Zoom-bombing if the company took seriously pre-2020 warnings about its security practices. Even now, determined people will find ways around Zoom protections.

But Zoom told me that making everyone jump through more hoops made it less appealing for jerks who were looking for an easy way to be a jerk.

Zoom-bombing is “an opportunistic bad act,” said Josh Parecki, head of trust and safety at Zoom Video Communications.

Zoom also increased the staff responsible for security, started to notify meeting hosts if Zoom believed their scheduled meetings were at risk of Zoom-bombing and began to offer cash rewards for technologists who alert the company to security flaws.

But Zoom wasn’t the only one that changed — we also became more careful.

After his March 2020 meeting about religion and mental health was interrupted by racial slurs, Zahed Amanullah and his colleagues altered their behavior.

Now when he organizes large Zoom sessions with the Institute for Strategic Dialogue, an organization opposed to extremism, participants must register in advance. During online gatherings, participants can’t chime in until the question-and-answer portion.

Amanullah said he also stopped posting links to Zoom seminars on social media, where would-be harassers could find them easily. Instead social media posts asked interested participants to contact organizers privately over WhatsApp for more information including the Zoom link.

“We were able to see that there were multiple steps that we had overlooked with security,” Amanullah said.

Amanullah essentially stopped Zoom-bombing by becoming more suspicious of everyone. It’s sensible and also sad.

As with spam, robocalling, online bullying, and cyberattacks, you can take steps to make yourself less vulnerable to Zoom-bombing, but the responsibility cannot be yours alone. That’s what was powerful about Zoom securing meetings by default. The onus was mostly on Zoom and not on you.

The Zoom experience is also a moment to reflect on how much inconvenience you’ll accept for safety and peace of mind. There’s no simple answer.

How would you feel if your credit card company forced you to take an extra step to prove your identity for some online purchases? That’s the law in Britain, for example. Extra verification reduces fraud but it’s annoying. Your legitimate purchases might be declined or delayed.

More companies, including pornography sites and streaming video services, are also asking users for identification to keep out kids. It’s a hassle and it’s intrusive.

With Zoom, giving up a little convenience to reduce Zoom-bombing seemed like a great trade. But it’s not always simple to know how much you should give up for the promise of safety.

Tips to protect yourself from Zoom-bombing:

If you’re hosting a private book club or a work meeting with people you know, you probably don’t have to worry much about being Zoom-bombed.

Once Zoom put up more checkpoints to enter meetings, many online harassers “likely moved on to other activities,” said Jimi Sebree, senior staff research engineer with the cybersecurity company Tenable.

But if you have safety concerns or are hosting a relatively large and public Zoom event like a memorial service or a neighborhood meeting, these extra measures can make your online gathering even safer from intruders:

1. Choose the feature to “Enable Waiting Room.” This lets you decide one-by-one which people are permitted to enter your Zoom call.

To turn this on if it isn’t already, pick “Schedule” to plan a meeting in the future. Under “Security,” chose the option labeled “Enable Waiting Room.”

2. Choose “Approve or Block Entry for users from specific countries/regions.” If you’re hosting a neighborhood meeting in Tucson, you might not want people from South Carolina or Brazil to join.

To use this feature, select “Schedule” to set a Zoom call in the future. Then select Meeting Options → Advanced Options → Approve or Block Entry for Users from Specific Countries/Regions.

3. Don’t post links or passwords to Zoom meetings on Facebook, Twitter or other public social media. If possible, use social media only to publicize an email address or other contact information for people who are interested in attending your event. You can vet the would-be attendees and share the event link and password only with them.

4. If someone does Zomb-bomb your meeting, you have two emergency options.

“Remove participant” to eject a person who is disrupting your meeting. Depending on how you use Zoom, you might find this feature under the “Security” options at the bottom of your Zoom screen or under More → Security at the bottom of the screen in your Zoom smartphone app.

Or select “suspend participant activities” to pause the meeting until you figure out what went wrong. Again, you might find this feature under the “Security” options at the bottom of your Zoom screen or under More → Security at the bottom of the screen in your Zoom smartphone app.

If you select this option, your meeting is in suspended animation with everyone’s audio and video disabled. You have the option to select “suspend and report,” which automatically logs details from the Zoom call and, if you choose, sends that information to Zoom to investigate.

Once you have figured out who is interrupting the meeting, you can slowly unlock the participants who are welcome and turn on their audio and video individually.

One tiny win

If you’ve been asked to help a friend or a relative with a tech problem, Chris Velazco has great news for you.

Most Windows and Mac computers come with built-in and free technology to take control of someone’s computer to fix problems when you are not in the same room. It’s handy! It’s also not super easy.

Chris (and his pal Betty) have recorded a video and Chris has written instructions on how to use these remote assistance features.

Help Desk tech reporter Chris Velazco lays out how you can use tools in Windows and Apple computers to fix your parent or friend's computer. (Video: Monica Rodman/The Washington Post)

Brag about YOUR one tiny win! Tell us about an app, gadget or tech trick that made your day a little better. We might feature your advice in a future edition of The Tech Friend.

Help Desk: Making tech work for you

Help Desk is a destination built for readers looking to better understand and take control of the technology used in everyday life.

Take control: Sign up for The Tech Friend newsletter to get straight talk and advice on how to make your tech a force for good.

Tech tips to make your life easier: 10 tips and tricks to customize iOS 16 | 5 tips to make your gadget batteries last longer | How to get back control of a hacked social media account | How to avoid falling for and spreading misinformation online

Data and Privacy: A guide to every privacy setting you should change now. We have gone through the settings for the most popular (and problematic) services to give you recommendations. Google | Amazon | Facebook | Venmo | Apple | Android

Ask a question: Send the Help Desk your personal technology questions.