Last week, I hosted a virtual pet café via Zoom. I invited pretty much everyone I knew: friends from all across the country, colleagues, soccer teammates, classmates. People showed up with their cats and dogs ready to introduce them to me and to everyone else.
Sounds wholesome, cute, and fun, right?
It was. Until we got Zoombombed.
We were just getting started, chatting while we waited for other people to join. I noticed there were a couple of people that I didn’t recognize, but I figured they were just friends-of-friends. All of the sudden, there seemed to be an influx of people joining. I hadn’t even processed that when it started.
A booming voice came through my speakers, proclaiming something about Black power.
People started yelling mean and rude comments about the people with their video on (a.k.a. my friends).
“Jen T., you’re a fat b****.”
“Megan S., your big nose takes up your whole face.”
“Sam F., you’re an ugly whore.”
Some of the comments weren’t mean, but in this particular situation, not wanted.
“Brenda W., you have a gap between your front teeth.”
“Cate M., you’re actually kind of cute.”
Yes, they used full names to make it even creepier (no, those aren’t their actual names).
And then the image on my screen changed. No longer was I looking at cute puppies, but instead at some not-safe-for-work content.
So much for wholesome, cute and fun.
I panicked, my default response to situations that feel out of my control. I muted a few of the people who were obviously yelling, and removed a few others. I removed the guy who was screen-sharing. But there were too many people coming in, too many people taking over our Pet Café, and it felt like there was no way to win. So I ended the meeting.
Welcome to the world of Zoombombing.
🙈 🙉 🙈 🙉 🙈 🙉 🙈 🙉 🙈
To wrap up the story: I sent everyone who had registered for the virtual pet café a new, password protected link, and the pet café resumed. We spent an hour watching pets mug for the camera, play with toys, try to run away, and nap. It was fun. It was cute. I’m glad I did it.
But I also wished I had learned more about Zoom and Zoombombing before holding the event. Here are some pretty important things I have learned since that I hope will help you avoid having the same experience.
Know your platforms
Know your platforms, including their features AND problems. I was familiar with Zoom from a participant standpoint, and I knew it could allow me to run the Pet Café the way I wanted to. I’m also pretty naïve and innocent, and never even thought that anyone would try and ruin the event (but puppies!). I didn’t do any research to see if there was anything I should be aware of when running an event via Zoom. I didn’t make any attempt to learn about the superpowers I would have as host of the Zoom meeting. I should have- and I should have been more prepared.
Do NOT post your links publicly
This was, admittedly, my biggest downfall. Do NOT post the direct link to your meeting publicly. I had created a Facebook event for the Pet Café in order to easily invite my friends, and while I had set up registration so they would be emailed the link, I also posted the link in the Facebook event just prior to the start time. There were two major problems with this.
First, posting the link in a public place means that anyone can happen across it, click on it and join. While a Facebook event may not always feel like a public place, unless you purposely make it private, it’s public. I (naïve ly) wasn’t too concerned about strangers being able to join the event- the more the merrier!
Second, not only can anyone happen across the link when it’s posted publicly, but that also makes it searchable. And things that are searchable are also aggregate-able. People are, either manually or using fancy computer scripts I know nothing about, creating webpages and Reddit threads full of Zoom meeting links. You know how I know this? One of the Zoombombers, while Zoombombing, asked the other Zoombombers where they were getting their links.
Use the ‘right’ meeting ID
The meeting ID is basically what gives people access to your specific meeting. If you’re hosting a public event, avoid using your personal meeting ID. Your personal meeting ID is basically just a meeting room that is always available, 24/7. If Zoombombers were to ever get ahold of that ID, you would lose that space pretty much forever.
Even further, when generating a random meeting ID, consider adding a password. People would then need to have both the ID AND the password in order to enter the meeting. An important note with this option: Zoom generates a link to the meeting that includes the password within it, meaning folks essentially bypass the password input step. This is the link Zoom, for whatever reason, shares up most obviously on your meeting setting page. Don’t share this link!
Oh, how blissful life would have been had only I known this one ahead of time. As the meeting host, you can easily change settings so that only the host is able to screenshare (Click the arrow next to the share screen button, click advanced sharing options, then select host only under who can share?). Do this at the very beginning of the meeting, and keep your meeting safe-for-work. If you do need to let someone else share their screen for some reason, change who can share to all participants only when they are ready to share, and make sure who can start sharing when someone else is sharing? is host only. That way, once that person is sharing, no one else can take over the screen, and if, somehow, they do, YOU are able to take over from them with just the click of a button.
Choose appropriate meeting settings
There are a few ways you can try to lock down your Zoom meeting, and they all have pros and cons.
- Set a password: As mentioned above, you can set a password for the meeting, so that attendees need to know both the meeting ID and the password.
- Allow only signed-in users to join. This can be useful if you want to invite only a certain group of people to your event. Using this setting, you invite them via Zoom. They then must be logged in to Zoom with the email they were invited through in order to access the meeting. While this certainly would seem to keep out Zoombombers, it also requires you to know who you want in your meeting (which may not work if it’s a more public event), and also requires that people have a Zoom account, something not everyone may have or want.
- Lock the meeting. Once a Zoom meeting has started, it’s possible to lock it down. Once locked down, no new participants can join. While this seems like a great option if you know who is supposed to be in the room (potentially a big if), it could also create complications if anyone is having technical difficulties and gets kicked out of the meeting or leaves accidentally. This is certainly doable if you have other communications channels with all your desired participants… but might not be so great if you don’t.
- Use the waiting room. The waiting room feature adds an extra step between clicking the meeting room ID, and entering the actual meeting. As a host, you can choose who gets to move from the waiting room to the meeting room. The waiting room allows you to screen participants- a great feature if you know who you want to be joining you, but not super helpful if your event is also open to people you don’t know.
Know how to manage your participants
Hosts have a LOT of power in a Zoom meeting, but it’s only possible to wield that power if you understand how to use the features. As a host, you can mute participants (individually, or all at once), disable video, remove participants altogether, put participants on hold, turn off file-transfer in the chat, disable private chat, and more. While I had a vague knowledge of some of these features prior to my event, they would have been much more helpful if I hadn’t been trying to figure out how to use them mid-Zoombomb (and mid-panic).
🙈 🙉 🙈 🙉 🙈 🙉 🙈 🙉 🙈
We need to be responsible for the technology we choose to use- especially when we are inviting other people (and their pets!) to use it with us. I failed at this, and I learned the hard way.
Please, learn from my mistake.
As detailed above, there are lots of things we can do to help prevent Zoombombing, and Zoom does have some built-in features to help. But I do think this raises an age-old question: what is the responsibility of the user/consumer, and what is the responsibility of the company creating the platform? Why isn’t Zoom doing a better job at protecting us?
Zoom has openly acknowledged that Zoombombing is a thing. They’ve written a blog post that outlines some strategies to prevent Zoombombing. But it seems like they could be doing so much more.
For example, their blog post says: “The first rule of Zoom Club: Don’t give up control of your screen.” If that’s the first rule, why don’t they make that the default setting? Wouldn’t it make more sense, and make it safer, if the meeting default was for participants to have zero control (no screen-sharing, no private chat, no file sharing, no annotations), and the host could make those options if they wanted?
As a second example, as mentioned above, Zoom lets you add a password to a meeting. But then, the link to the meeting that they display on the meeting set-up page has the password embedded. As a new user, I wasn’t aware of this, and shared that link directly with my registered participants (on my second attempt at having my event…). They therefore were not asked to enter the password before entering. Why would Zoom make this the link that is readily available to hosts… and not the one without an embedded password, the one that would require participants to know the password? That seems like common sense.
Finally, Zoom does not seem to be doing anything to proactively teach users how to conduct meetings and events safely using their platform. Sure, there’s lots of information out there if you look for it, but should it be a new users job to look for it? Would they even know what they’re looking for? Zoom could, seemingly easily, force users through a quick tutorial or tour the first time they tried to set up their own meeting. Being proactive is always better than being reactive.
Yes, we need to take responsibility for our tech use. But our tech companies also need to start taking responsibility for their platforms. And now, a time when we are all using tech more than ever, would be a great time to take that step.