Keep the Trolls Out! Avoid Zoom Bombing

Toy skeleton in a helmet with an old-fashioned bomb

You are streaming a worship service when suddenly random people flood in and cause chaos. They talk, yell, cuss, try to broadcast pornography, have explicit profile pictures, etc.

This has been happening to schools, universities and congregations all over the country. Trolls can get the link from your website, social media, or by using bots to find zoom meeting invitations or even by putting in random numbers.

When this happened recently to a UU minister, they immediately went into damage control:

  • they immediately muted everyone
  • they disabled participants from unmuting themselves
  • they stopped screen sharing capabilities
  • they ended the meeting and restarted it, and implemented a waiting room to join
  • they designated a co-host to admit people from the waiting room.

Learnings

  1. Know your host controls. There are a lot of options that are good for huge public events or for an emergency. Of course, some of these are hugely restrictive, so they may not be appropriate in non-emergency situations. Controls such as : muting everyone, mute participants on entry, not allowing participants to unmute themselves, disabling screen sharing from participants (and screen sharing interruption), disabling screen share annotations (people can write on your screen!), disabling public or private chat, removing people, enabling a waiting room (they have to be approved to join), locking a meeting, making sure removed participants cannot rejoin (this is on the website settings), disabling virtual backgrounds (website settings), disabling file transfer, etc.
  2. Having a co-host. I designated co-host, and they helped me by filtering out who to admit back in to the service.
  3. Account Editing. It helps this process when you and your congregants/meeting participants have legit-looking accounts; full names and profile picture. If this is a zoom call within an institution that has provided zoom accounts, then ask everyone to use that account, so they are not labeled guest. There is a setting on the website for the waiting room to only be enabled for guests, and those in your institution are admitted freely.
  4. Know who is invited. If this is a worship service or something more public or if the link is posted online, then anyone could join, so you should take the appropriate precautions (like only the host can screen share or whatnot). If this is a private meeting, then this is easier, but you should still include a password in the meeting, so people cannot guess your meeting ID and join.
  5. Designate a cohost to watch participant screens, in case one of them starts disrupting. They will have the controls to remove disruptive participants.

More Resources

From Zoom

From Other UUs