Issue link: https://maltatoday.uberflip.com/i/1234806
8 maltatoday | SUNDAY • 12 APRIL 2020 CORONAVIRUS CRISIS MATTHEW AGIUS IT comes as no surprise to any- body that being able to operate anonymously on the internet does not bring out the best in people. The need to stay connected in this time of social distancing has led to the stratospheric rise in popularity of video conferenc- ing tools such as Zoom in Malta. But, predictably, bad guys have already found ways to misuse communication tools to disrupt already stressed-out remote workers. As the COVID-19 pandemic leads the world to do their work online in isolation, software that allows people to do so has start- ed to come under close scrutiny, after cracks in security started to show. While the tools – Zoom is just one of them – are reimagining how Maltese companies, schools and society operate, they also have their faults. Some problems security re- searchers have found show that from the application's privacy policy and some of its support documents, it is evident that Zoom allows your boss to track your attention during calls, and shares large amounts of data it collects with third parties. Now it has already experienced a ma- jor security vulnerability. In addition to this, journalis- tic investigations have placed Zoom's claim of end-to-end encryption on its video calls in doubt. One new peculiar, and often upsetting, phenomenon is called "Zoombombing" in which on- line trolls take advantage of Zoom's default settings to gate- crash conference calls and dis- rupt them, by flooding the calls with disturbing images. It is just one of the many new vectors for abuse internet users are experiencing in the corona- virus age. Others include phish- ing attacks purporting to offer health screenings, scams claim- ing people's electricity would be shut off during quarantine if they don't pay and the sale of fake COVID-19 testing kits. Zoombombing is possible be- cause if a Zoom call is public (that is to say, not password pro- tected), anyone with the URL to the call can join and participate. The bad actors don't even need to know who it is they're gate- crashing – there are reports of people Zoombombing random call IDs. Some of them have been Maltese school lessons with au- diences of over 25 children being exposed to harmful content such as pornography. Zoombombing is progressing from a student prank to more serious incidents of hate speech. Luckily, there are ways of stop- ping and preventing a Zoom- bombing attack. First of all, if you're hosting a meeting that's getting Zoombombed, disable the "screen sharing" option as quickly as possible. For added security use the "waiting room" function. This makes people wanting to join visible to the host, but keeps them out of the main meeting until they're allowed in. This option is turned off by de- fault, but can be enabled by sign- ing-in to your Zoom account and clicking on the settings. Other tips include ensuring screen sharing is possible on- ly for the host, turning off the function that allows file transfer, turning off the "allow removed participants to rejoin" setting (so attendees booted from the meet- ing can't slip back in), turning off the "join before host" setting (so people can't cause trouble before you arrive) and turning on the "require a password" setting for meetings. Hosts may also del- egate others to help moderate the discussion through the "Co- Host" option. In public announcements Zoom has reminded its users that when they share their meet- ing link on social media or other public forums, this makes the event public, and means that an- yone with the link can join that meeting. The company has also suggest- ed that users avoid starting pub- lic events using their Personal Meeting ID (PMI) because "your PMI is basically one continu- ous meeting and you don't want randoms crashing your person- al virtual space after the party's over". It also suggests that users generate random meeting IDs. There is only so much that can be done by platforms, however. Users must always remember to use common sense and make use of the security precautions on offer. Most importantly, keep that "block" button handy. Zoombombs away! Security is new concern in social distancing age From its privacy policy and data sharing with third parties, the Maltese are getting to terms with the fact that Zoom has already experienced a major security vulnerability Nice to see you, to see you... nice: how people are meeting and working online. However, the prospect of 'zoombombing' has become a real thing for unexpected online video users Thank you