 Okay, so I wanted to just quickly start this exploration of the whole issue of zoom bombing This is something that's been very very topical at the moment was the corona virus was everybody stuck at home The people are basically You know, there's a lot more zooms going on zoom of course being the popular internet meeting service And unfortunately, you know, sometimes was every step forward online. There are negatives as well It's given rise to this phenomenon of zoom bombing in which essentially groups of people Trolls you could say online trolls malicious users will basically in a coordinated fashion floods a Zoom meeting with random people and those are zoom meetings that generally have not been properly secured So I'm just gonna basically given up. I want to actually demonstrate how incredibly You know, how many people are just waiting to jump on zoom links because it's pretty I've started a couple of times He did experiment last week where I was having a zoom meet up with my friends and Tweeted the link just to see what anyone joined and I'm just gonna show you exactly how many people do What kind of people come out because this is demonstrates why it's important to protect your Zooming so this is something opposed from the zoom blog that was published Only a few days ago on the 20th of March About how to keep the gay crushes out of your zoom. They gave a few recommendations The really the top recommendation. I'm just gonna bring over my my zoom client. I'm using Linux. I've also set up a demo account for this purpose Using an alias Shinomo Koon and I've gone I've gone with the one of these websites that generates fake faces So the first thing if you create a new zoom meeting It's up here. It's gonna give you an invite link And the most important thing really is not to share that invite invite link and password with the with the public That's really asking for trouble and specifically, you know any public forum is bad But stuff like Twitter is really bad and you see a lot of the times Sorry, I think that Linux zoom client just crashed over there So let me just start a meeting again, so you will get this Just create a meeting over here. You'll get this invite link You can copy it to the music bring over the notepad just to show you exactly what it contains every time you set up a meeting on zoom you're gonna get one of these and Basically, you have your zoom Join link you have your meeting ID, which is the same as this 10 digit string over here And then you have your password. So if you look at the URL for a second The link the URL that you're gonna pull out of the actual client is gonna contain This is a really dangerous link because you have here the local server is zoom J I believe stands for join here. You have the meeting ID. This is the nine digits over here And then at the end of this year this this aspect here is actually a Key a password key in the URL and you have a digit you have a meeting ID You have a password here, too so basically you certainly don't want to tweet this but even if you use the Even if you send a calendar invite and you get a shorter link So long as you have you give the password as well. That's all people need to join your your zoom meeting So I'm just gonna go ahead and actually end this meeting here We'll create a new one when we tweet out the link and I will show you how many people are just gonna Latch on to a zoom meeting The Linux the Linux client is not the best. It tends to crash quite a lot or so so I have found so I'm just gonna Force to be close it. Okay So that's number one is do not under any circumstance Send your personal meeting ID You know out onto Twitter as I said Another thing would be that when you when you create a zoom meeting You're able to create a waiting room and a waiting room is when When people join your meeting they will immediately go to the waiting room And then you can choose to admit them to the actual meeting or not This is very sensible to do You know, you shouldn't be really sending these in the first place, but that it's a good feature Why not use it? You can also lock the meeting and locking the meeting is basically when That means nobody will be able to join nobody further So let's say you're coordinating a zoom meeting with three participants When the three participants have joined so there's you plus three you can then lock the meeting and nobody can join You can remove people as the host And you can disable their video I'm just trying to think another good thing would be to force them on use when they join the meeting That's another function that you can do so The problem really is that so many people are Tweeting zoom links so Now I've come up with something called zoom rule less and I really meant it in a good way because as I said I think there's a lot of really really good Things happening on zoom and you know, I've joined a few webinars I've joined a few coffee hours for freelancers that kind of thing and They're really good So it's a pity that because there are unfortunately as I said people on subreddits And on discord servers, and they're not looking for interesting things on zoom. They're actually there's discord servers like rude my zoom or raid zoom zoom raid room and they're actually looking to just Screw up people's ones. So this is an example is the volume of stuff You'll get by typing in this is the public zoom URL structure is talking about it. Just find find one here Zoom.us forward slash j and you can see this URL contains all the aspects If you look at the the black The highlights here. It's got zoom.us forward slash j. You've got the meeting ID there and it's got the password as well that link this You know WLPS office of partnerships has quite innocently tweeted out here There will be a board of education meeting tomorrow April 2 meeting will begin at 4. So all you need to know you can figure out I'm sure where this Institution they're based in Connecticut Connecticut's on EST So I'm based in Israel. So all I all I need to do is 4 p.m. EST and tell me for example So 11 o'clock my time tomorrow. I could click this link and that would automatically Open my zoom client and get me into their meeting So the volume is staggering. So if you look at this to this is actually quite slow three minutes two minutes Generally, there is a zoom link. Here you go seven seconds ago 14 21 Every 20 seconds. So look what happens when I click on one of these guys If I was not using Linux. This is one of these these things I need to fix But let me actually just open my open my zoom again for keep me logged in And we can basically just join any of these Any of these meetings so long as we just know that the meeting ID. So for this one I'm just gonna open up this browser here in the site Let's go for this one. For example, I see what we find Copy and paste we will shortly be Joining this over here Here we go Now I'm just joined. I'm gonna just disable my my audio. I'm on I'm on mute. So I've just joined three random people on zoom That's how easy it is. They've no idea who I am like it So I'm gonna leave before they kick me out Um, and that is basically how easy zoom bombing is. Um, there are just as I said, absolutely tons of these So that's what not to do. Um, I want to show you how bad it can get If I do it, let me just do this kind of process in reverse over here. It looks like and I have to Forcibly close zoom again Let's just see what happens out of interest if I tweet out a uh zoom link now Let me just show you actually before I do that the what you should be doing Um, so let me just create a new zoom meeting over here. Um Uh, uh, let's click on host meeting with video Sorry Let's just schedule one actually. I think you get more options this way. Let's just say my meeting um My demo zoom meeting and these are really the things you would want to be doing You would want to be click on this button enable waiting room. Um, and that will basically uh, as I said create the waiting room So now I've created my demo zoom meeting and I can go into my uh desktop client here and start that up first of all Here it is my demo zoom meeting. So I'm just going to start this meeting Okay So this meeting is now underway and what I'm going to do Is tweet out this is the as I said you can see the join URL has everything It's got the meeting ideas got the password And I'm just going to tweet this out for my personal twitter account now I've only in the last week since coronavirus become active on uh twitter Uh, so I don't really have a following but this is just this is just to demonstrate how many people are looking for zoom links Or if people are uh, I actually think the people are looking for Um, you'll get different results based on uh, what you put out there. So okay, that is that is that is what I just pulled out from the ride Okay live zoom meeting happening now anybody is free to join but no bus uh by joining you Consent to being recorders So I'm just going to add a couple hashtags zoom Ah, I'm on my uh demo keyboard over here. I'm on the demo account of my Linux. So I'm I don't know whatever this keyword is. So I'm going to do this very very old school Um, and let's just see observe what happens Give it about 10 seconds. I'm just going to bring this guy over here Uh, open up my participant screen now. Let's just let's just wait a few seconds. We'll see if people join What should happen is that you'll get people joining and uh, they will come into the waiting room And if that wasn't enabled now you want to this is where you can do mute participants on entry So I'm going to enable that and here we go. We've got two people already Um, and this is the lock meeting button. So I'm just going to let them in Admin alt now we've got Um, I'm going to mute myself. We now have uh one two three four Complete strangers in our zoom meeting. There's one person shaking their backside to the camera So I just ended that meeting as you could see there was one guy one guy joined in a balaclava Um, another guy was shaking his backside in front of the camera Um, and that was what maybe 10 seconds after I tweeted that out. So I'm just going to delete this tweet. Um I did give I did uh, tell people that they're being recorded, which is exactly what happened So basically that's a demonstration of why you do not want to um ever Tweet out a zoom link publicly which and include the passwords a really bad idea. Um, I did also want to demonstrate so let me just start a new meeting and uh So that that's the waiting room. That's how that works. It could have rejected them What you do want to do is um, if I just start one more meeting Before I end this video So what you want to do, let's say you do a zoom meeting, um a video one So you want to firstly have the waiting room. We've got any suspicion whatsoever Uh, the people are going to be joining. Um, you then want to Uh, when you go into the participants here and again, I'm using linux So this is not going to be if you're using windows, you'll have a different thing This lock meeting thing first day I would take this me participants upon entry Uh, and I would also take lock meeting. No, no new attendees can join And once you've done that once you have your people in even if they have the join link the join password They will not be able to join. So in this situation where you had 10 people Uh zoom bombing. Uh, I think this happens algorithmically. I think there are I've seen discord servers and subreddits for people who are coordinating. I think it also happens Uh programmatically As well because you saw that was like what 10 seconds, uh, it took for people to join So guys, I hope this has been helpful this, uh, quick demonstration of zoom bombing what it is. Um, so long as I still think that Um, I still encourage people. I'm doing a bit of this. I'm not I'm not a zoom bomber I don't have any interest in trolling people or joining kids in their Uh, in their classrooms because this is I also want to show this There's some really really good things on zoom Um, you have mindfulness sessions. You have, uh, webinars Um There's a lot of weird stuff as well. Uh, I looked at one of these when I was trying to see if you can just what what zooms are being tweeted Zoom jackall means like a jerk off circle or something. So it's people People masturbating, uh, so but you know as well as that you have so there's really good stuff on zoom. Um, I hope that, um You know that people hosting zoom I think the answer is people need to host it in search in such a way that they need to be very careful with, um, tweeting out these things ideally tweet out Something that requires a registration form Um, so that there's at least a gated process, uh, vet the participants But it shouldn't be a case that, uh, you know people have to stop this altogether because there's some really good things happening on zoom Um, and I still encourage people despite the Despite the potential for zoom bombing to continue to to check out what's out there. There's some really interesting good things so, um, I'm gonna end this video here and um My website for anybody, uh Anybody who's anybody who wants to get in touch is danielrosel.co.il I have a contact form there and you can just drop me a drop me a message and I'll get back to you