Protect Yourself From the COVID-19 Trolls

As we collectively try to survive a global pandemic, many businesses, nonprofits, and schools are moving work online. As the most remarkable and terrible event of our lifetimes unfolds, the focus of our collective attention has shifted almost exclusively to COVID-19. And unfortunately so has the focus of much of online harassment, phishing, and scams. The trolls are out in force, and they want your attention, money, dignity, and data. We must all act now to protect ourselves.


Many organizations have adopted the video conferencing system Zoom for video meetings, lessons, and social gatherings. Zoom video conferences are held in meeting spaces called “Zoom rooms.” Each meeting space has a unique URL that lets a web browser or the Zoom app seamlessly join a particular conference room. As a huge new audience is adopting Zoom using default settings without a clear understanding of the privacy implications of each setting, Zoom room URLs get inadvertently published online for trolls to find. Trolls then join these meetings with the intent to infiltrate, observe, and disrupt these meetings. Today, disrupting a meeting by screen-sharing and exposing the audience to pornography happens so frequently we now have a name for it: Zoombombing.

There are many ways to protect yourself from Zoombombing:

  • Limit what attendees can do. The most important step to take to protect against Zoombombing is to disable the ability for non-host attendees to screen-share. I also recommend disabling the ability for attendees to save Zoom chat, record the Zoom meeting, and to carefully consider whether your meeting needs private chat. A good rule of thumb is assume every enabled feature will be exploited somehow by a troll.

COVID-19 Scams

While we all want to be able to do something about the pandemic, most of us can’t. Trolls exploit our focus on and anxiety around COVID-19 to trick us into giving away our credentials, data, and money.

Here’s a round-up of scams to watch out for:

Expect new scams every day. So many thousands of malicious coronavirus-themed web sites being set up per day, domain registrar Namecheap has blocked registration of domains with ‘coronavirus’ and ‘vaccine’ in the name. When it comes to COVID-19, if it sounds too good to be true, it probably is.

Keeping Your Family Safe

As many Americans shift to working from home, many parents are attempting to homeschool kids or support kids in using online learning resources. Information security training company SANs has released a free toolkit for securely working from home and securing kids online:

Ask your teachers and school administrators to share or describe the settings in use for video conferencing tools and online learning portals your children will interact with. What data is captured? Who can enter collaboration spaces? When can audio and video be recorded? You have a right to know what a person with administrator access to a system your child us using can do with this access.

Surveillance technology is on the rise in schools. Know your rights. The EFF has a great guide on what kind of technologies to watch for, how they can track you, and what it means for privacy.

Privacy In the Remote Work Era

As information workers, educators, and students are forced online, we are using hastily adopted systems and tools, and hastily entering into agreements that threaten our basic digital privacy. We need to know what data is collected based on our use of tools, and who owns this data.

Beware “free.” The old saying holds: “When something online is free, you’re not the customer, you’re the product.” We’ve gotten very used to free tools like Facebook that provide us with social connection and also harvest, mine, aggregate, and sell access to our personal information and engagement data.

With most online communication and collaboration tools, it’s consider a “feature” to be able to control what data is stored and for how long- a feature usually only available in the paid version. For example, the free version of Slack stores your message data forever.

Beware surveillance for the supposed greater good. Natural and human disasters typically redraw the lines between civil liberties and security.” As the US struggles to control and contain COVID-19, we should not agree to location surveillance or face surveillance in any population level disease control solution, and certainly never deem it acceptable in online learning systems for our children. Privacy intrusions of any kind must be necessary and proportionate. Many other countries are rolling out pervasive digital surveillance in response to COVID-19. Will the US follow suit? Perhaps there’s a small silver lining in the the Trump administrations’ ethnocentric desire to ignore the advice of our allies and go our own way.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store