Preventing Trolling, Doxing, Zoom Bombing

Malicious acts on the internet including trolling, doxing, and Zoom bombing are real threats to intellectual freedom and the safety and security for our Lobo community. Emboldened by the relative anonymity of the internet and enabled by access to systems that do not require authentication to share video, text, and images, these acts are typically perpetrated by people outside of the UNM community who want to disrupt events and prevent the free exchange of ideas.

Whether personally or politically motivated, or dismissed as a “prank” by the perpetrator, these acts are not harmless, and it is in the interest of the UNM community to take active measures to prevent them from occurring. This includes active measures to prevent unwanted participants from joining a meeting or a webinar, and measures to limit the ability for meeting participants to post objectionable materials or comments.

In order to protect the safety and security of meeting participants, access to online meetings should be protected by a password or authentication.

When using a web conferencing session for a class, meeting hosts should require authentication, and we recommend using the integration with UNM Canvas to schedule the meeting directly in your course.

For meetings in which not all participants have UNM credentials or one or more meeting participants need to join by phone, meeting hosts should require a password to join.

Preventing Incidents

Most Zoom bombing or trolling incidents are the result of an open Zoom account or meeting ID which has been publicly posted online. This opens the door for anyone (including unwanted guests) to join your meeting. Sadly, we've had reports of malicious people seeking out publicly posted meeting links on social media and other online sites to join, disrupt, and terrorize attendees.

We strongly recommend you take the following actions to reduce the risk of a malicious meeting interruptions:

  1. We recommend a "bouncer" strategy. add one or two co-hosts who are familiar with Zoom settings and controls to assist with managing users and monitoring their interactions.
  2. You and your co-hosts should be familiar with the in-meeting security controls. (the shield symbol at the bottom of the meeting tool bar). These tools allow a host to quickly disable chat, prevent users from unmuting themselves, etc., when that becomes necessary.
  3. Enable the Waiting Room. This is a pre-meeting setting that gives you and your co-hosts the ability to look at those joining the meeting and allow them in one at a time. While this is not fool proof, it does add an additional layer of security so that you can rule out someone who obviously does not belong based on their name and email (e.g. people who intend to disrupt may have vulgar user names or email addresses since these can be modified by users themselves).
  4. Disable Chat (an in-meeting setting). Or if you choose to keep chat enabled, adjust participant chat settings to either "Everyone Publicly" or "Host Only" to prevent a participant with bad intentions from harassing others via private chat. If you choose to have chat enabled, have your co-hosts attentively monitor chat and remove disruptive participants (we recommend pushing users back to the waiting room to ensure that you don't permanently eject the wrong person by accident).

We advise that you and your co-hosts become comfortable with the recommended settings and controls.

Hosts should always:

  • Schedule class meetings via the integration with UNM Canvas.
  • Use separate meeting IDs for each meeting type.
  • Require authentication by enabling “Require authentication to join” or require a password.
  • Disable “Allow participants to join anytime”.
  • Use separate meetings for each class. You should create separate meetings for each class/meeting type. These can be recurring meetings in the case of regularly scheduled meeting times or online office hours, but should be unique from class to class. We do not recommend publicly sharing your personal meeting ID. You can think of your personal meeting ID as a standing meeting that never expires. Use "Generate Automatically."
  • Grant access for participants to share screen content only when specific individuals are expected to present.

Hosts should never:

  • Post meeting links to unprotected meetings or classes publicly on social media, websites, or other online locations. This will minimize the chance that someone looking for opportunities to disrupt meetings will discover and access your meeting.
  • Share recordings containing student interactions using Zoom. Shared recordings in Zoom give anyone with the link unauthenticated and access that cannot be tracked or audited. We have other tools for securely sharing video—such as Kaltura available through UNM Canvas.

Responding to Incidents and Getting Support

When incidents occur, it is important to report the incident so that UNM departments can investigate the issue and follow up. If the incident is related to Zoom Bombing, please include the meeting link or meeting ID in your report of what happened. Individuals exposed to negative incidents online may also choose to get support from one or more of UNM's many support resource centers.

UNM Code of Conduct

UNM expects campus activities to be respectful of a diverse community and supportive of students, faculty, and staff with a wide range of backgrounds and experiences.

By registering for and participating in UNM supported events including Zoom meetings and other online activities, you agree to comply with and be bound by UNM’s policies including Acceptable Computer Use Policy (2500), UNM’s Respectful Campus Policy (2240), and Faculty Handbook, C09: Respectful Campus.

Failure to comply with these policies may result in sanctions against the individual, including removal from the Zoom session, and may also result in disciplinary action against the individual, including, but not limited to termination of employment and/or academic suspension or expulsion. Civil or criminal legal actions may also be taken, as appropriate.