back to article Now that's a somewhat unexpected insider threat: Zoombombings mostly blamed on rogue participants, unique solution offered

Researchers have published a detailed look into what makes miscreants invade people's Zoom calls and other video-conferencing meetings – and found the vast majority are inside jobs. Unique per-person access codes could end the trolling. A paper by eggheads at Binghamton University and Boston University in the United States …

  1. Dan 55 Silver badge

    How to make the experience worse than Skype

    One low-tech solution would be to assign unique per-person IDs and passcodes so that credential reuse can be easily spotted and banned in one go.

    Would those be in addition to the meeting code and password, and Zoom account and password? Sounds pretty terrible.

    1. A K Stiles

      Re: How to make the experience worse than Skype

      You don't currently need to have a zoom account and password to join a zoom meeting with the meeting code and password.

      From the sounds of it, the proposal is to replace those generic (for the meeting) codes and/or passwords with a code and/or password combo that is unique to each invited participant, thereby making the random sharing of login details useless, or at least the sharer more easily trackable.

      1. Dan 55 Silver badge

        Re: How to make the experience worse than Skype

        Thing is, how do you distribute per-person IDs and passwords to people without Zoom accounts (people with accounts can get an automated email). The more people without Zoom accounts that are invited to the meeting, the more tiresome it becomes for all concerned.

        It might be easier just to make everyone have a Zoom account, which is where Skype is.

        1. John H Woods Silver badge

          Re: How to make the experience worse than Skype

          AIUI: you create a meeting in Zoom, it gives you a meeting ID and password which manually copy into a group email and send to the invitees.

          Instead of copying the creds from Zoom, why not tell Zoom the list of email addresses to which you need to send invites? Zoom then emails each person individually with a different password based on, e.g., a salted hash of their email address.

          Disclaimer: Trying to do multitask with something else so this suggestion may be rubbish

  2. Robert Grant

    Why aren't they just managing this with requiring students to be logged in? Then they could easily just invite the right people to the session.

  3. MatthewSt

    Security vs Accessibility

    Always a trade-off. One of the main reasons Zoom took off was the ability to "just join" a meeting

  4. Anonymous Coward
    Anonymous Coward

    Somewhere not too far from me (ahem) all Zoom meetings have to have a password of certain complexity and can only be joined by authorised (corporate) accounts.

    Of course that's based on a corporate setup with someone savvy enough to define such polices etc.

    1. Pascal Monett Silver badge

      Re: someone savvy enough

      But that is 90% of the problem - your basic computer user is not savvy enough to implement any form of security. They can't even get passwords correctly, they reuse them everywhere.

      I have long been convinced that using a computer is like driving a car : you should have a license.

  5. Hubert Cumberdale Silver badge

    Is it just me that thinks "Binghamton University" sounds completely made up? It looks like a collision between Birmingham and Northampton. Sponsored by Microsoft.

    1. TimMaher Silver badge


      “Birmingham and Northampton”. That would be Rugby then, or maybe Coventry? Or Nuneaton perhaps? Does Nuneaton have a university? Or Leamington Spa?

      Certainly put together by Microsoft.

    2. RM Myers


      Binghamton University is part of the State University of New York, and is located in the city of Binghamton (thus the name). The city was named after a William Bingham, and Bingham, according to the fount of all knowledge (AKA Wikipedia), is "a surname of English origin". Thus, any concerned about the name should be addressed to our English commentards for explanation.

      1. Dan 55 Silver badge

        Re: Binghamton

        His last name probably came from Bingham, the town, in the UK.

        Now how his last name (and the UK place name) Bingham became Binghamton in the US is entirely a US phenomenon, so it falls upon US commentards for an explanation.

        All I can suggest is it's a word in US English that somehow got stuck forever in the 18th century, like burglarize, oftentimes, spelunking, and obligated. At least you didn't call it Binghamtonshire, because that would be too silly.

        1. RM Myers

          Re: Binghamton

          Ton as a suffix on a place name comes from middle English ton,which is derived from old English tun, which means town, according to Wiktionary Thus, Binghamton is a town named after Bingham. There are a large number of towns in the US with the suffix ton, but there are also a large number with the suffix town. I assume the names that were suffixed with ton probably were settled by immigrants from England.

          1. Dan 55 Silver badge

            Re: Binghamton

            As that ever reliable source of knowledge (Wikipedia) says that Binghamton was settled in 1802 and US independence was in 1776, there's only so much that the UK is responsible for. We gave you a bunch of people and one of the commonly-spoken languages, but when a country declares independence it's generally understood to mean they get on with running their own affairs. That's why it's called Independence Day and not Dependence Day.

            So if a country which has been independent for 26 years starts doing strange things with suffixes that are enough to make one's eyes bleed that's entirely their prerogative. Who is the rest of the world to intervene in internal matters? Certainly there's the argument that international action should have been taken on humanitarian grounds, but at that point in time the UN wasn't around.

  6. Pascal Monett Silver badge

    "He now faces up to 15 years in prison if convicted"

    One more idiot who finds out the hard way that you are not anonymous on the Internet.

    And I'm guessing that he didn't even use a VPN.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like