Protect Stanford Digital Assets from Online Video Scrapers

The Information Security Office (ISO) is reminding you to secure your video conferencing links to help protect Stanford’s digital assets from being scraped by video aggregators.

What’s happening? 

Unscrupulous companies are joining Stanford-hosted video conferences and webinars without permission. They scour the internet looking for links to Zoom, Google Meet, and Microsoft Teams meetings, and might even join your mailing lists to get invitations or use certain browser plugins to gain access. 

Once they’ve gained entry, these companies use bots to attend and record your presentations or download the recordings later once they’re shared with attendees. This content is then reposted on their own websites for commercial purposes, all without your consent or authorization. 

What makes this even more troubling is that some of these companies ignore any requests to take down the stolen content. 

How to protect your meetings 

Here’s what you can do to help protect your Zoom, Microsoft Teams, and Google Meet meeting videos from unauthorized access. 

1. Don’t publicly post join links. 
   When promoting your event, ask people to register or email you for a link. Never post the join links, especially those with the passwords built-in.
2. Require authentication.
   If you expect only Stanford attendees, configure your meeting to require authentication.
3. Use the waiting room. 
   Use the waiting room feature to review attendees before you let them in. You can even ask participants to turn their video on for a moment to verify they’re human.
4. Avoid third-party browser extensions.
   Disable and avoid any browser plug-ins and extensions that claim to make joining video conferences or taking notes more convenient. The official Zoom plug-in is trustworthy, but third-party browser extensions might not be.
5. Remove unauthorized bots.
   If you see any unauthorized bots attending your meeting, remove them immediately. Note that this is becoming trickier, since these companies might misrepresent themselves with human names and pictures.
6. Use watermarking. 
   Consider using the watermark feature in Zoom for live streaming. This will overlay the participant identifiers on video streams.
7. Restrict access and downloading.
   After your event, don’t send mass emails with links that allow anyone to download the video recordings. Instead, require people to authenticate before viewing the content.

Be aware of WebinarTV 

One site suspected of unauthorized webinar scraping is a webinar hosting platform known as WebinarTV.us. They’ve been accused of spamming past meeting attendees with questionable links to scraped content.