News & Events

by Kimberly Dorris, Graves’ Disease & Thyroid Foundation

The Graves’ Disease & Thyroid Foundation (GDATF) has hosted monthly patient support group meetings via Zoom for the last several years. I know there are many other patient communities gathering via Zoom, and I wanted to publicly share a recent incident. 404 Media reported on this issue last week via a paywalled article and a non-paywalled podcast. In addition, CyberAlberta and Stanford University have previously reported on WebinarTV’s practice of Zoom scraping, and offer tips for securing your meetings.

A Community Gathering

We occasionally have a family member or two drop in to our monthly GDATF patient Zoom meetings, and we truly appreciate it when loved ones take the time to learn more about Graves’ disease, Hashimoto’s thyroiditis, and thyroid eye disease! With this in mind, we set up a March 24th Zoom support group meeting specifically for parents, spouses, and caregivers. The actual link to join the meeting was not public, but I did post the registration form on our social media accounts. The description of the Zoom meeting was as follows:

“Has a loved one been diagnosed with Graves’ disease, thyroid eye disease, or Hashimoto’s thyroiditis? Join us for a short presentation followed by an interactive discussion with people who understand what your family is going through! This meeting is intended for family members and caregivers only. If you are a researcher, industry representative, etc. please contact GDATF at info@gdatf.org to discuss how we can better assist you.“

The registration form had multiple questions, including three different conditions that attendees had to agree to as well as a radio button option (“I’m attending to support my…”) that required registrants to state who they were attending on behalf of – a son/daughter, spouse, other family member, or client.

The day of the meeting, participants were admitted one at a time from the waiting room, after I confirmed that they were on the advance registration list. Throughout the meeting, there were NO visible AI tools (like Otter) running.

As with all of our support group meetings, this meeting was not intended to be recorded, but rather to be a private discussion among participants.

A Secret Recording

The following morning, I happened to go into my Spam folder, as I was looking for an email invitation for an unrelated event that I hadn’t received. I noticed an email from “Sarah Blair” from WebinarTV. The subject line was: GDATF Zoom Family & Caregiver Support Group Meeting – Tuesday, March 24th at 4:00 p.m. PDT: Now OnDemand with Chapters. The first part of the subject line was the exact Zoom title of the meeting. The email stated:

“I’ve reviewed GDATF Zoom Family & Caregiver Support Group Meeting – Tuesday, March 24th at 4:00 p.m. PDT and set up your On Demand page, along with a new feature called Chapters. Chapters are designed to entice more people to watch your webinar by highlighting interesting topics covered during the session.”

The chapters roughly corresponded to the topics discussed in our meeting, and it appears the content had also been turned into a slop AI Podcast.

There was an option to click a link and hit “Remove”, but my antivirus software was screaming, “Red Flag! Red Flag!” I did end up clicking the remove link, which apparently took the program off the WebinarTV website, but presumably the covert recording still exists somewhere.

A Post-Mortem Analysis

I reviewed the registration report for our meeting, and knew exactly how our program had been infiltrated. “Leona” had completed the multi-part registration form, claiming to have a son/daughter who was a patient – and using an email address ending in “.space”. (By the time you read this, the WebinarTV bots will probably have a new type of email address.)

When we were doing introductions at the start of the meeting, “Leona” did not respond, but at the time, I wasn’t concerned. Sometimes our meeting attendees can’t engage because they are driving or at work – or they are too mentally and physically overwhelmed to actively participate. (Not to mention that we’ve all had the experience of finding ourselves unable to click the “unmute” button at the exact moment we are called on to speak.)

I then notified participants of the situation (we’d actually had a lot of no-shows, which in this case, was a good thing), contacted Zoom, and filed complaints against WebinarTV.

A Betrayal of our Community

For a small nonprofit organization like the GDATF, organizing meetings and producing content requires funds, time, energy, and knowledge. If I hadn’t happened to go dumpster diving in my spam folder the following morning, the GDATF’s stolen content would still be up on the WebinarTV website.

But even more important, participants in this meeting had a reasonable expectation of privacy. When GDATF hosts a public webinar that’s being recorded for later broadcast, there is a canned Zoom announcement that the meeting is being recorded, the host (usually me) personally announces that the meeting is being recorded, and participants who have joined with both audio & video can see the record button at the top of the screen. WebinarTV recorded this meeting without permission from me (the host) or from anyone else in the group.

I received a response from Zoom that basically amounted to, “not our problem – do a better job of vetting your attendees”. They suggested some things I had already done (requiring registration, admitting people from a waiting room) and other things that could potentially make meeting access more difficult.

While it is true that our meeting wasn’t infiltrated due to a technical flaw from Zoom, as a customer, I would still like to see Zoom speak out against companies like WebinarTV that send bots with fake identities to infiltrate meetings and covertly record participants who had a reasonable expectation of privacy.

A Path Forward?

Zoom has allowed patient communities like ours from all over the country – even all over the world – to connect, to share experiences, and to offer support. We deserve to be able to do so in a secure environment. But how far should meeting hosts go to lock down patient meetings? Those who most rely on Zoom for connection and support are might be living with low vision, dexterity issues, or hearing loss – not to mention difficulty concentrating or unfamiliarity with technology. How do you strike a balance between making Zoom meetings as easy as possible to join – while keeping bad actors out of your private conversations? How can you show some grace to patients who could benefit from listening in, but don’t have the energy to engage in a meeting – while ensuring privacy for all the other attendees?

GDATF will be working going forward to balance these competing interests as best we can for the benefit of our community. (And after future meetings, we’ll be checking our spam folder for messages from “Sarah Blair”.)

If you have thoughts to share, please fill out our contact form and select “I Have a Suggestion / I’d Like to Provide Feedback”.