What You Should Know Before Leaking a Zoom Meeting

As more and more meetings take place over the videoconferencing service Zoom, it stands to reason that journalists will receive more and more audiovisual material leaked from such gatherings. This new leak medium poses unique challenges, requiring care to avoid exposing sources through digital watermarks or images of the user interface.

At least one Zoom leaker has already been unmasked: a member of the New York State Assembly who apparently filmed his “self-view” while recording a dispute within the Democratic assembly conference over the renomination of the speaker. That may sound careless, but a feature developed by Zoom will allow future leakers to be exposed even without that sort of misstep.

Zoom Watermarking

Many users may not realize it, but Zoom has the capability to insert both video and audio watermarks into a meeting.

The video watermarks are readily perceptible to meeting participants. When enabled, the video watermarking feature superimposes the username portion of each participant’s email address over the content they are viewing when another participant shares their screen and places the same watermark over the current active speaker. Because the video watermark appears across the entirety of the video frame, blurring may adversely impact the visibility of the underlying material.

In contrast, the audio watermarks are not readily perceptible to casual listeners, though they are what in watermarking parlance is known as “overt.” That means the fact that they are embedded is easily discerned by meeting participants: When a Zoom meeting has the audio watermark, or what Zoom also calls the “audio signature,” feature enabled, the meeting will have a green circular icon with a sound wave and a padlock at the top left of the frame next to the encryption icon.

It is not immediately apparent at what point Zoom injects its “ultrasonic” audio watermark into the audio stream — whether this happens only if a meeting attendee presses the Record button in Zoom or if the audio stream is watermarked prior to that point. Nonetheless, when recording a Zoom meeting, it is best to avoid using Zoom’s built-in recording option and to capture the meeting using a third-party audio/video recorder. Zoom mentions that in order to identify the participant who recorded the meeting, they need at least two minutes of audio from the meeting, though it stands to reason that shorter snippets may also be identifiable if they happen to contain the audio watermark.

Journalists should also be wary of publishing raw audio leaked from Zoom meetings, particularly if the source is not sure whether audio watermarking was enabled or not.

Recording Gotchas — Inadvertent Source Identification

Aside from Zoom’s own watermarks, a number of elements appearing on an individual’s own device may inadvertently give away the identity of the person who is recording. If the meeting video is being recorded either via screen recording software or a camera, there are a number of elements to watch out for. For example:

• When displaying meeting participants, Zoom software on a smartphone, laptop, or other device prioritizes displaying the attendee who is using the device. In other words, each participant will typically see themselves displayed in the top row on their screen when in a Zoom meeting. This in turn means that it may be possible to deduce who recorded a leaked Zoom video based on the participant order displayed on the screen. To mitigate against this, prior to video recording a Zoom meeting, the video layout order should be manually rearranged at random. If viewing the video in full-screen mode, care should be taken to remove self-view from the frame.
• The Zoom app should be positioned in such a way on the desktop as to minimize the chance for interference from other desktop apps, such as the chance of new message or email notification pop-ups appearing over the Zoom window. Upon completion of the recording, the video should be carefully reviewed to make certain that no such identifying notifications inadvertently appeared anywhere in the recording.
• In certain cases, even revealing information about the recording user’s underlying operating system may potentially compromise the source. For instance, if the source is recording a video of a company meeting from a Mac, and company personnel are known to predominantly use Windows, it may be possible to check meeting access logs to identify the meeting attendee who joined from a Mac. For this reason, the recording area may be tightly cropped to remove OS identifiers like menu or title bars. Additionally, elements such as mouse pointers should also be excluded from the recording area to avoid leaking information about the OS (owing to the fact that, for instance, a default mouse pointer on Windows machines is white with a black outline, while it is black with a white outline on Macs).
• The participant recording the Zoom meeting should also be mindful of their participation in the meeting. For instance, if typing into the chatbox, this activity may be used to identify the recorder.
• If recording meetings with an exterior device such as a phone camera, be aware that your camera may be uniquely identifiable via visible defects such as unique smudges or scratch patterns on the lens as well as a myriad of forensic techniques falling under the umbrella of source camera identification. For especially sensitive meetings, it is advisable to use a recording device solely acquired for purposes of conducting the recording of a specific meeting and to dispose of the device after the recording.

Zoom meetings present a unique set of challenges for source protection, but these challenges can be minimized by following best practices and taking care not to publish raw meeting materials unless there is high confidence that the recordings were not watermarked and have been thoroughly reviewed to make sure no other potentially identifying features are present in the audio or video.