Emanuel Maiberg of 404 media published a report looking at a website called WebinarTV that isn’t strictly webinars as the name implies.

Instead, as Maiberg found, WebinarTV publishes recordings of Zoom calls, then turns those calls into an audio podcast “hosted” by AI voices. Oh, and the catch? Not all of those Zoom calls were public.

According to Maiberg and a report by CyberAlberta, WebinarTV most likely gains access to recordings of obstensibly private (in that they weren’t recorded and published online by the real host) Zoom calls in one of two ways:

  1. Most likely: WebinarTV collects meeting room details (including access links) through browser extensions that automatically join the user’s Zoom calls and provide “AI notetaker services.” According to CyberAlberta, known extensions feeding data to WebinarTV include:

GoToWebinar and Meeting Download Recordings (published by meetingtv.us), AutoJoin for Google Meet, Meet Auto Admit, OtterAI, NottaAI

  1. Less likely: The WebinarTV scraper finds “click to RSVP” links for Zoom meetings on webpages, then registers a bot attendee. This “attendee” then captures the meeting content.

In both cases, the recording is a screen recording, not a meeting recording.

When you initiate meeting recording in a Zoom call, all participants get a notification that meeting recording has begun. This recording is then either stored on the host’s computer or in their Zoom cloud account, depending on the type of plan they have. It’s a video file of just the Zoom video content—speakers and slides shared during the call. (Transcripts and chat records can be available too, depending on the host’s settings, but these are separate files.)

But if an attendee screen records the call, nobody in the Zoom room knows. Screen recordings just capture the contents of your actual computer screen or a window on it. This includes a list of participants or the chat bar along the side of a Zoom call, if opened up on the recorded screen.

Are your Zoom meetings at risk?

Unfortunately, there’s not a lot that individual Zoom hosts can do to prevent this, largely because of how likely it is that WebinarTV is gaining access through attendees’ notetakers.

A decent, though not foolproof, way to handle this would be to:

  1. Don’t publish meeting RSVP links online. Send RSVP links directly to the people you want to invite, or invite them via a calendar event.
  2. Require that attendees type in a meeting passcode (vs. having Zoom automatically provide access to the meeting when a join link is clicked).
  3. Process attendees through a waiting room that requires a host to allow access.
  4. Tell all attendees up front that no AI notetaking plug-ins will be allowed to attend the meeting.
  5. Manually remove AI notetaking tools from the call as they’re added.
  6. Once the call starts, lock the meeting to prevent any other people or bots from joining.

This still doesn’t stop the attendees’ browser extensions from collecting information and it doesn’t completely guarantee that your meetings won’t be screen recorded.

It’s also a nearly impossible task to manually monitor, vet, and remove attendees during a very large group call.

And finally, there’s the fact that AI notetaking devices do offer accessibility benefits. In this case, it would be most “secure” for meeting hosts to capture the meeting recording, summary, and transcript using Zoom’s native tools, then share that with attendees afterward.

Why is WebinarTV doing this?

Money. This is entirely a money grab. WebinarTV sometimes sends emails to hosts whose meetings were uploaded and offers to “help” them “distribute” and “market” the content further…for a fee, of course.

There’s a lot of money in data, too, such as being able to gather (and sell) lists of email addresses affiliated with a particular event or group. I don’t have any proof that WebinarTV has done this, but it also wouldn’t surprise me at all.

Other video calling options

While Maiberg’s article and CyberAlberta’s report focus on Zoom, CyberAlberta does note that a similar risk could be present with other video-calling platforms. And the list of affected browser extensions clearly refers to some marketed to Google Meet users.

Again, while nothing is foolproof, the most popular video calling tools are often most likely to be vulnerable to attacks like this. There’s financial benefit for bad actors to learn how to breach highly popular tools—it gives them a lot of content to collect.

I began using an encrypted, European-based video calling app, Whereby, in 2024, though I still use Zoom for some meetings I host (and often have to join other people’s Zoom rooms, of course.) Whereby uses encrypted, locked rooms by default and isn’t as deeply integrated with calendar apps and extensions as Zoom is.

Whereby also offers a very simple, nice web-browser-based experience for its users. I’ve had multiple people join calls with me from their phone browser and comment on how nice the whole video call experience is.

And, of course, there’s always just good old phone calls. While “one party permission” call recording is allowed in some countries, provinces, and states, a phone call isn’t going to include any of your proprietary diagrams and slides for all to see.

For now, though, when I need to host a video call, I’ll be opting for the smaller-tech Zoom alternative found in Whereby.