Tom Rademacher runs online educational workshops.

He hosted a webinar on a sensitive topic and deliberately chose not to record it because the content was personal, the attendees were vulnerable, and he wanted no record to exist.

Weeks later, he received a cold email from a company called WebinarTV. It contained a direct link to his webinar session, which was now published as an AI-generated podcast episode on WebinarTV’s platform.

Rademacher hadn’t uploaded anything and hadn’t consented to the podcast creation. He hadn’t even recorded the webinar himself.

So what happened?

WebinarTV describes itself as “a search engine for the best webinars.”

What it actually does is scan the internet for publicly accessible Zoom meeting links, join those calls using bots or AI transcription tools, record the audio, and convert it into podcast content. The company then uses it as a sales pitch to the very people whose meetings it captured. Journalists at 404 Media found their own public event with the Freedom of Press Foundation listed on the platform without their knowledge or consent. (source)

Zoom confirmed the activity is not the result of a vulnerability or security issue on its platform. (source) The problem is the link itself and the settings controlled by the Zoom webinar creator. So no hacking.

A Zoom Meeting Link is a Door With No Lock

If that link is anywhere on the internet, such as embedded in a public calendar event, posted in a community forum, listed on an events page, it’s findable. WebinarTV’s bots scan for the “zoom.us/j/” string across public web pages, and if a link isn’t behind an authentication wall, it’s treated as public. (source)

The meeting being “private” in your mind means nothing if the link is public in practice. It’s the same logic as leaving your address on a public post and assuming only friends will show up.

The fix is the same across every major platform:

stop treating the join link as the access control, and start requiring identity before entry.

Zoom: When scheduling a meeting in the Zoom web portal (not the desktop app), enable “Registration required” under the meeting settings. Set approval to “Manual” so you review each registrant before they receive a join link. Each approved participant gets a unique link tied to their registration, which means a generic link won’t get them in. This is the single most effective change you can make.

Google Meet: In your Calendar invite, click the gear icon next to the Meet link and open Host controls. Set the meeting access type to “Trusted” or “Restricted,” then uncheck the box that says “Anyone with the meeting link can ask to join.” (source) With that unchecked, only participants signed into their invited Google Account can enter. Bots attempting to knock via “Ask to join” are automatically denied without any action required by the host. (source)

Microsoft Teams: Before the meeting, open Meeting options and find “Who can bypass the lobby?” Set it to “People who were invited” so anyone who has the link but not an actual calendar invitation will wait in the lobby until you admit them. (source) Also disable the option that allows participants to forward the invitation, which closes a common secondary vector.

One More Thing Worth Knowing

CyberAlberta, a Canadian cybersecurity organization that investigated WebinarTV in depth, found that some access comes through AI note-taking browser extensions that users install voluntarily. These are extensions that quietly request calendar permissions and forward meeting details to the platform. (source)

For individuals, the fix is straightforward: in Chrome, go to Settings > Extensions and review what’s installed. For any extension with calendar or meeting access, check its permissions and remove anything you don’t actively use.

If you run a security or privacy program you may be rolling your eyes because you know that browser extensions are a major shadow IT problem.

Employees routinely install productivity and AI tools directly in the browser, grant them calendar and meeting access without a second thought, and IT often times never sees it happen. WebinarTV is an unusually visible consequence of that, but the underlying exposure is much broader because any extension with calendar permissions can see meeting links, attendee lists, and in some cases join URLs.

If you run a security program, the WebinarTV story is a useful conversation-starter for adjusting internal policies regarding browser extensions on corporate equipment. Browser extensions that touch calendar or meeting data should probably require explicit approval, not just user discretion.

Whether to ban web browser extensions all together is a conversation for another day.

Looking for help with a privacy issue or privacy concern? Chances are we’ve covered it already or will soon. Follow us on X and LinkedIn for updates on this topic and other internet privacy related topics.

Disclaimer: None of the above is to be deemed legal advice of any kind. These are *opinions* written by a privacy and tech attorney with years of working for, with and against Big Tech and Big Data. And this post is for informational purposes only and is not intended for use in furtherance of any unlawful activity. This post may also contain affiliate links, which means that at no additional cost to you, we earn a commission if you click through and make a purchase.

• Privacy freedom is more affordable than you think. We tackle the top Big Tech digital services and price out privacy friendly competitors here. The results may surprise you.

• Check out our new, free username generator to help you create unique usernames for different accounts. Reusing usernames is convenient, but terrible for your privacy. This tool makes it easy to create unique usernames on the fly.

• Do you own a Smart TV? If so, you won’t want to miss this reader fav post Smart TV Privacy Settings: How to Disable Tracking on Every Brand.

Smart TV Privacy Settings: How to Disable Tracking on Every Brand

September 17, 2025

Read full story

If you’re reading this but haven’t yet signed up, join for free (4.7K+ subscribers strong) and get our newsletter delivered to your inbox by subscribing here 👇