A company called WebinarTV has been quietly crawling the internet for Zoom links, sending bots with fake identities to join your meetings, recording everything without consent, converting it into an AI-generated podcast, and then — only after all of that — sending you an email to let you know. Congratulations, you’re on air.

404 Media broke the story in March. The mechanics: WebinarTV bills itself as “a search engine for the best webinars.” What it actually does is scrape public Zoom links, infiltrate sessions, and repackage recordings as AI-generated audio under a show called the “Phil & Amy Show.” The platform claims to host over 200,000 webinars. Nobody asked for most of them.

How it starts

Tom Rademacher is a teacher and editor who organised a Zoom call for educators and education advocates after Trump’s election — specifically to discuss how to keep children safe from ICE. He made a deliberate call not to record it.

“I very intentionally did not record the webinar since we’d be talking politics and there were some local electeds and district leaders that were on,” Rademacher told 404 Media. “There were definitely people on there who it would have been bad politically and professionally to be, especially at the time, linked to being anti-Trump in an education space.”

On October 7, 2025, he received an email from Sarah Blair, VP of Communications at WebinarTV. Blair’s profile image appears to be AI-generated. She has no online presence.

“Your webinar is featured on the Phil & Amy Show,” the email read. “They talk about the highlights from your webinar — without giving away too much — to entice viewers.”

The link led to a WebinarTV page hosting the full recording, an AI-generated video summary, chapter markers jumping to different parts of the meeting, and a full AI-generated podcast episode — two synthetic personalities named Phil and Amy discussing the contents of the call, complete with quips and banter between them.

“By suddenly having the whole meeting be public so you could see what [participants] were saying, after all the talk about safe spaces, it just felt super gross,”

—Rademacher

He asked Blair to take it down. She did. Then she sent him a follow-up:

“If you ever decide to expand your webinar audience and take advantage of valuable automated features — such as translation into eleven languages, chapter creation, preview clips, and searchable content within your webinar — we’d be happy to support you.”

They recorded his meeting without consent, got caught, took it down, and immediately tried to upsell him on their platform. That’s the business in one exchange.

The scale of it

When 404 Media started digging, this wasn’t one incident. They found a Zoom call Joseph Cox did with the Freedom of the Press Foundation — one of their own — sitting on WebinarTV. Freedom of the Press told them it hadn’t given permission, though it concluded the situation was “more of a nuisance than a threat and probably inevitable given that our events are public.”

Emanuel Maiberg then clicked a random Zoom call on WebinarTV — an “AI, Equity & Access to Justice” session hosted by the Ontario Association of Black Paralegals. When he reached out to Dayna Cornwall, a project manager at the National Self-Represented Litigants Project who had hosted the call: “This is really odd/unsettling to learn about. We were not aware that our webinar was being recorded by Webinar.TV, and have never heard of it before.”

Two hundred thousand webinars. Educators, legal professionals, medical support groups, addiction recovery meetings, nonprofits. A significant portion of them had no idea.

How they’re getting in

WebinarTV didn’t respond to 404 Media’s request for comment. But CyberAlberta — a Canadian cybersecurity organisation that got caught in the same net — published a detailed investigation into the mechanics.

Their finding: WebinarTV primarily gets access through third-party browser extensions. Extensions with calendar permissions can expose meeting invitation links without the user realising. Some users have apparently submitted meeting details to WebinarTV directly, without understanding what the platform does with them. The extensions in question include AI transcription tools and auto-join utilities — the kind of productivity software that has become standard in remote work environments.

The most damning detail from CyberAlberta’s report: at least one of the known extensions is listed on the Chrome Web Store as being developed by WebinarTV itself. They’re not just exploiting other people’s tools. They built their own door.

Freedom of the Press Foundation speculated that WebinarTV may also be using Zoom’s own API to scrape for public webinar links — which would directly violate Zoom’s terms of service, which prohibit using the API “to scrape, build databases, or otherwise create copies of any data.”

Zoom’s response

When 404 Media asked Zoom, the spokesperson confirmed they’re aware of WebinarTV and similar services, noted they have no affiliation with them, and then delivered the expected non-answer: “These services are not affiliated with Zoom, and the activity described is not the result of a vulnerability or security issue within Zoom’s platform.”

Also technically accurate: “Because these recordings occur on the participant’s device and outside of Zoom’s environment, no platform — including Zoom — has the technical ability to fully prevent third-party screen recording.”

Both of these things are true. Neither of them is the point. Nobody accused Zoom of having a security flaw. The question is whether Zoom has any interest in taking a position on a company that, by its own description, is systematically harvesting sessions from Zoom’s platform using fake attendees and browser extensions. So far the answer appears to be: not really. Zoom’s practical advice to users was to avoid posting meeting links publicly, manually approve registrants, and enable watermarking. The burden, as usual, goes to the people being scraped.

The defence doesn’t hold

WebinarTV’s FAQ describes the service as “DMCA compliant” and “a good internet citizen.” Robertson, when pressed, has argued that WebinarTV only scrapes webinars — not meetings — and that Zoom webinars are public by design. His framing: if a link was accessible, the content was public.

This is a deliberate conflation of technical accessibility with consent. The people on these calls used Zoom webinar format because it handles large attendee counts — not because they were broadcasting to the general public. The educators on Rademacher’s call were there in a trusted context. The addiction recovery participants were there for anonymity. The Graves’ Disease Foundation vetted their attendees one by one from a waiting room. The link being findable doesn’t mean the people on the call consented to being content.

Robertson also claims he contacts every host twice before listing content. What actually happens: the recording goes up first. The email comes after. The consent is requested retroactively, and if the host misses the email, doesn’t recognise it as legitimate, or simply doesn’t check in time, the content stays live.

This is the opt-out model dressed up as courtesy. It shifts the labour of protecting your own privacy onto you, after the extraction has already happened.

Robertson’s track record

This isn’t Robertson’s first run at this playbook. He previously ran MP3Tunes, an online music storage service found liable for copyright infringement in 2014 and ordered to pay $41 million. Build a platform that monetises other people’s content, argue legality when challenged, let the system chase you.

The pattern hasn’t changed. The technology has just gotten better at automating it.

What you should do

If you run Zoom sessions with any expectation of privacy:

• Require manual registration approval. It’s friction, but it’s a filter.
• Enable a waiting room and verify participants before admitting them.
• Lock the meeting once all expected attendees are in.
• Audit which browser extensions have calendar access — yours and, if you can, your regular attendees’.
• Search WebinarTV for your name, your organisation, or your past event titles. If something shows up that shouldn’t be there, request removal at [email protected] — and follow up, because Trustpilot is full of people reporting that the first request did nothing.

CyberAlberta’s full report has a detailed breakdown of how the platform operates and a practical hardening checklist. Worth reading if you run regular public-facing sessions.

The actual product

WebinarTV’s site describes its model plainly: “Search, browsing and playback are all free for viewers. There is no cost for a webinar to be included in WebinarTV. There are additional optional marketing opportunities available for hosts.”

The “optional marketing opportunities” are the revenue line. The free content — scraped from sessions people didn’t consent to share — is the inventory that makes the platform worth paying to advertise on. Rademacher’s ICE meeting, Cornwall’s legal session, the addiction recovery groups: they’re not edge cases. They’re the product.

Phil and Amy aren’t real. Sarah Blair probably isn’t either. But the people on those calls were. And none of them signed up to be content.