privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

📝 Correction | Jitsi Meet is now E2EE #1944

New Issue
Closed
opened 2020-06-08 11:02:02 +00:00 by lrq3000 · 17 comments
lrq3000 commented 2020-06-08 11:02:02 +00:00 (Migrated from github.com)
Copy Link

Description

Jitsi Meet is now E2EE, including the desktop app which is now regularly updated.

I think it's time to upgrade Jitsi Meet as a recommended option in VoIP (and I would even argue the top one since it's not only one of the only 2 voice calling app with E2EE, but also very easy to use - it's also the only opensource desktop app with a floating window ala Skype).

Why I am making the suggestion

Voice conferencing tools are very useful, even critical, in some instances as the recent world situation has shown. And unfortunately the most currently used tools are not the most secure.

My connection with the software

No link, just a (irregular) user.

  • I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
## Description Jitsi Meet [is now E2EE](https://jitsi.org/blog/e2ee/), including the [desktop app](https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.1.0) which is now regularly updated. I think it's time to upgrade Jitsi Meet as a recommended option in [VoIP](https://www.privacytools.io/software/real-time-communication/#voip) (and I would even argue the top one since it's not only one of the only 2 voice calling app with E2EE, but also very easy to use - it's also the only opensource desktop app with a floating window ala Skype). ## Why I am making the suggestion <!-- Anything you would like to tell us about the software? --> Voice conferencing tools are very useful, even critical, in some instances as the recent world situation has shown. And unfortunately the most currently used tools are [not the most secure](https://www.bbc.com/news/technology-52133349). ## My connection with the software <!-- Are you the author? Competitor? Just hating the software with passsion for some reason? --> No link, just a (irregular) user. - [x] I will keep the issue up-to-date if something I have said changes or I remember a connection with the software.
👍 3
lrq3000 commented 2020-06-08 11:37:41 +00:00 (Migrated from github.com)
Copy Link

I also strongly recommend to demote Mumble to a Worth Mention, as it violates the E2EE criterion as stated at the top of the instant messengers page:

We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE).

I know that VoIP is a separate section but for the reader it's really not obvious. Also, although I love Mumble, privacy-wise there are two much better solutions with Jitsi Meet and Linphone, so it doesn't look like Mumble should stay...

I also strongly recommend to demote Mumble to a Worth Mention, as it violates the E2EE criterion as stated at the top of the [instant messengers page](https://www.privacytools.io/software/real-time-communication/#im): > We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). I know that VoIP is a separate section but for the reader it's really not obvious. Also, although I love Mumble, privacy-wise there are two much better solutions with Jitsi Meet and Linphone, so it doesn't look like Mumble should stay...
lrq3000 commented 2020-06-08 12:40:16 +00:00 (Migrated from github.com)
Copy Link

Just for info, E2EE is also supported on p2p (1-on-1) connections.

Just for info, [E2EE is also supported on p2p (1-on-1) connections](https://github.com/jitsi/lib-jitsi-meet/pull/1107).
lrq3000 commented 2020-06-08 12:44:48 +00:00 (Migrated from github.com)
Copy Link

Note also:

  • the E2EE feature is still considered beta (although progressing quite fast and already deployed in the web app and desktop app - but not on Android).
  • Since Riot uses Jitsi for multi-party voice/video calls, this may also allow Riot to support multi-party E2EE voice calls in the future.
Note also: * the E2EE feature is still considered beta (although progressing quite fast and already deployed in the web app and desktop app - but not on Android). * Since Riot uses Jitsi for multi-party voice/video calls, this may also allow Riot to support multi-party E2EE voice calls [in the future](https://github.com/vector-im/riot-web/issues/13953).
CristianAUnisa commented 2020-06-08 20:35:01 +00:00 (Migrated from github.com)
Copy Link

There was a discussion on the subreddit about the Jitsi's E2EE and I read that Firefox is not supported. The app seems like a good idea but I wonder why I can't find it on jitsi.org

There was a discussion on the subreddit about the Jitsi's E2EE and I read that Firefox is not supported. The app seems like a good idea but I wonder why I can't find it on jitsi.org
👍 1
lrq3000 commented 2020-06-09 09:46:34 +00:00 (Migrated from github.com)
Copy Link

Ah, I didn't know, but indeed that's correct, E2EE is not supported on Firefox yet because Firefox does not support Insertable Streams, which is an Emerging Web Specifications, and the basis for the E2EE implementation. This is currently being discussed between the Firefox and Jitsi Meet's teams. The relevant links to track this issue:

Side-note but interesting: Mozilla evaluated the security of Jitsi Meet 5/5 following a recommendation by the Tor Project. So it seems the folks at Mozilla want to support Jitsi Meet, we just currently wait for an official position (and then the technical implementation). From what I understand, Jitsi Meet's team tries to follow the best standards, but Firefox is a bit lacking behind, so it seems just to be a lack of time/resources but the thing will eventually get resolved (just like the other issues Firefox had with Jitsi Meet).

Meanwhile, indeed Firefox users can use the Jitsi Meet's electron app so they don't need to install Chrome. I am not sure why the electron apps aren't listed on the website, but I guess it's because of some mumbo-jumbo about certificates (the recently released apps don't have a certificate - but so are a lot of opensource projects!). I also just found that there is an issue on some Linux distributions such as Debian but a temporary fix is proposed here and a permanent one is being worked here.

So, in the end, I guess the PR should be put aside for the moment until Mozilla publish a position statement.

Ah, I didn't know, but indeed that's correct, E2EE is not supported on Firefox yet because Firefox does not support Insertable Streams, which is an Emerging Web Specifications, and the basis for the E2EE implementation. This is currently being discussed between the Firefox and Jitsi Meet's teams. The relevant links to track this issue: * https://github.com/jitsi/jitsi-meet/issues/4758 * https://github.com/mozilla/standards-positions/issues/330 Side-note but interesting: [Mozilla evaluated the security of Jitsi Meet 5/5 following a recommendation by the Tor Project](https://foundation.mozilla.org/fr/privacynotincluded/products/jitsi-meet/). So it seems the folks at Mozilla want to support Jitsi Meet, we just currently wait for an official position (and then the technical implementation). From what I understand, Jitsi Meet's team tries to follow the best standards, but Firefox is a bit lacking behind, so it seems just to be a lack of time/resources but the thing will eventually get resolved (just like [the other issues Firefox had with Jitsi Meet](https://github.com/jitsi/jitsi-meet/issues/4758#issuecomment-605666461)). Meanwhile, indeed Firefox users can use the Jitsi Meet's electron app so they don't need to install Chrome. I am not sure why the electron apps aren't listed on the website, but I guess it's because of some [mumbo-jumbo about certificates](https://github.com/jitsi/jitsi-meet-electron/issues/178) (the [recently released apps don't have a certificate](https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.1.0) - but so are a lot of opensource projects!). I also just found that there is an issue on some Linux distributions such as Debian but a temporary fix is proposed [here](https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.1.0) and a permanent one is being worked [here](https://github.com/jitsi/jitsi-meet-electron/issues/231). So, in the end, I guess the PR should be put aside for the moment until Mozilla publish a position statement.
👍 4
dngray commented 2020-06-10 04:06:55 +00:00 (Migrated from github.com)
Copy Link

Make sure to see my pull request https://github.com/lrq3000/privacytools.io/pull/1

Make sure to see my pull request https://github.com/lrq3000/privacytools.io/pull/1
CristianAUnisa commented 2020-06-10 16:08:49 +00:00 (Migrated from github.com)
Copy Link

@lrq3000 thank you for posting Mozilla's stance. Would it be good to insert a note about the E2EE suggesting the Jitsi app since it seems like a good alternative to other privacy-unrespecting apps?

@lrq3000 thank you for posting Mozilla's stance. Would it be good to insert a note about the E2EE suggesting the Jitsi app since it seems like a good alternative to other privacy-unrespecting apps?
lrq3000 commented 2020-06-10 18:19:02 +00:00 (Migrated from github.com)
Copy Link

@dngray yes tjank you, i will update the PRs accordingly.

@Asbesbopispa I'm not sure i understand what you suggest, but i have added a Experimental E2EE warning label about the issue with Firefox, as otherwise E2EE is indeed already deployed and working (and i also think jitsi meet is a nice alternative to other voice reunion softwares). Is that what you had in mind?

@dngray yes tjank you, i will update the PRs accordingly. @Asbesbopispa I'm not sure i understand what you suggest, but i have added a Experimental E2EE warning label about the issue with Firefox, as otherwise E2EE is indeed already deployed and working (and i also think jitsi meet is a nice alternative to other voice reunion softwares). Is that what you had in mind?
CristianAUnisa commented 2020-06-11 15:36:31 +00:00 (Migrated from github.com)
Copy Link

@lrq3000 I was thinking about the fact that even if a lot of people hate electron, the app seems like a good idea from two perspectives:

it can be a good compromise instead of using Jitsi on Firefox (which has the issue mentioned before);
it's an alternative against video-calling services which are not respecting users' privacy.

There's another issue, which is the fact that Firefox is the only browser suggested for PC on the privacytools website and there isn't a Chromium-based alternative. That's why I would suggest to get the Jitsi app instead.
Thank you for answering me; I'd like to know if there are any downsides in my argument, so let me know what you think about it.

@lrq3000 I was thinking about the fact that even if a lot of people hate electron, the app seems like a good idea from two perspectives: it can be a good compromise instead of using Jitsi on Firefox (which has the issue mentioned before); it's an alternative against video-calling services which are not respecting users' privacy. There's another issue, which is the fact that Firefox is the only browser suggested for PC on the privacytools website and there isn't a Chromium-based alternative. That's why I would suggest to get the Jitsi app instead. Thank you for answering me; I'd like to know if there are any downsides in my argument, so let me know what you think about it.
👍 2
lrq3000 commented 2020-06-11 19:06:59 +00:00 (Migrated from github.com)
Copy Link

You are correct @Asbesbopispa, I tested the apps and they support E2EE, so they are indeed a good alternative instead of Chrome (and hence why we may already add Jitsi Meet as a recommendation IMHO).

I have updated my PR as follows:

  • link in-text to the desktop apps, in order to nudge users towards using them instead of in-browser.
  • the E2EE warning label now explicitly suggests to use the desktop apps until E2EE gets implemented in firefox:

E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead.

Do you think this is ok like that?

You are correct @Asbesbopispa, I tested the apps and they support E2EE, so they are indeed a good alternative instead of Chrome (and hence why we may already add Jitsi Meet as a recommendation IMHO). I have updated [my PR as follows](https://deploy-preview-1945--privacytools-io.netlify.app/software/real-time-communication/#voip): * link in-text to the desktop apps, in order to nudge users towards using them instead of in-browser. * the E2EE warning label now explicitly suggests to use the desktop apps until E2EE gets implemented in firefox: > E2EE in Jitsi Meet is dependent on Insertable Streams, which is currently supported in Chrome but not Firefox. The mobile apps also do not support E2EE for the moment. Prefer to use the desktop apps instead. Do you think this is ok like that?
CristianAUnisa commented 2020-06-12 09:33:36 +00:00 (Migrated from github.com)
Copy Link

@lrq3000 I think your update is alright; hope I didn't annoy you with my thoughts!

@lrq3000 I think your update is alright; hope I didn't annoy you with my thoughts!
lrq3000 commented 2020-06-12 09:45:03 +00:00 (Migrated from github.com)
Copy Link

@Asbesbopispa No on the contrary you're very welcome! Thank you for your pertinent feedback :-)

@Asbesbopispa No on the contrary you're very welcome! Thank you for your pertinent feedback :-)
thansk commented 2020-06-14 08:08:55 +00:00 (Migrated from github.com)
Copy Link

I also strongly recommend to demote Mumble to a Worth Mention, as it violates the E2EE criterion as stated at the top of the instant messengers page:

We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE).

I know that VoIP is a separate section but for the reader it's really not obvious. Also, although I love Mumble, privacy-wise there are two much better solutions with Jitsi Meet and Linphone, so it doesn't look like Mumble should stay...

Mumble servers a completely different demographic from Jitsi or anything else. It serves as an alternative to discord, as it offers PTT (which afaik, no other app offers). I don't think it should be removed.

> I also strongly recommend to demote Mumble to a Worth Mention, as it violates the E2EE criterion as stated at the top of the [instant messengers page](https://www.privacytools.io/software/real-time-communication/#im): > > > We only recommend instant messenger programs or apps that support end-to-end encryption (E2EE). > > I know that VoIP is a separate section but for the reader it's really not obvious. Also, although I love Mumble, privacy-wise there are two much better solutions with Jitsi Meet and Linphone, so it doesn't look like Mumble should stay... Mumble servers a completely different demographic from Jitsi or anything else. It serves as an alternative to discord, as it offers PTT (which afaik, no other app offers). I don't think it should be removed.
👍 1
lrq3000 commented 2020-06-14 09:02:19 +00:00 (Migrated from github.com)
Copy Link

@thansk Ah ok I didn't think about it, then I agree that Mumble is a better alternative to Discord. But they really should implement E2EE, I hope they will someday :-/

@thansk Ah ok I didn't think about it, then I agree that Mumble is a better alternative to Discord. But they really should implement E2EE, I hope they will someday :-/
👍 1
cryptocat8 commented 2020-06-22 08:02:34 +00:00 (Migrated from github.com)
Copy Link

I figured out 8x8 Video Meetings is better than normal Jitsi meet, if you are not self hosting. You should mention that too and it have some cool features too.

I figured out 8x8 Video Meetings is better than normal Jitsi meet, if you are not self hosting. You should mention that too and it have some cool features too.
lrq3000 commented 2020-06-22 08:26:07 +00:00 (Migrated from github.com)
Copy Link

@Lostname777 The software needs to be opensource to be recommendable on PTIO, and it seems this one is not. Furthermore it doesn't appear to have E2EE, which Jitsi Meet provides now.

@Lostname777 The software needs to be opensource to be recommendable on PTIO, and it seems this one is not. Furthermore it doesn't appear to have E2EE, which Jitsi Meet provides now.
cryptocat8 commented 2020-06-22 11:41:09 +00:00 (Migrated from github.com)
Copy Link

@lrq3000 8x8 also have E2EE now, till now only in browser support like Jitsi Meet.

@lrq3000 8x8 also have E2EE now, till now only in browser support like Jitsi Meet.
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
dependabot/bundler/nokogiri-1.13.6
dependabot/bundler/addressable-2.8.0
freddy-m-patch-3
pr-add_RemoveMyPhone_sponsor
pr-browser_cleanup_1257_1328_1430
freddy-m-patch-2
freddy-m-patch-1
pr-vpn_hated_one_video
cdn
update-nitrohorse-image
promote-metager-to-card
hardware
pr-add_azirevpn
pr-add_mailfence
shop
1673
pr/1658
i18n-simple
sponsorship-edits-nov2019
i18n
ipfs
blacklight447-ptio-patch-3
blog
remove-windows-icons
pr/1147
i18n-testing
add-beautify
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#1944
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?