Authentication on meet.jit.si(jitsi.org) |
Authentication on meet.jit.si(jitsi.org) |
One instance that our national educational network organization hosts is at https://vid.arnes.si./
I don't want to set up an entire LDAP server when I already have Authelia running.
Think conversations like discussion of abortion, and other things where the service in certain locations needed to be private to the point subpoenas wouldn't be a threat. This is also why they've been waiting for insertable streams to be fully implemented in Firefox- those tickets were pushed most heavily because of Jitsi's videocalling.
This was driven by when they implemented an end to end encryption option- and being open source , something people could feel safer about than trusting Meet's (the former Duo)'s one on one calls.
The best part is this was something you could bring up on any computer. Signal , you need to own the device- Jitsi was more free than Signal in some ways- and of course it helps not being tied to a identifier(Signal has not yet implemented removing phone numbers as an identifier)
-Does this mean there's no free, end to end encrypted anonymous alternative that would be useful for those who are not technically inclined- but worry about Subpoenas, and need end to end encryption? That's as accessible(Jitsi was from a simple web interface no matter your device, alternatives like Jami and Meet aren't - and the account thing hurts)
Because trusting a Github, Google ,or Facebook login to not be vulnerable to subpoenas - is a nonstarter. ( I am aware of the efforts of Google, Facebook, etc to mass E2EE communications from test messages to all messenger messages - I don't think this is immune to legal/coercive efforts such as you might see in the UK/Australia, and also think the anonymity layer is going to be the crucial for some people. ...I'm aware ease of use plays a role in abuse- but i'll point out bad actors(who are technically capable at least a little apparently) have the resources to still abuse Jitsi(if someone had an axe to grind against Jitsi) regardless of these additions- [example:Google accounts can be still mass created anonymously via Android phones/burner phones /etc]
I dislike this, having been banging my head against the wall given my efforts over the past few years to teach end to end encrypted options and their usage to those who need them most, for the mentioned reasons.
For now I will resort to bugging people to switch to other instances at https://jitsi.github.io/handbook/docs/community/community-in... - but we badly need more options just as accessible- what other E2EE anonymous web-browser accessible tool is as available to the masses, that they can be convinced to use?
Just stand up your own instance and make it available to the anonymous public?
Jitsi itself isn't going away, just their anonymously-accessible instance.
By all accounts it's very easy to operate and requires very little in terms of resources. Hell, DO even has a droplet available.
So what's the problem?
We're not all sysadmins that can set up such a thing.
"Element Call is temporarily not end-to-end encrypted while we test scalability."
Convincing is a different matter, though.
Don't blame Jitsi. Blame the people abusing their previously wide open service. They're why we can't have nice things.
As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.
First step auth, second step payments/subscriptions/premium/whatever, third step sold to a big corp where it will be destroyed.
But anyway, for anyone wanting an alternative peercalls has been really reliable for us.
Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
And if the complaint is that now Jitsi can tie back activity to a durable identity: yeah, that's the entire point. They're fighting abuse. At some level, to prevent that abuse, they need some form of trustworthy authentication. That, by definition, means to some extent piercing the veil of anonymity.
It's also why running their own auth doesn't fundamentally solve the problem, as anonymous users creating their own accounts on their platform is a minor speed bump to folks who would use the service for nefarious activity. For that auth to be worth anything, they'd have to engage in their own forms of user verification, and that'd be no more privacy protective, and frankly probably less so since you'd have to trust their security posture.
The fact is they simply cannot run the service in a way that's both perfectly anonymous to Jitsi themselves and simultaneously resistant to abuse (thereby protecting them from potential liability).
Look, I get it, I'm not a fan of the big tech providers, either. But the claim that this somehow crosses the privacy rubicon is a massive overreaction. And the software itself remains as Free and Open Source as it ever was.
At the height of the pandemic I started using Jitsi for all my conferencing needs and was very happy to find that 8x8 had a paid-for option so that I could support Jitsi development through a 8x8 Meet Pro subscription. However, in December 2022 8x8 decided to axe the service and replace it with their "X Series plans" that are an order of magnitude more expensive (can not even find quotes easily right now [1]) and clearly geared towards large-scale enterprise. "By moving to 8x8 X Series, you will have access to features like business SMS/MMS, unlimited calling to select countries, fax, voicemail transcription, integrations with business applications, call queuing, analytics, and more.", sounds great right? But not really to someone wanting to have a fixed URL and make twelve or so video calls per week on a budget.
[1]: https://www.8x8.com/products/plans-and-pricing
This effectively forced me to go and "freeload" on Jitsi again, despite being willing to pay. However, I refuse to go crawling to Facebook, Google, or Microsoft for an account as I worked long and hard to divorce them already. It is doubly frustrating when you know that 8x8 has an account infrastructure (I have used it) and they are deciding not to offer it to us.
So, yes, we are not entitled to their free labour. But it is not like their track record is perfect here. This could all have been done much smoother.
To end on a more positive note, I posted this story a few days ago [2] and here are some alternatives that were brought up:
[2]: https://news.ycombinator.com/item?id=37258646
Do seriously consider supporting organisation that provide these services so that we can continue to have nice things. I would also love for there to be a Jitsi alternative out there with a "leaner" technology stack and higher focus on security that (paranoid?) people such as myself would feel more comfortable hosting on our own.
Pretty much every web site that requires login allows local registration. This is the first web i heard about that requires third-party registration. That seems absurd to me.
Wait. They want me to sign up to Google, Microsoft or Facebook (worst possible choice ever) and I shouldn't complain. Seriously?
Then, what kind of complain/criticism is OK?
Is it inconvenient? Sure. Nobody is claiming it's not. But to say the option doesn't exist because the public instance doesn't allow it is a bit of a stretch.
This is more like a homeless shelter, who’s clientele are not actually homeless, adding a policy of asking for id at door.
It would be technically a correct statement just like the self-hosting suggestions here.
I don't have a Google, Microsoft/Github and Facebook account. Do you know what they require to register one in terms of privacy? Their terms are horrendous. Jit.si must not care about privacy or they'd have other OAuth options from the start.
>Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
I don't think you know the typical user profile of Jit.si. If people are happy with Google, Microsoft and Facebook, then why use Jit.si instead of their own video call offering?
Such as? What provider would you be comfortable with?
This hits the nail on the head. It’s not just about having an account with those platforms or being unhappy with their video call services. It’s more about which platforms one chooses and for what reasons. Those who choose jit.si would be the ones who want to avoid these tracking and profiling platforms and/or are completely against those platforms.
Ironically, this led me to self-hosting Jitsi with the Jitsi Helm chart and putting it behind oauth2-proxy so my friends and I can use it. Deploying Jitsi with the Helm chart is remarkably simple and does not consume that much memory.
If anyone is interested in self-hosting: 2 GB is my RAM usage on idle when running videobridge, web-ui, prosody, and oauth2-proxy atop k3s in its default configuration. You do have to open a stupidly large range of ports to UDP traffic for videobridge, though. With that said, it's been a reliable solution and does not need me or my friends to create $BIGTECH account.
If you're hosting things for internal consumption it's a generally good rule to put the memory burden on the server if you can.
This gets worse if you only have a few calls per month. The cost and management overhead doesn't scale at all.
The "actual" amount of memory that goes into running jvb and jicofo seems to be roughly 600 MB, which is still a lot to some, I guess. But I was able to run a meeting with three people and share my screen with peak memory usage at 2.2 GB -- again, for the whole system.
k3s-server makes up nearly half of the 2 GB idle figure, sitting at about 700 MB of usage (according to the top(1) command I ran for this post).
If 2 GB idle memory usage is too much, then I would say ditch k3s entirely and handle everything with docker-compose, using Nginx as your reverse proxy. That should at least bring the figure down to about 800 MB (jvb, jicofo, prosody, containerd, oauth2-proxy, nginx).
So, who is the OAuth provider?
If you have no cookies or expired ones, oauth2-proxy will take you a page with a simple "Log in with OpenID Connect" button, which then takes you to the login page of the Forgejo instance. If you're not logged in, then you provide your credentials. Otherwise, you get redirected back to Jitsi with cookies that are good for a week.
That’s only slightly more clear, since it just says what’s not happening. Does anyone know what is happening? Does it involve potential violations of law, or is it just the TOS?
Sexually explicit "meetings" wouldn't even be a particularly surprising use case, and 18 USC 2257 has a bunch of carve-outs for service providers.
My suspicion is that there was CSAM or similarly abhorrent content being broadcast in meetings. Unfortunately, this is a class of users which would be drawn to a service which promised anonymity and E2E encryption.
All things you don't want your company to be associated with so you don't name it.
If it would just have been things which are illegal but not that problematic like copyright violations or a bit of (legal, non forced) porn they might have spelled it out.
I'm down to experiment with self hosting, I just feel that most users out there won't be and it'll ding their user count. It might be for the best if it squashes the malpractice they are seeing.
Because... it's not Google? For some people that may be a plus.
I'm not judging, but on my side it's hard to justify using meet.jit.si anymore.
https://jitsi.github.io/handbook/docs/community/community-in...
I hosted my own instance once via digital ocean; they have a preconfigured vps droplet that works pretty much instanously
Also, why exactly did we introduce IPv6 again? Everything today is NAT-within-NAT-within-NAT (much of it using IPv4), and almost nobody has a publicly routable IP address. Was the whole transition just a massive waste of effort?
If one becomes an associate member of the FSF, one of the perks is access to a Jitsi server that they run.
It's two clicks and you're in, easy peasy. I'm very grateful. I give classes over webcam and it does not let me down.
We’ll keep moving forward making (hopefully) the best open source meetings tool out there.
To answer a few recurring questions:
- Only the first user needs to be authenticated
- This change does not affect the self-hosted deployments, you can choose what auth (or none at all) to use
Is it the first user to join the meeting (so it could be the host or a guest)? Or is it the person who created the room (and may likely be the first person to join the room)? I’m glad to get this answer here, but it’d be useful to document this on your help or support pages and share the link as well.
Since the room won’t start without users, the first one will need to log-in or wait for someone else to do so.
The beauty of Jitsi Meet was that any URL was a valid room. That was such great UX.
Of course, other Jitsi Meet instances still exist. But this will probably still influence the project's direction.
Not great, but it does at least give some accountability.
There's still plenty of other instances out there, and it would give a far less ambiguous message if they just pointed people to community-maintained instances.
Moving to a "we only serve Google/MS users" while claiming a focus on privacy definitely doesn't send out the right message
Wikipedia literally uses the word "decentralized" to describe the Fediverse, which would seem to violate your personal definition:
https://en.wikipedia.org/wiki/Fediverse
> While a traditional social networking site will host all its content on servers owned by the parent company, the decentralized social media sites that make up the fediverse allow any individual or organization to host their own servers (referred to as an "instance").
Routers are computers. You'll be waiting a long time.
Through I hope they have a way for registered people to invite someone to join a meeting without a login (through with a bunch of limitations, like them being responsible for the person joining).
For example so that in case of a remote job interview the company can give them to the interviewee.
I just played around with it now; it looks like login is only required to create the room -- that is, only one person at all needs to log in. Everyone else gets a "waiting for the moderator" screen before someone logs in, and just goes straight in w/o login afterwards. Presumably that person will the ability to kick people out, and can be held responsible for not doing so.
if I understand correctly the creator of the meeting needs to have an account but other people can still join without it?
What makes it worse, I've been almost successful in weening friends and colleagues off Zoom and that's no easy task. Now it's all for nought.
Damn nuisance really.
Using email login doesn't archive that (and is more work).
Using providers like Facebook, Google, GitHub is good enough, through e.g. in case of GitHub definitely not perfect. But good enough is good enough.
I just which there would be more anonymity protecting *independent* auth providers you could widely use (which still could allow you to properly ban someone).
KYC has gotten wildly out of control.
So Jitsi loses the case for privacy and goes and requires Big tech logins such as Google, GitHub (Microsoft), Facebook (Meta).
Oh dear.
Having been on both sides, we need more decentralization and a way to disconnect From those decentralized points. Not much else can be done besides a never ending game of cat and mouse.
The auth requirement is probably just a way to limit load and force people to at least attach their usage rates with an identity of some kind, so if one person or org is using thousands of hours of server load they can start charging for the service.
Jitsi having to do things like this might be inevitable. But I still have a look of disapproval for whomever was abusing the service.
The meeting continues even if the person with the account leaves; as long as someone stays in the room, it persists and people can (re)join.
I don't like this change but their free (beer) service is still more respectful than GOOG Meet or MSFT Teams.
Suffice it to say there are other things you can do besides just a central relaying server, but it's the most common architecture.
My ISP supports ipv6 and i have it configured - however their software on the router/AP is bad and does not allow setting up a firewall for ipv6. This is inherent with ipv4 NAT (with uPnP disabled). So it forced me to use my own router - still the interface for ipv6 firewall is non-existent, but at least i can write firewall rules manually.
Why do I need firewall on router? Because devices on my network have services open on all interfaces - For example "smart" weather station has web service open for all to see. This is absolutely non-issue when only using ipv4 behind NAT.
Another issue is revealing of internal network topology to outside world - this is something that NAT hides really well.
Through a lot of their code isn't being a middleman but making the video streaming on all clients work, which is easy for some MVP hobby project but hard to make it actually work reliable across the many different devices and software versions used in the wield.
Then there are features like noise filters, background video filters etc.
The days of everybody having exactly one computer with a rarely-changing IP address are over. These days, most people have a phone which changes its IP address a few times a day (when you leave your house and switch from WiFi to cellular and then go back.) If you wanted to be directly reachable, you'd need to share these changes publicly, which would make it pretty trivial to figure out when you leave home, who you visit, which cafes with free WiFi you frequent and which countries you go to for your business trips. The stalking potential here is enormous.
Therefore (just like multicast) you only send your stream once, and every client receives n streams.
I sure wish my (small, rural) ISP finally did. They're still "evaluating" it.
The problem is that there's no money to be made here, so no software is built to take advantage of end-to-end connectivity. Even if you could get IPv6 right now (and you can with tunneling/VPN), what are you going to do with it? Big tech is quite happy with the loss of end-to-end connectivity since it enforces the need for a middleman, and they have no reason to make it easier for you to regain your independence.
The ISP is still "evaluating" IPv6 because there's just no real end-user demand because besides ideology or specific requirements of a technical minority there just isn't any reason for the average user to need it. If tomorrow every OS came with a built-in SIP client that actually worked and there was an actual successful deployment of consumer-grade SIP, demand for IPv6 would skyrocket and the ISP would get their act together or start losing customers over it. But there will never be a built-in SIP client because Big Tech would rather have you use FaceTime or MS Teams or Skype than some open protocol that doesn't require a middleman nor isn't vulnerable to advertising nor tracking.
https://github.com/miroslavpejic85/mirotalk
It's even faster for 1 on 1 conversations, but as others said, if there are too much participants it will be slower.
The demise of end-to-end connectivity brought on by NAT was a boon to capitalists who can now be middlemen and charge rent for it (either in the form of money or "engagement" aka advertising/spam, tracking, etc). They aren't particularly interested in going back to the old standard even if we now have the technology to do so.
Software that can take advantage of end-to-end connectivity is nowadays very rare, so even if tomorrow we magically had full IPv6 deployment worldwide, not much software would take advantage of it and I'm not sure there would be any commercial pressure to develop it.
Even if your Mac and iPhone had IPv6 and were end-to-end connectable, Apple would rather have you use FaceTime with an Apple account rather than just type in the IP address/DNS of the other side and call them directly. Same with all the other tech companies.
Imo the problem here is a failure of law enforcement on the internet. IP addresses + timestamps can be tracked to a subscriber, but apparently it's so ineffective that, rather than allowing pseudonymity (only knowing your IP address) for all countries that fight digital crime (I imagine child abuse is similarly fought in most places), we instead opt to let the likes of Google and Facebook use tracking and magic algorithms to determine who's allowed to have an account, nay, identity on the internet.
Perhaps we need something that is pseudonymous but tied to an individual rather than a subscriber line, to be depseudononymised only by court order, similar to IP address now except you can actually find who did something (or was complicit at minimum, similar to money mules). We can also make it be different for every recipient, similar to how you can create any number of blockchain addresses without revealing the tie between them. It sounds super dystopian to have an internet passport (private key) explicitly tied to a government identity, but at this point it may improve anonymity rather than detract from it. We could get rid of CAPTCHAs (which are mostly ineffective at this point anyway), Cloudflare MITMing, IP address banning, phone number verification, "log in with Facebook", spam filters (because we'd just block spammers), etc. in favor of being able to prosecute and/or block bad actors.
> That said, it is completely understandable that some users may feel uncomfortable using an account to access the service. For such cases we strongly recommend hosting your own deployment of Jitsi Meet. We spend a lot of effort to keep that a very simple process and this has always been the mode of use that gives people the highest degree of privacy.
Of course, self-hosting is still a bunch of work. Which doesn't mean anger is justified, but disappointment (which seems to be the dominant emotion at the time of writing) is understandable.
I don't get these "why can't you just..." comments. It's like you complain about food in the restaurant, and someone saying: "well, you can cook your own lunch at home differently".
I'd rather they simply shut down their instance and replace it with a list of community-maintained ones.
BTW: it's not anger (at least in my case). Mostly just disappointment.
I don't want to sound mean or unappreciative of jitsi developers' efforts, just highlighting that this kind of resource needs might put it out of reach of many potential users.
e.g. people which investigate forced porn stumbling over a forced porn site which uses your service
Basically, you don't want your grandma finding the drug list or hacking tools unless she's specifically trying to find it. But it's going to exist, so let it exist (or rather, try if you wish but it's futile). Similar to tor hidden services and i2p eepsites.
If you have serious issues, I suppose it's always possible to block the exit nodes from the specific HTTP endpoint where the trouble is caused, or require authentication at that point, even if I would advise to be very sparing with such measures.
For the law enforcement route, a judge could be convinced to order tracking the exit node's incoming connections for purpose of tracking the child abuser down, then the relay node, then the guard, and yes these change frequently but rinse and repeat and you'll get it eventually (speak of dystopian...). The barrier I see is that some jurisdictions will find it disproportionate to track all incoming connections and relays and guards (this will fan out) for only one abuse case. You'll really have to get every involved country on board in whatever you're pursuing, so it ought to be really bad and otherwise you can suck it up. So you make a good point that you can't simply enforce anything even if that's broadly illegal under the current system.
VPNs are much easier because they're a single entity and so there's no huge fan-out (don't need to wiretap/subpoena tens–hundreds of entities, just have to ask 1 entity for data on 1 subscriber, or compel them to produce it henceforth if they don't have it). If they didn't do logging in the past, indeed you'll need to wait for a repeat offense, so again I suppose you're right that an IP+ts isn't enough. Does this speak in favor of the private key government-backed identity? I'd honestly really rather it didn't
Gotta wonder if Mbone was also used for the really ugly stuff which is in fact very illegal.
But I guess they are trying to defer some sort of account creation human verification/rate limiting to those companies.
Your comment is phrased like those things are not a big deal?
> There's kind of a limit to how much you can do illegally on a video feed. Nevermind that whatever you would be doing would be recorded and streamed to whoever popped into the anonymous room.
Criminals probably are aware that some of their customers would be cops after somebody got arrested for doing it over Zoom and they probably learned to do it without revealing identifiable details.
And how would viewers pop in into a random room? There's no directory. They have a link that they paid for. And no, they wouldn't share this link with random people online.
As if 8x8's hosted Jitsi service could not just report such crimes to the authorities with full IP logs? The signalling all still had to route through 8x8 servers and the URLs were not gated. Anyone with a link could pop in.
I don't think Jitsi guys want to suffer this stress/bad pr if they want to just build their product and provide a free public instance as a bonus
... are... are you joking?!
I tried to like Jami, but it never worked right when I tried it. I didn't find a decent Android Tox client with video call, but it should work alright for text.
+ is committed to free software + respects the users + none of the poisonous big tech giant companies involved + is cross-platform + does text, calls, videocalls, file-transfers + can be set-up "normally" by non-technical friends and family + is ideally all the other good things: lightweight, smooth, decentralised, p2p, private, secure
I certainly couldn't find it. I've tried tox, jami, xmpp, irc, matrix, etc. There are things that can be set-up with some effort and messing with servers and verifying devices and so on, but not things you can talk your mother through during a phone call without a great threshold for annoyance (sorry Ma).
Signal maybe comes closest, and is what I use, but they have a few (big) issues too.
Any tip-offs greatly appreciated.
It was a decent piece of tech, though!
And I'm thrilled that you can afford $100-$600 a month of server costs to run jisti, but I'm willing to bet that you are not a majority.
That's fair
> And I'm thrilled that you can afford $100-$600 a month of server costs to run jisti, but I'm willing to bet that you are not a majority.
Stop hosting everything on Amazon, it's a total rip-off for raw compute.
64GiB of ram shouldn't be costing you more than $50/m (for some kind of colo like Hetzner)
2GiB of ram should probably be closer to $10 for a single VM instance with someone like Tilaa or Vultr (after tax)
Meaning one you start hitting 8GiB of total consumption for all your services it's cheaper to make the leap to 64GiB of ram and go with a colo.
I guess it can make sense if you're a business. But then the question is always "why don't we just use Teams"
2gb idle is disqualifyingly high ram usage.
I'm used to running things like confluence and jira that consume as much as 140GiBs for a production.
Mattermost also uses something in the realm of 10G for anything you would consider a reasonable number of people.
This is like arguing household budgets when discussing business expenses.
Clearing $1k on the company is fine, but would be unpaletable at home.
If you can't stomach the cost then that's fine, but it is an appropriate trade-off to put the bulk of the memory burden on the server.
For reference, the last conferencing solution I ran was about 512mb at 10 users unless TURN relay was happening.
JIRA is one of the worst performing and slowest applications in the world. "Waiting for JIRA" was literally a running joke at my last job.
That some software is especially subpar is not an excuse for other software to perform a bit poorly.
The trick as a business owner is:
* Will I be able to use this service until they rug pull?
* Will they exist for the life of my project?
* How painful will they make switching.
Paying $50/m for complete ownership of your video platform is not only comically low it's almost absurd. I pay more than that for SaaS tools like Fellow or Bonus.ly; that's before you start talking about Asana or Figma or the myriad of other tools.
That something is cheap is not an excuse, jitsi is very easy to use and easy to host. Though I will recommend going with 8x8 simply because it helps fund development and people are terrified of actually owning anything these days (because they said they didn't like sysadmins and now ops skills are worth spending 11x more for a service to not have in your company, which is another topic entirely).
I'd buy this much more if there was something to compare with (with admittedly much less features or QoL; like MediaWiki vs Confluence or RT vs Jira).
Edit: Also, development is happening on github: https://github.com/TokTok/c-toxcore