Jitsi Meet abandons anonimity promise

yakcyll 2 years ago |

This was talked about before here: https://news.ycombinator.com/item?id=37316959

I assume this move, in essence, is meant to combat spam?

ComputerGuru 2 years ago | |

what went unsaid but very heavily implied in the Jitsi announcement was that it was (allegedly) CSAM and not mere spam.

Aspie 2 years ago | | |

I have proof of it being because of CSAM in as of late 8x8 rooms. Would you like me to post the links to the currently active rooms?

xulres 2 years ago | | |

Stop with the allegedly it was a anonymous service that was reachable from onion. There is no question at all that there was CSAM shared over it. I don't care about the rest but all this "allegedly" shit in regards of CSAM gets on my nerves. I actually thought people here either work in bigger corps or have experience in running services themselves and would know about the real size of the CSAM problem. But I guess not, ignorance is bliss.

Also it's only their hosted for profit service. Use the fsf instance if you feel violated by a user account. https://jitsi.member.fsf.org/

ComputerGuru 2 years ago | | |

I personally think it was likely/almost certainly the case. That doesn’t change the fact that without sufficient actual evidence it remains “allegedly.”

zozbot234 2 years ago | | |

Well, the announcement talks about clear-cut ToS violations. Maybe it was about illegally streamed soccer matches - that's a bit of a plague as of late.

Vinnl 2 years ago | | |

I mean, it could also be beheadings, revenge porn, doxxing, etc. Lots of clear-cut violations that are more serious than illegally streamed soccer matches.

But the true answer is probably "all of the above".

pengaru 2 years ago | | |

Not all porn is CSAM... Are we just assuming it's CSAM because non-CSAM would be on OnlyFans? Is there not an appeal for the anonymity and zero-cost Jitsi offered vs. OF-like services, for consenting adults?

I've never used OF but assumed they take a cut. Through Jitsi a performer could arrange for payment via crypto, protect their identity, and not pay a cut to any middle-men beyond the crypto fees. What am I missing?

lnxg33k1 2 years ago | | |

Piracy is still the best way/our best chance to get rid of soccer and all the nothingness that it involves in terms of drama, gossip, etc

yieldcrv 2 years ago | | |

“allegedly” aside, is this the only way to tackle the CSAM problem? I get a whif of a false dilemma here but I’m not sure if I have a blindspot

is requiring Oauth from Facebook, Google or Github for hosts something meaningful, necessary or the obligation of Jitsi Meet to do at all

salawat 2 years ago | | |

No, it isn't. Jitsi is free to offer a signup and run an LDAP directory of their own. They do not need to federate with FAANG.

If they still wish to do any sort of reporting or eavesdropping on content, something they claim to be specifically impossible, yet somehow they've unearthed, that is their perogative I suppose.

Personally, I think <insert law enforcement authority> of some sort has made rumblings or threats about them daring to run an uneavesdroppable open comms service, so once again, nice things cannot be had, and everyone is happy to torch the ability to low-frictionly connect between arbitrary people because of the CSAM boogeyman, which no evidence has been brought forth to assert the existence of. In fact, there's been no evidence brought forth that there is any sort of worthwhile reason other than "Jitsi wants in on monetizing user's contact meta info".

xulres 2 years ago | | |

In every thread someone comes with "but is this the only way to tackle the problem?" Noone ever even makes a suggestion so I guess yes it's the only way.

yieldcrv 2 years ago | | |

that’s mentally negligent.

the only people that have to identify problems and solutions are founders that are grifting for capital or customers. and that’s sad.

the rest of rational actors can see a false dilemmas from afar without knowing what the third and fourth and fifth possibilities are.

in this case its pretty obvious that “privacy for hosts, or not via FAANG Oauth and an unaccountable change in the terms of service to further distance from privacy” is a false dilemma while also not preventing anonymous CSAM rooms on their service.

remirk 2 years ago |

I personally have no issue with having to log-in to use the hosted Jitsi and have it store that I created a room. That's a small price to pay for the longevity of the service.

If logging in is an issue, you're still able to selfhost Jitsi just fine.

Edit: this article feels like blogspam to me. https://jitsi.org/blog/authentication-on-meet-jit-si/ is the source the article refers to.

throw_pm23 2 years ago | |

What about having to log in with a Google/Facebook/MS account as opposed to a Jitsi account?

zaggynl 2 years ago |

ON THE PUBLIC JITSI-MEET DEMO SERVER https://meet.jit.si/!

Selfhost jitsi-meet!

It isn't rocket science: https://jitsi.github.io/handbook/docs/devops-guide/devops-gu...

sebmaynard 2 years ago | |

Even easier with docker/docker-compose

https://jitsi.github.io/handbook/docs/devops-guide/devops-gu...

Kim_Bruning 2 years ago |

Making a separate account on Jitsi would have been fine, but they only allow use of existing centralized account systems from github (microsoft), facebook, or google.

That's Not Good(tm).

Good thing Self-hosting still works I guess. Will have to set it up.

redserk 2 years ago | |

Managing a public authentication service requires ongoing maintenance and monitoring costs. While they could pay a third party to manage it for them, this is a reasonable decision for them to keep costs low.

It doesn’t sound like Jitsi is sending Facebook and Microsoft transcriptions of your meetings so I don’t see why this is a big concern for a free service.

layer8 2 years ago | | |

It requires you to have a Microsoft/Facebook/Google account in the first place.

LightHugger 2 years ago | | |

Google/microsoft authentication is a platform risk and is basically saying those third parties own all your users. It can and does backfire all the time.

itake 2 years ago | |

Self hosting isn’t exactly anonymous either.

rebeccaskinner 2 years ago | | |

Anonymity is in the eyes of the beholder. In this case, self-hosting might make your interactions "anonymous" in the eyes of Google, Microsoft, or Meta, even if it doesn't make you anonymous to whatever platform you use to host the software.

reflexe 2 years ago |

Maybe it is just my mood, but this blog's full screen newsletter subscription banner on mobile is much more infuriating than whatever Jitsi did (screenshot: https://imgur.com/a/fSEyZ8x)

philipwhiuk 2 years ago |

"Other Site Abandons Anonymity" says website which puts large "Sign Up" prompts on first-use and below every article.

Slightly hypocritical reclaimthenet

m-p-3 2 years ago |

That's what happen when awful people abuse nice things.

Those bad actors and privacy-conscious people (both entirely distinct group, just in case it looks like I'm putting those two in the same category..) can still self-host their own Jitsi Meet server if they want to.

Terretta 2 years ago |

Most such tools can no longer afford their stance once adoption passes a threshold.

Why that might be is often revealed on techdirt:

- https://www.techdirt.com/edition/freespeech/

For other reasons, see also:

- https://mattfrisbie.substack.com/p/the-ugly-business-of-mone...

- https://github.com/extesy/hoverzoom/discussions/670

prmoustache 2 years ago |

people keep mixing the service and the software it seems.

moomin 2 years ago |

Could a mod fix the spelling, please?

snowstormsun 2 years ago |

Isn't webrtc leaking the IPs of call participants anyways, regardless of which service?

Sean-Der 2 years ago | |

If you are going through Jitsi (a SFU) all your media goes through them.

If you are doing P2P then you will be able to get the remote's IP address.