this post was submitted on 26 Aug 2023
464 points (100.0% liked)

Technology

37800 readers
186 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

While Jitsi is open-source, most people use the platform they provide, meet.jit.si, for immediate conference calls. They have now introduced a "Know Your Customer" policy and require at least one of the attendees to log in with a Facebook, Github (Microsoft), or Google account.

One option to avoid this is to self-host, but then you'll be identifiable via your domain and have to maintain a server.

As a true alternative to Jitsi, there's jami.net. It is a decentralized conference app, free open-source, and account creation is optional. It's available for all major platforms (Mac, Windows, Linux, iOS, Android), including on F-Droid.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 118 points 1 year ago (9 children)

Those are all SaaS providers with meeting software available. If someone was using Jitsi, it was specifically to not use a login with any of those providers. They're actively deciding not to continue operation with this. Its like when OnlyFans declares they wouldn't allow adult content going forward

[–] adamnejm 22 points 1 year ago (2 children)

Its like when OnlyFans declares they wouldn't allow adult content

So... Tumblr?

[–] [email protected] 27 points 1 year ago (1 children)
[–] [email protected] 22 points 1 year ago

I laughed pretty hard at OnlyFans trying to remove the only thing that I was aware they hosted.

[–] [email protected] 13 points 1 year ago

Yeah but at least Tumblr had a majority of non porn content. Jitsi is almost entirely privacy wonks, and only fans is almost entirely porn

[–] [email protected] 10 points 1 year ago

I imagine that, at least, the videos wouldn't go through those SAAS providers, and that's relatively a plus still.

load more comments (7 replies)
[–] [email protected] 83 points 1 year ago (5 children)

Why is everyone up in arms about this? The abuse of their free service was rampant. This isn't a core project change, this is just a measure to keep a version of the project up for free without completely taking it down. They don't even have a way to monetize this. An alternative was to simply shut it down and only allow you to self host it.

I self host my Jitsi instance, but as a privacy nut, I don't see a problem with this. Absolute privacy cannot always coexist with free anonymous services. Don't blame Jitsi, blame the people who ruined it for everyone else.

load more comments (5 replies)
[–] [email protected] 80 points 1 year ago

This is its downfall

[–] [email protected] 51 points 1 year ago (2 children)

Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.

Cannot be less clear.

Anyway I don't understand why you'd need an account. I've always created rooms and share the link to people to invite. You can setup a password if you want privacy. Any reason to login?

[–] [email protected] 56 points 1 year ago (2 children)

They are probably talking about using it to share CSAM or other illegal content. They need one person to login to be not anonymous so they can give it to the authorities if necessary.

[–] [email protected] 28 points 1 year ago (4 children)

Yepp I agree, that kind of cryptic speak and this kind of drastic action taken by a FOSS project likely eludes to something of this nature IMO.

If they want to continue to appeal to businesses they're almost certainly not going to release a statement saying people were sharing illegal material on our platform especially when they're not a big well-known company like Facebook, Google and Microsoft, where normal people tend to disappointingly dismiss bad findings with a "benefit of the doubt" stance.

I assume their hosted version doesn't have this limitation? In that sense, this news really is a non-issue I think, considering everyone usually has one of those three accounts. Someone looking for privacy should probably host their own IMO

load more comments (4 replies)
[–] [email protected] 8 points 1 year ago (5 children)

But why a Google/FB/MS account? Why isn't an email account from an established provider enough, why centralise to three megacorps?

load more comments (5 replies)
load more comments (1 replies)
[–] [email protected] 46 points 1 year ago (1 children)

@esaru

"One option to avoid this is to self-host, but then you’ll be identifiable via your domain and have to maintain a server."

Makes it a non issue.

It's free as in freedom not as in free beer and that's that.

Jitsi doesn't have to offer free service and they particularly don't have to provide anonymity.

The same is true for the fediverse, since the admins have info that could help identify users. That has it's uses too.

[–] [email protected] 17 points 1 year ago* (last edited 1 year ago) (2 children)

Jitsi remains free. As you can see, this isn't about money but rather about privacy, which has diminished compared to before.

The issue with centralized systems becomes more apparent: the provders are held accountable for their users' actions.

[–] [email protected] 9 points 1 year ago

@esaru @bmaxv @technology concur that this reduces privacy for users of Jitsi’s hosted service. It also has some concrete benefits for Jitsi - they get to outsource account validation and security. Perhaps they were struggling to contain abuse.

load more comments (1 replies)
[–] [email protected] 42 points 1 year ago* (last edited 1 year ago)

Relax. Just use a different server. May not be exactly accurate either. How in the world do you have any idea who uses what server. I have never used this server.

One way is join the FSF and use their server. There are others or host your own too. The load and cost needs to be spread anyway.

[–] [email protected] 37 points 1 year ago
[–] [email protected] 33 points 1 year ago (5 children)

It's hypocritical to call your service "privacy friendly" and then require the use of a Google/Facebook/GitHub account to log in. I kinda understand the reason why they do this, but they could have at least allowed you to use a more private email provider.

[–] [email protected] 24 points 1 year ago (2 children)

Calling them hypocritical is hysterical when they offer all the source code for free and you can host your own instance that doesn't need an account.

[–] [email protected] 11 points 1 year ago (1 children)

The software is free open source. But this case is not about the software. It's about the web instance that the majority of the people was using. And that instance now lost its privacy feature and shouldn't call itself privacy friendly anymore.

load more comments (1 replies)
[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)

I agree with you and it's an important distinction. But for me it's also about the ethos of the developers or company. Promoting free and open source tools is great, but requiring the opposite as a prerequisite to use the largest publicly facing implementation of that is a very odd decision.

[–] [email protected] 9 points 1 year ago (1 children)

Is there another OAuth identity provider they should use? I agree that it's ludicrous that advertising companies are the primary identity providers we use, but I have no issue with GitHub / Microsoft as an identity provider.

At the end of the day they could create their own account system and take on the liability of storing passwords, but why? That's not what their software is about and as instance admins it will take away their time and focus.

At the end of the day I think what you're chafing against is not their fault but a fundamental problem with open source software at the moment, we have no system of decentralized identity verification, and identity verification is basically a necessary part of ensuring your system isn't abused.

load more comments (1 replies)
load more comments (4 replies)
[–] [email protected] 32 points 1 year ago (2 children)

Good thing that you can still self host it, post your favorite jitsi instances below for everyone to use.

I'll start with this one: https://calls.disroot.org/

load more comments (2 replies)
[–] [email protected] 31 points 1 year ago* (last edited 1 year ago) (1 children)

I guess I don't need their app anymore on my phone, then. More free space to me.

Though using an other instance as mentioned by other comments is also an option, I think the mobile app supports that too, even if it's a bit complicated

Edit: after reading the article, this might really not be their fault. At the end they also encourage the reader to host it themselves. They are not very transparent with what's the actual problem, though..

[–] [email protected] 10 points 1 year ago (2 children)

Yes, the mobile app supports third-party servers, though I wouldn't call it complicated.

If you want to join a room, all you do is type/paste the full URL to it instead of just the name. "Open in App" functionality will also work regardless of the server.

If you want to host one on a third-party server, you just go into the options and replace the "https://meet.jit.si" address with one of the third-party server. Then when you create a room, it will use that server.

load more comments (2 replies)
[–] [email protected] 30 points 1 year ago (2 children)

This is indeed sad news. I made my friends (who don't care about free software) switch from google meet to jitsi for video calls just the other month.

The only thing that got them sold on jitsi was that it required no login.

[–] [email protected] 14 points 1 year ago (2 children)

@gunpachi
There's jitsi the software and jitsi the page. This affects only jitsi the page. There are many more pages where jitsi the software is reachable at.
@esaru

load more comments (2 replies)
load more comments (1 replies)
[–] [email protected] 29 points 1 year ago* (last edited 1 year ago) (1 children)

That said, it is completely understandable that some users may feel uncomfortable using an account to access the service. For such cases we strongly recommend hosting your own deployment of Jitsi Meet. We spend a lot of effort to keep that a very simple process and this has always been the mode of use that gives people the highest degree of privacy.

Seems like you can avoid it by self-hosting. Still a very suspicious move, kinda defeats the whole point of an alternative to big tech conference services.

Google, GitHub and Facebook for starters but may modify the list later on

Maybe they could support some auth provider from some fediverse app? That would be kinda neat.

[–] [email protected] 33 points 1 year ago* (last edited 1 year ago)

Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.

Over the past several months we tried multiple strategies in order to end the violations of our terms of service. However in the end, we determined that requiring authentication was a necessary step to continue operating meet.jit.si.

This sounds to me like a pattern of people using it for actual serious crimes (with the obvious guess being video sharing of sex crimes/trafficking/kids). I understand that that justification is used for a lot of extremely invasive privacy violations, and stuff like scanning every file in the name of that is too far, IMO, but if you're the only platform with resources to handle that traffic that allows anonymity, it's very likely to grow at a significantly larger rate than the rest of your traffic.

You can't (shouldn't) scan every file every individual sends to every other individual in order to prevent it, but once you have a platform that's capable of supporting community-type activity, it's a very real issue that you can face.

"You can host yourself with your own choices on vetting participation because here are the tools to do it" isn't really a bad line to draw. But you can't have your servers be a central point for that.

[–] [email protected] 26 points 1 year ago (1 children)

Wasn't easier to just shutdown the server?

I use jitsi just because doesn't have Facebook/Google/Microsoft login

[–] [email protected] 8 points 1 year ago

Wonder why email as an identifier wasn’t sufficient…

[–] [email protected] 24 points 1 year ago* (last edited 1 year ago) (1 children)

ITT: People not understanding the difference between a free publicly hosted instance and the OSS tool itself.

[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

This is about the free publicly hosted instance, used by the majority of the Jitsi users, who used it because they didn't have to login with a Google/Facebook/Github account. Which they now have to.

[–] [email protected] 23 points 1 year ago* (last edited 1 year ago) (6 children)

Lol, it was my GOTO specifically because it doesn't require a login and I can send it to my parents who need minimal clicks to enter the room. I even have family that doesn't have a github, facebook, nor google account, so they won't be able to join.

Amazing move Jitsi.

Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.

What kind of "illegal things" were they doing? Say it, so that we can comprehend. Make it make sense.

[–] [email protected] 20 points 1 year ago

Safe to assume it was child porn, because that ends up being an issue on any service that lets people share images or video privately. By not stating it directly, they don't prompt news organizations to quote the company in click bait articles about how their platform enables child porn as if that wasn't a universal issue that all services have to actively discourage.

[–] [email protected] 18 points 1 year ago (4 children)

Tbf I'd not get angry if it was jihadist recruitment, child porn, human trafficking, etc. etc.

load more comments (4 replies)
load more comments (4 replies)
[–] [email protected] 20 points 1 year ago

Criminals ruin everything.

[–] [email protected] 20 points 1 year ago

I really hope this doesn't become a trend, but every time I see a few buttons for signup with email coming last I have to wonder.

[–] [email protected] 11 points 1 year ago (1 children)

Oh hell no. Why they dont make it optional?

[–] [email protected] 23 points 1 year ago (3 children)

People were doing illegal stuffs on it

[–] [email protected] 13 points 1 year ago (6 children)

Possibly stupid question: if they found out that people were doing illegal stuff on it, doesn't that mean that they were monitoring people's conferences? I thought that the FOSS community was big on privacy.

[–] [email protected] 36 points 1 year ago

I imagine they're receiving reports from other parties, such as law enforcement, that there are inappropriate things happening, rather than monitoring the streams themselves.

[–] [email protected] 16 points 1 year ago* (last edited 1 year ago)

No, because we don't know how they got the information. Someone might as well just have reported it, or it was forwarded from law enforcement.

load more comments (4 replies)
load more comments (2 replies)
[–] [email protected] 11 points 1 year ago
[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

Here are some interesting lists of alternative instances:

https://jitsi.github.io/handbook/docs/community/community-instances/
https://ladatano.partidopirata.com.ar/jitsimeter/
https://timo-osterkamp.eu/random-redirect.html

By the way, by default jitsi is not end-to-end encrypted if you have more than two people in the call or need to use the videobrige for other reasons. https://jitsi.org/e2ee-in-jitsi/

Update: The e2ee implementation seems to have some issues as well: https://eprint.iacr.org/2023/1118

Firefox <116 is currently not able to use the e2e-encryption, blink based browser already support it. Firefox 117 will provide the necessary infrastructure as well. I don't know if jitsi would have ot be patched to detect the firefox implementation. https://bugzilla.mozilla.org/show_bug.cgi?id=1631263#c58

load more comments (1 replies)
load more comments
view more: next ›