Not running in the browser is a major downside. I've used Jitsi this past week with technologically illiterate family members, and being able to just have them enter a URL while talking on the phone is really great.
Also, being able to just use any OS with a modern browser you please.
Personally I don’t want to have my web browser run applications, I’d rather have native MacOS or Linux apps, but I do see how having at least a version of it available in a browse is handy for potability.
webtorrent builds on webrtc, which requires stun and ice servers. so you still send metadata to defined servers for connection handeling and most sadly you can't p2p in an offline LAN.
> so you still send metadata to defined servers for connection handeling
This is also true for typical p2p protocols though, isn't it? Normal torrent clients for example have hardcoded servers to start their dht search from.
Not necessarily. It does follow that if you submit to a tracker, but there's the DHT option which is advertised locally [0]. The way it seems to do it is the magnet uri includes the contents of a few IPs that might have, at minimum, a more up-to-date DHT with more IPs. At best it also includes some chunks of whatever you're trying to download.
Also, I already have an GNU Ring account saved in my password manager but can't seem to login (or even find a place to). However, if I try to create a new account using my old username it (correctly) states it is taken.
I'm having the same issue. Previously created an account, and I'm completely puzzled how to now log in to it! Seem to have options to create a new account or import a backup..
Interesting, I haven't tried Jami. If I am understanding it correctly it seems to provide calling features, which Zoom and other typical video conferencing type applications don't.
I'll also through Jitsi out there as a very capable FLOSS alternative to Zoom. If you tried it a few years ago it's changed dramatically in the last while. It's now WebRTC based and runs in browser without any download. It's not quite end to end encryption because the stream needs to be decoded on the server before being re-encoded for the other clients, but since you can easily self host it on a cheap VM I find this acceptable.
Jitsi does not re-encode video streams on the server, it's a SFU (selective forwarding unit) and just forwards (some) video streams to the other participators.
When Simulcast is enabled, multiple resolutions of your video are streamed to the Jitsi server and it only sends those streams to clients which they asked for (participants can choose the quality of video they receive, in the UI)
Can’t WebRTC support peer-to-peer video calls without running the stream through a server? I have vague recollection that it can but am not particularly familiar with the protocol.
To answer my own question: Yes, WebRTC supports peer-to-peer video calls but does require a “signaling server” to help establish and close the peer-to-peer connection. [1]
The signaling server is only useful for the connection initialization though, and it never has access to the video stream, only to metadata (like your IP address, the supported encodings of each party, etc.). And it doesn't even really need to access them: it just needs to forward them from one peer to another, so it could be end to end encrypted.
It also needs one or several STUN servers as part of the hole punching scheme, but this one doesn't even exchange anything with anyone, so there aren't many issues here (and you don't need to roll your own: you can use Google's one)
TURN doesn't have anything to do with number of participants; it's there for when NAT hole-punching completely fails and you need a relay. TURN is application-protocol agnostic and just forwards packets; it does not need to decrypt whatever it's relaying. Now, one could run a malicious TURN server that MitMs connections, but I'm not sure how obvious that would be to the end-parties.
For more than two users, you mainly have three options:
* MCU (Multipoint Control Unit), which IIRC does need to decrypt your video, as it will post-process it and possibly re-encode it to send a single stream to the other participants.
* SFU (Selective Forwarding Unit), which in theory doesn't need to decrypt your video, but does need some metadata about it in order to make smart decisions as to what streams to forward to whom (for example, forwarding only the stream of the person who is talking). In practice, I believe some (many?) SFUs will do decryption, thought it's not a strict requirement.
* Dumb peer-to-peer-to-peer-to-... multi-forwarding. You can of course theoretically stream your video to each other participant, and they can all do the same, but that quickly fails to scale. It might be ok for three, maybe four participants, but even then there will likely be problems.
I've used this while trying to find open source video conferencing solutions and chat applications in the past. It spends significant amounts of time not finding my friends before timing out.
As an aside, I don't believe in the virtues of P2P anymore. It's clear to me that centralised systems scale further and faster, and what we need are benign organisations to run them. Legal forms like cooperatives and community benefit societies (nonprofits in the US I guess) are the way forward. I'd choose a community instance of Jitsi as being the best approximation of this for now.
I share your interest in cooperatives, but not all cooperatives are equal. If we expect cooperatives to provide public interest services that might otherwise be P2P or nonprofit, I think we need a special kind of cooperative.
I belong to cooperatives that are politically partisan, that engage in sharp practice, and that aren't as democratic as I'd like. I'd prefer cooperatives to concentrate on treating stakeholders fairly, representing members equally and effectively, and prudent stewardship of their assets.
Cooperatives might lose their focus on their main purposes and discourage some non-progressives from becoming members/customers by pursuing too wide a range of progressive causes.
Everything has a cost. On the long term, who will pay and maintain the Jitsi server ? How will random people find a trustworthy server ? Jami doesn't need a server.
The code you were looking for is in the OpenDHT project, which simply calls GnuTLS's gnutls_pubkey_encrypt_data(), which is PKCS1v15. OpenDHT doesn't do anything special with errors from decryption. You'd have to actually set up a test environment to say it was vulnerable with any confidence, though.
Maybe it got better, but for the past 6 months a friend and I tried to get this app to work with little success. The messages just DONT FREAKING SEND in a timely manner even when in the same room.
Right now we use Briar and are pretty happy with it. There's also signal as a better option.
I haven't tried it myself, but I saw https://wire.com/ linked as an open-source E2E-encrypted alternative during a few of the Zoom articles that have been posted these past few days. I'd love to see if anyone here has any experience self-hosting it, and whether it matches up performance/usability-wise.
I just installed on a Debian 10 machine, then on my old Android 6.0.1 junk tablet. No problems on the PC, while the Android one always crashes when attempting to pair with the PC by pointing the camera at the QR code, and adding manually the exported account on the network hangs indefinitely on the "adding account" window.
Not a big issue since I don't carry the tablet around, just to let the developers know if they read here.
“Jami is inspired by a Swahili word that means “community”. The name was chosen as it reflects the vision: to be a service open to all, to be community supported, and to respect the privacy of users.” - https://jami.net/help/
> The letter “K” had been a favorite of Eastman’s, he is quoted as saying, “it seems a strong, incisive sort of letter.” He and his mother devised the name Kodak with an anagram set. He said that there were three principal concepts he used in creating the name: it should be short, one cannot mispronounce it, and it could not resemble anything or be associated with anything but Kodak
The shorter your name is, the easier it is to find unintended connotations or outright obscene meanings in different languages – and now because your product is global, you just can't localize its name for foreign markets like Mitsubishi had to do with Pajero in Spain.
Ok stop with the E2EE encrypted. Literally if you're running your own hardware, you don't "Need" E2E. You need to understand your attack surface, your vulnerabilities, and your goals. E2EE is not the optimal use case for everyone and everything.
I could use clarification on this. Lets start with the assumption that I have my own machine/router/cable modem....and I want to talk with my girlfriend, who also uses one of my machines/routers/cable modems that I spec'd, procured, set up, and administrate for her.
Would I be wrong to be concerned about the potential for contractors to review private video that was captured/re transmitted by the central servers, e.g. for machine learning training purposes or other "internal" service quality checks? And potentially capturing some of that video if they find it interesting and potentially sharing it anonymously on viral social media? It seems that would be a rare occurrence, but possible.
Would end-to-end encryption be an appropriate way to eliminate that risk?
Jami’s major advantages are that it’s end-to-end encrypted and completely peer-to-peer, requiring no server in-between.
The major disadvantage is that it doesn’t support calls from the browser.
See also: https://jami.net