I was getting login pages last week when attempting to start meetings.
Ironically, this led me to self-hosting Jitsi with the Jitsi Helm chart and putting it behind oauth2-proxy so my friends and I can use it. Deploying Jitsi with the Helm chart is remarkably simple and does not consume that much memory.
If anyone is interested in self-hosting: 2 GB is my RAM usage on idle when running videobridge, web-ui, prosody, and oauth2-proxy atop k3s in its default configuration. You do have to open a stupidly large range of ports to UDP traffic for videobridge, though. With that said, it's been a reliable solution and does not need me or my friends to create $BIGTECH account.
speaking from experience, forking out $50/Mo for a colo to self-host a communication platform really starts to get old when everyone's first question is "why don't we just use Discord"
I guess it can make sense if you're a business. But then the question is always "why don't we just use Teams"
It will always be cheaper to buy $1 if it's being sold for $0.30;
The trick as a business owner is:
* Will I be able to use this service until they rug pull?
* Will they exist for the life of my project?
* How painful will they make switching.
Paying $50/m for complete ownership of your video platform is not only comically low it's almost absurd. I pay more than that for SaaS tools like Fellow or Bonus.ly; that's before you start talking about Asana or Figma or the myriad of other tools.
That something is cheap is not an excuse, jitsi is very easy to use and easy to host. Though I will recommend going with 8x8 simply because it helps fund development and people are terrified of actually owning anything these days (because they said they didn't like sysadmins and now ops skills are worth spending 11x more for a service to not have in your company, which is another topic entirely).
You are off by a factor of 10 on your lower bound. A server capable of running Jitsi can be had for around 10$/month: https://www.kimsufi.com/en-gb/vps/.
I mean, I get the reference, but this amount of upscaling has a measurable cost in the real world, in this day and age (a small simulation from EC2's price calculator brings it from $40 to $80 a month if you go e.g. from t2.medium to t2.large).
I don't want to sound mean or unappreciative of jitsi developers' efforts, just highlighting that this kind of resource needs might put it out of reach of many potential users.
I should have clarified what I meant with the 2GB figure. I am counting the memory consumption of everything: running Linux (specifically Fedora Server 38), running k3s (which means CoreDNS, Klipper, Traefik, ...), running the oauth2-proxy, then running the whole suite of Jitsi (sans Jibri, since I do not need the functionality it provides). I simply ran "free -h" in my server and saw 2GB of memory usage.
The "actual" amount of memory that goes into running jvb and jicofo seems to be roughly 600 MB, which is still a lot to some, I guess. But I was able to run a meeting with three people and share my screen with peak memory usage at 2.2 GB -- again, for the whole system.
k3s-server makes up nearly half of the 2 GB idle figure, sitting at about 700 MB of usage (according to the top(1) command I ran for this post).
If 2 GB idle memory usage is too much, then I would say ditch k3s entirely and handle everything with docker-compose, using Nginx as your reverse proxy. That should at least bring the figure down to about 800 MB (jvb, jicofo, prosody, containerd, oauth2-proxy, nginx).
Our own private, self-hosted Forgejo instance that we use often enough that using it as an identity provider is not a big hassle :)
If you have no cookies or expired ones, oauth2-proxy will take you a page with a simple "Log in with OpenID Connect" button, which then takes you to the login page of the Forgejo instance. If you're not logged in, then you provide your credentials. Otherwise, you get redirected back to Jitsi with cookies that are good for a week.
Glad to hear it’s gotten easier to run, back in peak covid times it was absolute nightmare fuel to self-host when it came time to update it. Even self hosting email is easier than Jitsi was at that time
> Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.
That’s only slightly more clear, since it just says what’s not happening. Does anyone know what is happening? Does it involve potential violations of law, or is it just the TOS?
My guess would be pornography. That seems like the most obvious use of a video calling service, and something that would cause them to run afoul of various legal requirements (e.g. age verification / records keeping).
Sexually explicit "meetings" wouldn't even be a particularly surprising use case, and 18 USC 2257 has a bunch of carve-outs for service providers.
My suspicion is that there was CSAM or similarly abhorrent content being broadcast in meetings. Unfortunately, this is a class of users which would be drawn to a service which promised anonymity and E2E encryption.
Given what they provided you can be sure it involved stuff like CP, human traffican, forced prostitution.
All things you don't want your company to be associated with so you don't name it.
If it would just have been things which are illegal but not that problematic like copyright violations or a bit of (legal, non forced) porn they might have spelled it out.
Zoom... 25 years ago I left an MBONE service running unsupervised and changed roles. 6 months later a colleague sent me the dic pix that were being shared in low-fi B&W slowscan MBONE video.
Reaching back even further, we were told in the very early 1980s by the University of York computer centre that all line printer overstrike images were henceforth banned, after it was noted the operators had printed a reasonably hi-res full length nude, burning at least one ribbon to shreds doing it. I think it was 6 sheets of fanfold in 3x3
This is rough for Jitsi / 8x8. Requiring a login puts them at a level of "why not just use Google Meet?" to me unless you go through hoops to self host.
I'm down to experiment with self hosting, I just feel that most users out there won't be and it'll ding their user count. It might be for the best if it squashes the malpractice they are seeing.
Playing around with it briefly, it looks like the login is only required to create the room. Our project uses Jitsi for a lot of official meetings, primarily because it's open-source. If it required everyone to log in, that would be more of an issue for us; but as long as the people running the meetings don't mind authenticating with Google, I don't think it will be a problem.
Sure, that means those companies could impersonate users to jit.si, but that would be quite something, so I suspect they wouldn't -- at least for now. So you might trust jit.si with your meetings even though you might not trust Google with your meetings even if you trust Google for authenticating you to jit.si.
Only the creator needs to have an account, not all users. If you like jitsi or don't want google, etc, then just start it and nobody else needs an account.
Why exactly do I still need a middleman in 2023 to talk to someone else's computer? Is NAT the only reason?
Also, why exactly did we introduce IPv6 again? Everything today is NAT-within-NAT-within-NAT (much of it using IPv4), and almost nobody has a publicly routable IP address. Was the whole transition just a massive waste of effort?
Peer to peer doesn't really work for group video calls, like more than 5 or so participants. As n goes up, each peer is sending n video/audio streams and receiving n video/audio streams. This will quickly saturate your/your peers network and burden your CPU doing video encoding.
Suffice it to say there are other things you can do besides just a central relaying server, but it's the most common architecture.
My ISP supports ipv6 and i have it configured - however their software on the router/AP is bad and does not allow setting up a firewall for ipv6. This is inherent with ipv4 NAT (with uPnP disabled).
So it forced me to use my own router - still the interface for ipv6 firewall is non-existent, but at least i can write firewall rules manually.
Why do I need firewall on router? Because devices on my network have services open on all interfaces - For example "smart" weather station has web service open for all to see. This is absolutely non-issue when only using ipv4 behind NAT.
Another issue is revealing of internal network topology to outside world - this is something that NAT hides really well.
STUN, TURN servers, NAT hole punching, proxies for especially unlucky situations, connection setup helper to allow finding people using human readable ways, trans-encoding of video if necessary because of different platforms working only well with different codecs, in case of many people meeting full p2p between all people also can be an issue (bandwidth and keeping them in sync)
Through a lot of their code isn't being a middleman but making the video streaming on all clients work, which is easy for some MVP hobby project but hard to make it actually work reliable across the many different devices and software versions used in the wield.
Then there are features like noise filters, background video filters etc.
Don't forget battery life, roaming, discoverability etc.
The days of everybody having exactly one computer with a rarely-changing IP address are over. These days, most people have a phone which changes its IP address a few times a day (when you leave your house and switch from WiFi to cellular and then go back.) If you wanted to be directly reachable, you'd need to share these changes publicly, which would make it pretty trivial to figure out when you leave home, who you visit, which cafes with free WiFi you frequent and which countries you go to for your business trips. The stalking potential here is enormous.
As far as I know, Jitsi uses SFU (i.e. not P2P, not MCU), so every device sends their stream once (to the server), which doesn't do any transcoding but only forwards the streams to each client.
Therefore (just like multicast) you only send your stream once, and every client receives n streams.
How is this significantly different from n-1 streams coming from a single peer/server connection? Isn't that simply what it takes to have a group video call?
This is quite trivial to work around by just tunneling/VPN'ing to a IPv6 tunnel broker. Yes it's not really efficient but it will work especially if the only thing you use it for is communications. It's actually no different to TURN (if you were behind a restrictive NAT), just that your TURN provider is now the tunnel broker and is independent of your communications service.
The problem is that there's no money to be made here, so no software is built to take advantage of end-to-end connectivity. Even if you could get IPv6 right now (and you can with tunneling/VPN), what are you going to do with it? Big tech is quite happy with the loss of end-to-end connectivity since it enforces the need for a middleman, and they have no reason to make it easier for you to regain your independence.
The ISP is still "evaluating" IPv6 because there's just no real end-user demand because besides ideology or specific requirements of a technical minority there just isn't any reason for the average user to need it. If tomorrow every OS came with a built-in SIP client that actually worked and there was an actual successful deployment of consumer-grade SIP, demand for IPv6 would skyrocket and the ISP would get their act together or start losing customers over it. But there will never be a built-in SIP client because Big Tech would rather have you use FaceTime or MS Teams or Skype than some open protocol that doesn't require a middleman nor isn't vulnerable to advertising nor tracking.
At least one part of the problem is the WebRTC design. It requires a middle man (or side channel) for session initiation. You can't host a static website that does WebRTC between peers because you can't just input an IP+Port to connect to a peer like you can do with real end-to-end protocols.
The demise of end-to-end connectivity brought on by NAT was a boon to capitalists who can now be middlemen and charge rent for it (either in the form of money or "engagement" aka advertising/spam, tracking, etc). They aren't particularly interested in going back to the old standard even if we now have the technology to do so.
Software that can take advantage of end-to-end connectivity is nowadays very rare, so even if tomorrow we magically had full IPv6 deployment worldwide, not much software would take advantage of it and I'm not sure there would be any commercial pressure to develop it.
Even if your Mac and iPhone had IPv6 and were end-to-end connectable, Apple would rather have you use FaceTime with an Apple account rather than just type in the IP address/DNS of the other side and call them directly. Same with all the other tech companies.
Is it the first user to join the meeting (so it could be the host or a guest)? Or is it the person who created the room (and may likely be the first person to join the room)? I’m glad to get this answer here, but it’d be useful to document this on your help or support pages and share the link as well.
Having just played around with it: It still is; the only difference is that everyone is left "waiting for a moderator" until one person clicks "Log in", and jumps through the hoops to let Jitsi use one of their logins (which is pretty quick if you're already logged in).
Not great, but it does at least give some accountability.
I think it would have been best if they simply shut down their official instance, instead of gating it only to Google/Facebook users.
There's still plenty of other instances out there, and it would give a far less ambiguous message if they just pointed people to community-maintained instances.
Moving to a "we only serve Google/MS users" while claiming a focus on privacy definitely doesn't send out the right message
I'm not seeing much anger, just disappointment that you now need to be an experienced system administrator to have Jitsi meetings without signing up for a bigcorp.
Imo the problem here is a failure of law enforcement on the internet. IP addresses + timestamps can be tracked to a subscriber, but apparently it's so ineffective that, rather than allowing pseudonymity (only knowing your IP address) for all countries that fight digital crime (I imagine child abuse is similarly fought in most places), we instead opt to let the likes of Google and Facebook use tracking and magic algorithms to determine who's allowed to have an account, nay, identity on the internet.
Perhaps we need something that is pseudonymous but tied to an individual rather than a subscriber line, to be depseudononymised only by court order, similar to IP address now except you can actually find who did something (or was complicit at minimum, similar to money mules). We can also make it be different for every recipient, similar to how you can create any number of blockchain addresses without revealing the tie between them. It sounds super dystopian to have an internet passport (private key) explicitly tied to a government identity, but at this point it may improve anonymity rather than detract from it. We could get rid of CAPTCHAs (which are mostly ineffective at this point anyway), Cloudflare MITMing, IP address banning, phone number verification, "log in with Facebook", spam filters (because we'd just block spammers), etc. in favor of being able to prosecute and/or block bad actors.
You say that "IP addresses + timestamps can be tracked to a subscriber"—how do you account for the existence of TOR and no-log proxies like Proton VPN? If you were law enforcement, how would you track those IPs to a unique subscriber?
If you have serious issues, I suppose it's always possible to block the exit nodes from the specific HTTP endpoint where the trouble is caused, or require authentication at that point, even if I would advise to be very sparing with such measures.
For the law enforcement route, a judge could be convinced to order tracking the exit node's incoming connections for purpose of tracking the child abuser down, then the relay node, then the guard, and yes these change frequently but rinse and repeat and you'll get it eventually (speak of dystopian...). The barrier I see is that some jurisdictions will find it disproportionate to track all incoming connections and relays and guards (this will fan out) for only one abuse case. You'll really have to get every involved country on board in whatever you're pursuing, so it ought to be really bad and otherwise you can suck it up. So you make a good point that you can't simply enforce anything even if that's broadly illegal under the current system.
VPNs are much easier because they're a single entity and so there's no huge fan-out (don't need to wiretap/subpoena tens–hundreds of entities, just have to ask 1 entity for data on 1 subscriber, or compel them to produce it henceforth if they don't have it). If they didn't do logging in the past, indeed you'll need to wait for a repeat offense, so again I suppose you're right that an IP+ts isn't enough. Does this speak in favor of the private key government-backed identity? I'd honestly really rather it didn't
> That said, it is completely understandable that some users may feel uncomfortable using an account to access the service. For such cases we strongly recommend hosting your own deployment of Jitsi Meet. We spend a lot of effort to keep that a very simple process and this has always been the mode of use that gives people the highest degree of privacy.
Of course, self-hosting is still a bunch of work. Which doesn't mean anger is justified, but disappointment (which seems to be the dominant emotion at the time of writing) is understandable.
Because hosting my own server and disabling the auth is about 1000 times the effort of clicking "start a new meeting" on their website.
I don't get these "why can't you just..." comments. It's like you complain about food in the restaurant, and someone saying: "well, you can cook your own lunch at home differently".
No, this is like a restaurant giving you free food, and then when they change the recipe, you saying "WTF, you changed the food and now it's too salty, I hate it. Yeah, I could cook my own meal, but screw that, I demand you fix it!"
Personally, I think it just sends out mixed messages. "We focus on privacy, but you can only use our instance if you sign up via Google/Facebook". Definitely weird.
I'd rather they simply shut down their instance and replace it with a list of community-maintained ones.
BTW: it's not anger (at least in my case). Mostly just disappointment.
A bonus to self-hosting is now you’ll have an XMPP server you & your chatmates & org can use for decentralized, federated chat—may as well add a new virtualhost & ditch that proprietary chat option.
I have a server and it's decentralized? Isn't that a contradiction of terms? Wake me up when my teammates and I can message each other from our mobile devices without the involvement of any other computer...
> While a traditional social networking site will host all its content on servers owned by the parent company, the decentralized social media sites that make up the fediverse allow any individual or organization to host their own servers (referred to as an "instance").
I tried to like Jami, but it never worked right when I tried it. I didn't find a decent Android Tox client with video call, but it should work alright for text.
In a similar boat to you. Is there something out there that:
+ is committed to free software
+ respects the users
+ none of the poisonous big tech giant companies involved
+ is cross-platform
+ does text, calls, videocalls, file-transfers
+ can be set-up "normally" by non-technical friends and family
+ is ideally all the other good things: lightweight, smooth, decentralised, p2p, private, secure
I certainly couldn't find it. I've tried tox, jami, xmpp, irc, matrix, etc. There are things that can be set-up with some effort and messing with servers and verifying devices and so on, but not things you can talk your mother through during a phone call without a great threshold for annoyance (sorry Ma).
Signal maybe comes closest, and is what I use, but they have a few (big) issues too.
Unfortunately we don't have any good clients for android that do videocalls properly(not even qtox on PC works that great). aTox is the only android client that was starting to get the proper features but the maintainer is busy with IRL stuff. You're right though, text and file transfers work pretty well and we are writing replacements for the existing code to make everything more reliable(and faster in the case of file transfers).
Well, I don't know if anyone else responds to the mailing lists anymore to be honest. You can still get in touch through IRC though. We are on libera currently(and dogfooding tox groupchats). #tox for user related questions and #toktok for development.
I hadn't really used it recently but I'm honestly surprised that they went that long without requiring authentication. If you know a bit about mitigation of various abuse patterns it's kinda crazy that they managed to not needing to require it until now.
Through I hope they have a way for registered people to invite someone to join a meeting without a login (through with a bunch of limitations, like them being responsible for the person joining).
For example so that in case of a remote job interview the company can give them to the interviewee.
> Through I hope they have a way for registered people to invite someone to join a meeting without a login (through with a bunch of limitations, like them being responsible for the person joining).
I just played around with it now; it looks like login is only required to create the room -- that is, only one person at all needs to log in. Everyone else gets a "waiting for the moderator" screen before someone logs in, and just goes straight in w/o login afterwards. Presumably that person will the ability to kick people out, and can be held responsible for not doing so.
I no longer have any Big Tech accounts and I've not had a Zoom account for all the reasons why many of us want to rid ourselves of those environments. It's people like me who actually need Jitsi.
What makes it worse, I've been almost successful in weening friends and colleagues off Zoom and that's no easy task. Now it's all for nought.
They didn’t say it will stop to be 0 cost for end users. Their concern here is with filtering what users violating their terms of service, not providing it for free.
Does this mean that Riot.im/Element.io Matrix.org homeserver accounts on the web application won't be able to use the service automagically for video calls of greater than 2?
You can still create room without login. Just click "book a meeting URL" at https://meet.jit.si/ which redirects to https://moderated.jitsi.net/ and there you can create room without any authorization.
I guess those services already treat identity seriously, making a trade off where you swap some end user privacy for a free as in beer system that on the whole tries to prevent sock puppet accounts.
Using email login doesn't archive that (and is more work).
Using providers like Facebook, Google, GitHub is good enough, through
e.g. in case of GitHub definitely not perfect. But good enough is good enough.
I just which there would be more anonymity protecting *independent* auth providers you could widely use (which still could allow you to properly ban someone).
I had a video conference scheduled a few days ago with Jitsi. Ran into this problem so we quickly searched for an alternative. We couldn't get www.experte.com working. Tried we.team and it worked great. In fact, it didn't have the frequent freezing we had been experiencing with Jitsi.
> Starting on August 24th, we will no longer support the anonymous creation of rooms on meet.jit.si, and will require the use of an account (we will be supporting Google, GitHub and Facebook for starters but may modify the list later on).
So Jitsi loses the case for privacy and goes and requires Big tech logins such as Google, GitHub (Microsoft), Facebook (Meta).
It's the unfortunate battle of those who want to provide privacy, and those who want to use the privacy to do illegal things that will either get said things shut down, or cost them a lot of money (or freedom).
Having been on both sides, we need more decentralization and a way to disconnect From those decentralized points. Not much else can be done besides a never ending game of cat and mouse.
You don't. Because you can't. Those illegal things are going to exist as long as there is a market for them. All you can do is ensure that the general public who doesn't wish to partake isn't exposed to it without looking.
Basically, you don't want your grandma finding the drug list or hacking tools unless she's specifically trying to find it. But it's going to exist, so let it exist (or rather, try if you wish but it's futile). Similar to tor hidden services and i2p eepsites.
I doubt this is due to illegal things. There's kind of a limit to how much you can do illegally on a video feed. Nevermind that whatever you would be doing would be recorded and streamed to whoever popped into the anonymous room.
The auth requirement is probably just a way to limit load and force people to at least attach their usage rates with an identity of some kind, so if one person or org is using thousands of hours of server load they can start charging for the service.
I am dead sure it is about illegal things based on their phrasing. The kind of things that don't even appear on Zoom's Wikipedia even though Zoom is/was used for the same per documented evidence. Companies won't mention it because it's very bad publicity and other people won't pursue it because it's 2PTSD (or for some 1PTSD) material.
Your comment is phrased like those things are not a big deal?
> There's kind of a limit to how much you can do illegally on a video feed. Nevermind that whatever you would be doing would be recorded and streamed to whoever popped into the anonymous room.
Criminals probably are aware that some of their customers would be cops after somebody got arrested for doing it over Zoom and they probably learned to do it without revealing identifiable details.
And how would viewers pop in into a random room? There's no directory. They have a link that they paid for. And no, they wouldn't share this link with random people online.
What was it used for? Live streaming a crime in progress on a publicly accessible URL? Live streaming illegal content as if a torrent isn't already a superior format for that?
As if 8x8's hosted Jitsi service could not just report such crimes to the authorities with full IP logs? The signalling all still had to route through 8x8 servers and the URLs were not gated. Anyone with a link could pop in.
Let's say live streaming crime in progress for profit. Sure Jitsi could make it their responsibility to track and report IPs etc. but that would require them to have people on staff whose job is only watch through this stuff and build infrastructure for that. And if they don't proactively do that and only cooperate with FBI when someone reports they would have to have it on their conscience. And even if they do it proactively I imagine in many cases IPs give you nothing if they use Tor or some anonymous ISP and don't give identifiable clues in videos.
I don't think Jitsi guys want to suffer this stress/bad pr if they want to just build their product and provide a free public instance as a bonus
Oh dear, indeed. Why not offer the option to make an account directly? That would offer at least some solace that your data is not being shared outside the walls of 8x8.
because AAA is a cost, and now we have some of the A provided externally, its a lower cost to say "validate over here" than it is to roll your own. Cost including doing it right, meeting KYC/AML/Age barriers which incur legal risk, and having to front on your community and say "sorry, we lost all your private data in a hack"
remind me, do people roll their own CC handling or does the PCI rules drive you to ... using another intermediary in card processing, because of the giant risks?
Dealing with PCI means you basically have to rely on the payment processor to store the card and customer data. Intermediaries like Square and Stripe require this and make it easy. It's been a long time since I built anything that spoke directly to a card gateway (i.e. merchant bank) but I'd be pretty shocked if any didn't force you to use their iframe/storage/token solution at this point. Back in the late 90s, e-commerce sites used to just take the customer card numbers in plaintext and pass them to the VeriSign gateway and basically roll their own APIs.
I went to check this, but it won't even minimally load the authentication page without loading Firebase JS from `www.gstatic.com` (which I block by default, so that I notice when sites are leaking like this).
Jitsi having to do things like this might be inevitable. But I still have a look of disapproval for whomever was abusing the service.
The popup window login with the many different domains doesn't work with isolation on. Hope they don't take the random meeting name (the last anonymous option) away.
Ever since early in the pandemic, i've pointed friends who were worried about certain things- in the direction of Jitsi so they coudl safely discuss options without a time limit(which Zoom and Meet implemented) with others.
Think conversations like discussion of abortion, and other things where the service in certain locations needed to be private to the point subpoenas wouldn't be a threat. This is also why they've been waiting for insertable streams to be fully implemented in Firefox- those tickets were pushed most heavily because of Jitsi's videocalling.
This was driven by when they implemented an end to end encryption option- and being open source , something people could feel safer about than trusting Meet's (the former Duo)'s one on one calls.
The best part is this was something you could bring up on any computer. Signal , you need to own the device- Jitsi was more free than Signal in some ways- and of course it helps not being tied to a identifier(Signal has not yet implemented removing phone numbers as an identifier)
-Does this mean there's no free, end to end encrypted anonymous alternative that would be useful for those who are not technically inclined- but worry about Subpoenas, and need end to end encryption? That's as accessible(Jitsi was from a simple web interface no matter your device, alternatives like Jami and Meet aren't - and the account thing hurts)
Because trusting a Github, Google ,or Facebook login to not be vulnerable to subpoenas - is a nonstarter. ( I am aware of the efforts of Google, Facebook, etc to mass E2EE communications from test messages to all messenger messages - I don't think this is immune to legal/coercive efforts such as you might see in the UK/Australia, and also think the anonymity layer is going to be the crucial for some people.
...I'm aware ease of use plays a role in abuse- but i'll point out bad actors(who are technically capable at least a little apparently) have the resources to still abuse Jitsi(if someone had an axe to grind against Jitsi) regardless of these additions- [example:Google accounts can be still mass created anonymously via Android phones/burner phones /etc]
I dislike this, having been banging my head against the wall given my efforts over the past few years to teach end to end encrypted options and their usage to those who need them most, for the mentioned reasons.
For now I will resort to bugging people to switch to other instances at https://jitsi.github.io/handbook/docs/community/community-in... - but we badly need more options just as accessible- what other E2EE anonymous web-browser accessible tool is as available to the masses, that they can be convinced to use?
> but we badly need more options just as accessible- what other E2EE anonymous web-browser accessible tool is as available to the masses, that they can be convinced to use?
Just stand up your own instance and make it available to the anonymous public?
Jitsi itself isn't going away, just their anonymously-accessible instance.
By all accounts it's very easy to operate and requires very little in terms of resources. Hell, DO even has a droplet available.
Sure, but if your use case is that critical, you figure it out. That's what people have to do.
Is it inconvenient? Sure. Nobody is claiming it's not. But to say the option doesn't exist because the public instance doesn't allow it is a bit of a stretch.
Exactly. And then you complain about the id policy saying it was better without that, and then someone tells you: "I don't understand the complaint. You could trivially download some building blueprints from the internet and build your own homeless shelter."
It would be technically a correct statement just like the self-hosting suggestions here.
It creates risk that whomever that registered person connected to could be tracked by association, especially if the registered party is under surveillance.
Don't blame Jitsi. Blame the people abusing their previously wide open service. They're why we can't have nice things.
As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.
Nobody is complaining about the login requirements per se, we are complaining about the fact that a supposedly "privacy friendly" and FOSS service chose to implement a login system using only Google, Facebook and GitHub accounts and god knows when they'll add better options.
ffs, they're OAuth providers. It's not like they're passing the video streams over to Google and Facebook so they can mine them for PII. All they'll learn is that a user with an identity on their platform is using Jitsi. So what?
Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
And if the complaint is that now Jitsi can tie back activity to a durable identity: yeah, that's the entire point. They're fighting abuse. At some level, to prevent that abuse, they need some form of trustworthy authentication. That, by definition, means to some extent piercing the veil of anonymity.
It's also why running their own auth doesn't fundamentally solve the problem, as anonymous users creating their own accounts on their platform is a minor speed bump to folks who would use the service for nefarious activity. For that auth to be worth anything, they'd have to engage in their own forms of user verification, and that'd be no more privacy protective, and frankly probably less so since you'd have to trust their security posture.
The fact is they simply cannot run the service in a way that's both perfectly anonymous to Jitsi themselves and simultaneously resistant to abuse (thereby protecting them from potential liability).
Look, I get it, I'm not a fan of the big tech providers, either. But the claim that this somehow crosses the privacy rubicon is a massive overreaction. And the software itself remains as Free and Open Source as it ever was.
I don't have a Google, Microsoft/Github and Facebook account. Do you know what they require to register one in terms of privacy? Their terms are horrendous. Jit.si must not care about privacy or they'd have other OAuth options from the start.
>Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
I don't think you know the typical user profile of Jit.si. If people are happy with Google, Microsoft and Facebook, then why use Jit.si instead of their own video call offering?
> I don't think you know the typical user profile of Jit.si. If people are happy with Google, Microsoft and Facebook, then why use Jit.si instead of their own video call offering?
This hits the nail on the head. It’s not just about having an account with those platforms or being unhappy with their video call services. It’s more about which platforms one chooses and for what reasons. Those who choose jit.si would be the ones who want to avoid these tracking and profiling platforms and/or are completely against those platforms.
I agree that we are not entitled to Jitsi (8x8?) providing us with a free service. But it is not as clear of a cut as saying "Run it yourself then!" to a bunch of spoilt brats.
At the height of the pandemic I started using Jitsi for all my conferencing needs and was very happy to find that 8x8 had a paid-for option so that I could support Jitsi development through a 8x8 Meet Pro subscription. However, in December 2022 8x8 decided to axe the service and replace it with their "X Series plans" that are an order of magnitude more expensive (can not even find quotes easily right now [1]) and clearly geared towards large-scale enterprise. "By moving to 8x8 X Series, you will have access to features
like business SMS/MMS, unlimited calling to select countries, fax, voicemail transcription, integrations with business applications, call queuing, analytics, and more.", sounds great right? But not really to someone wanting to have a fixed URL and make twelve or so video calls per week on a budget.
This effectively forced me to go and "freeload" on Jitsi again, despite being willing to pay. However, I refuse to go crawling to Facebook, Google, or Microsoft for an account as I worked long and hard to divorce them already. It is doubly frustrating when you know that 8x8 has an account infrastructure (I have used it) and they are deciding not to offer it to us.
So, yes, we are not entitled to their free labour. But it is not like their track record is perfect here. This could all have been done much smoother.
To end on a more positive note, I posted this story a few days ago [2] and here are some alternatives that were brought up:
Do seriously consider supporting organisation that provide these services so that we can continue to have nice things. I would also love for there to be a Jitsi alternative out there with a "leaner" technology stack and higher focus on security that (paranoid?) people such as myself would feel more comfortable hosting on our own.
> As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
Pretty much every web site that requires login allows local registration. This is the first web i heard about that requires third-party registration. That seems absurd to me.
>If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.
Wait. They want me to sign up to Google, Microsoft or Facebook (worst possible choice ever) and I shouldn't complain. Seriously?
Ironically, this led me to self-hosting Jitsi with the Jitsi Helm chart and putting it behind oauth2-proxy so my friends and I can use it. Deploying Jitsi with the Helm chart is remarkably simple and does not consume that much memory.
If anyone is interested in self-hosting: 2 GB is my RAM usage on idle when running videobridge, web-ui, prosody, and oauth2-proxy atop k3s in its default configuration. You do have to open a stupidly large range of ports to UDP traffic for videobridge, though. With that said, it's been a reliable solution and does not need me or my friends to create $BIGTECH account.