> Starting on August 24th, we will no longer support the anonymous creation of rooms on meet.jit.si, and will require the use of an account (we will be supporting Google, GitHub and Facebook for starters but may modify the list later on).
So Jitsi loses the case for privacy and goes and requires Big tech logins such as Google, GitHub (Microsoft), Facebook (Meta).
It's the unfortunate battle of those who want to provide privacy, and those who want to use the privacy to do illegal things that will either get said things shut down, or cost them a lot of money (or freedom).
Having been on both sides, we need more decentralization and a way to disconnect From those decentralized points. Not much else can be done besides a never ending game of cat and mouse.
You don't. Because you can't. Those illegal things are going to exist as long as there is a market for them. All you can do is ensure that the general public who doesn't wish to partake isn't exposed to it without looking.
Basically, you don't want your grandma finding the drug list or hacking tools unless she's specifically trying to find it. But it's going to exist, so let it exist (or rather, try if you wish but it's futile). Similar to tor hidden services and i2p eepsites.
I doubt this is due to illegal things. There's kind of a limit to how much you can do illegally on a video feed. Nevermind that whatever you would be doing would be recorded and streamed to whoever popped into the anonymous room.
The auth requirement is probably just a way to limit load and force people to at least attach their usage rates with an identity of some kind, so if one person or org is using thousands of hours of server load they can start charging for the service.
I am dead sure it is about illegal things based on their phrasing. The kind of things that don't even appear on Zoom's Wikipedia even though Zoom is/was used for the same per documented evidence. Companies won't mention it because it's very bad publicity and other people won't pursue it because it's 2PTSD (or for some 1PTSD) material.
Your comment is phrased like those things are not a big deal?
> There's kind of a limit to how much you can do illegally on a video feed. Nevermind that whatever you would be doing would be recorded and streamed to whoever popped into the anonymous room.
Criminals probably are aware that some of their customers would be cops after somebody got arrested for doing it over Zoom and they probably learned to do it without revealing identifiable details.
And how would viewers pop in into a random room? There's no directory. They have a link that they paid for. And no, they wouldn't share this link with random people online.
What was it used for? Live streaming a crime in progress on a publicly accessible URL? Live streaming illegal content as if a torrent isn't already a superior format for that?
As if 8x8's hosted Jitsi service could not just report such crimes to the authorities with full IP logs? The signalling all still had to route through 8x8 servers and the URLs were not gated. Anyone with a link could pop in.
Let's say live streaming crime in progress for profit. Sure Jitsi could make it their responsibility to track and report IPs etc. but that would require them to have people on staff whose job is only watch through this stuff and build infrastructure for that. And if they don't proactively do that and only cooperate with FBI when someone reports they would have to have it on their conscience. And even if they do it proactively I imagine in many cases IPs give you nothing if they use Tor or some anonymous ISP and don't give identifiable clues in videos.
I don't think Jitsi guys want to suffer this stress/bad pr if they want to just build their product and provide a free public instance as a bonus
Oh dear, indeed. Why not offer the option to make an account directly? That would offer at least some solace that your data is not being shared outside the walls of 8x8.
because AAA is a cost, and now we have some of the A provided externally, its a lower cost to say "validate over here" than it is to roll your own. Cost including doing it right, meeting KYC/AML/Age barriers which incur legal risk, and having to front on your community and say "sorry, we lost all your private data in a hack"
remind me, do people roll their own CC handling or does the PCI rules drive you to ... using another intermediary in card processing, because of the giant risks?
Dealing with PCI means you basically have to rely on the payment processor to store the card and customer data. Intermediaries like Square and Stripe require this and make it easy. It's been a long time since I built anything that spoke directly to a card gateway (i.e. merchant bank) but I'd be pretty shocked if any didn't force you to use their iframe/storage/token solution at this point. Back in the late 90s, e-commerce sites used to just take the customer card numbers in plaintext and pass them to the VeriSign gateway and basically roll their own APIs.
I went to check this, but it won't even minimally load the authentication page without loading Firebase JS from `www.gstatic.com` (which I block by default, so that I notice when sites are leaking like this).
Jitsi having to do things like this might be inevitable. But I still have a look of disapproval for whomever was abusing the service.
So Jitsi loses the case for privacy and goes and requires Big tech logins such as Google, GitHub (Microsoft), Facebook (Meta).
Oh dear.