I'm not seeing much anger, just disappointment that you now need to be an experienced system administrator to have Jitsi meetings without signing up for a bigcorp.
Imo the problem here is a failure of law enforcement on the internet. IP addresses + timestamps can be tracked to a subscriber, but apparently it's so ineffective that, rather than allowing pseudonymity (only knowing your IP address) for all countries that fight digital crime (I imagine child abuse is similarly fought in most places), we instead opt to let the likes of Google and Facebook use tracking and magic algorithms to determine who's allowed to have an account, nay, identity on the internet.
Perhaps we need something that is pseudonymous but tied to an individual rather than a subscriber line, to be depseudononymised only by court order, similar to IP address now except you can actually find who did something (or was complicit at minimum, similar to money mules). We can also make it be different for every recipient, similar to how you can create any number of blockchain addresses without revealing the tie between them. It sounds super dystopian to have an internet passport (private key) explicitly tied to a government identity, but at this point it may improve anonymity rather than detract from it. We could get rid of CAPTCHAs (which are mostly ineffective at this point anyway), Cloudflare MITMing, IP address banning, phone number verification, "log in with Facebook", spam filters (because we'd just block spammers), etc. in favor of being able to prosecute and/or block bad actors.
You say that "IP addresses + timestamps can be tracked to a subscriber"—how do you account for the existence of TOR and no-log proxies like Proton VPN? If you were law enforcement, how would you track those IPs to a unique subscriber?
If you have serious issues, I suppose it's always possible to block the exit nodes from the specific HTTP endpoint where the trouble is caused, or require authentication at that point, even if I would advise to be very sparing with such measures.
For the law enforcement route, a judge could be convinced to order tracking the exit node's incoming connections for purpose of tracking the child abuser down, then the relay node, then the guard, and yes these change frequently but rinse and repeat and you'll get it eventually (speak of dystopian...). The barrier I see is that some jurisdictions will find it disproportionate to track all incoming connections and relays and guards (this will fan out) for only one abuse case. You'll really have to get every involved country on board in whatever you're pursuing, so it ought to be really bad and otherwise you can suck it up. So you make a good point that you can't simply enforce anything even if that's broadly illegal under the current system.
VPNs are much easier because they're a single entity and so there's no huge fan-out (don't need to wiretap/subpoena tens–hundreds of entities, just have to ask 1 entity for data on 1 subscriber, or compel them to produce it henceforth if they don't have it). If they didn't do logging in the past, indeed you'll need to wait for a repeat offense, so again I suppose you're right that an IP+ts isn't enough. Does this speak in favor of the private key government-backed identity? I'd honestly really rather it didn't
> That said, it is completely understandable that some users may feel uncomfortable using an account to access the service. For such cases we strongly recommend hosting your own deployment of Jitsi Meet. We spend a lot of effort to keep that a very simple process and this has always been the mode of use that gives people the highest degree of privacy.
Of course, self-hosting is still a bunch of work. Which doesn't mean anger is justified, but disappointment (which seems to be the dominant emotion at the time of writing) is understandable.
Because hosting my own server and disabling the auth is about 1000 times the effort of clicking "start a new meeting" on their website.
I don't get these "why can't you just..." comments. It's like you complain about food in the restaurant, and someone saying: "well, you can cook your own lunch at home differently".
No, this is like a restaurant giving you free food, and then when they change the recipe, you saying "WTF, you changed the food and now it's too salty, I hate it. Yeah, I could cook my own meal, but screw that, I demand you fix it!"
Personally, I think it just sends out mixed messages. "We focus on privacy, but you can only use our instance if you sign up via Google/Facebook". Definitely weird.
I'd rather they simply shut down their instance and replace it with a list of community-maintained ones.
BTW: it's not anger (at least in my case). Mostly just disappointment.
