Jitsi, the open-source video conferencing platform, now requires a Google, Microsoft, or Facebook account for their online service

While Jitsi is open-source, most people use the platform they provide, meet.jit.si, for immediate conference calls. They have now introduced a “Know Your Customer” policy and require at least one of the attendees to log in with a Facebook, Github (Microsoft), or Google account.

One option to avoid this is to self-host, but then you’ll be identifiable via your domain and have to maintain a server.

As a true alternative to Jitsi, there’s jami.net. It is a decentralized conference app, free open-source, and account creation is optional. It’s available for all major platforms (Mac, Windows, Linux, iOS, Android), including on F-Droid.

progandy, (edited )

Here are some interesting lists of alternative instances:

jitsi.github.io/handbook/…/community-instances/
ladatano.partidopirata.com.ar/jitsimeter/
timo-osterkamp.eu/random-redirect.html

By the way, by default jitsi is not end-to-end encrypted if you have more than two people in the call or need to use the videobrige for other reasons. jitsi.org/e2ee-in-jitsi/

Update: The e2ee implementation seems to have some issues as well: eprint.iacr.org/2023/1118

Firefox <116 is currently not able to use the e2e-encryption, blink based browser already support it. Firefox 117 will provide the necessary infrastructure as well. I don’t know if jitsi would have ot be patched to detect the firefox implementation. bugzilla.mozilla.org/show_bug.cgi?id=1631263#c58

esaru,

I didn’t know Jitsi has those issues with default E2E.

Moonrise2473,

Wasn’t easier to just shutdown the server?

I use jitsi just because doesn’t have Facebook/Google/Microsoft login

zzz,

Wonder why email as an identifier wasn’t sufficient…

furrowsofar, (edited )

Relax. Just use a different server. May not be exactly accurate either. How in the world do you have any idea who uses what server. I have never used this server.

One way is join the FSF and use their server. There are others or host your own too. The load and cost needs to be spread anyway.

CanadaPlus,

I really hope this doesn’t become a trend, but every time I see a few buttons for signup with email coming last I have to wonder.

ono,

How disappointing.

It was great for sharing private contact info with Google/Facebook/etc friends without revealing it to those invasive services. Instead of sharing your private address where it would be harvested, you could meet in an anonymous Jitsi room, exchange addresses there, and contact each other directly from then on.

Self-hosting doesn’t solve that use case, unless perhaps you’re willing to buy throw-away domains and IP addresses every time you do it.

ReversalHatchery, (edited )

I guess I don’t need their app anymore on my phone, then. More free space to me.

Though using an other instance as mentioned by other comments is also an option, I think the mobile app supports that too, even if it’s a bit complicated

Edit: after reading the article, this might really not be their fault. At the end they also encourage the reader to host it themselves. They are not very transparent with what’s the actual problem, though…

rnd,

Yes, the mobile app supports third-party servers, though I wouldn’t call it complicated.

If you want to join a room, all you do is type/paste the full URL to it instead of just the name. “Open in App” functionality will also work regardless of the server.

If you want to host one on a third-party server, you just go into the options and replace the “meet.jit.si” address with one of the third-party server. Then when you create a room, it will use that server.

ReversalHatchery,

Probably complicated isn’t the best word, my issue with it is that if I understand it correctly, you would always need to change the server address if you need to connect to a meeting that was created at a different server

rnd,

If you paste in the complete URL to a meeting (“example.org/FourRandomEnglishWords” instead of “FourRandomEnglishWords”) or use the “Open in App” link that a meeting’s web page shows, then there’s no need to.

Forcen,

Good thing that you can still self host it, post your favorite jitsi instances below for everyone to use.

I’ll start with this one: calls.disroot.org

UdeRecife, (edited )
@UdeRecife@literature.cafe avatar

Thanks for that link. I didn’t know disroot hosted Jitsi.

For others in this thread, here’s a list of Jitsi instances: jitsi.github.io/handbook/…/community-instances/

yojimbo,

meet.vpsfree.cz 💪

argv_minus_one,

Criminals ruin everything.

gunpachi,
@gunpachi@lemmings.world avatar

This is indeed sad news. I made my friends (who don’t care about free software) switch from google meet to jitsi for video calls just the other month.

The only thing that got them sold on jitsi was that it required no login.

viq,
@viq@hackerspace.pl avatar

@gunpachi
There's jitsi the software and jitsi the page. This affects only jitsi the page. There are many more pages where jitsi the software is reachable at.
@esaru

gunpachi,
@gunpachi@lemmings.world avatar

Thanks. I am aware of other instances, but my friends and family don’t understand the point of it. Anyways… I’ll see if I can get them to try other instances of Jisti.

ReversalHatchery,

Tell them that it works the same way, no registration too, but the old one had to shut down.
Technically, it did shut down, for those that don’t want to log in with anything.

iHUNTcriminals,

Well looks like jitsis gone.

masterspace,

The sky is falling the sky is falling!

owiseedoubleyou,

It’s hypocritical to call your service “privacy friendly” and then require the use of a Google/Facebook/GitHub account to log in. I kinda understand the reason why they do this, but they could have at least allowed you to use a more private email provider.

viq,
@viq@hackerspace.pl avatar

@owiseedoubleyou
It's more likely about OIDC and not "email". In which case they could have included Gitlab I guess. Let's give them a while, they'll probably figure out a list, this sounds like "how can we cover largest amount of people while adding fewest providers"
@esaru

masterspace,

Calling them hypocritical is hysterical when they offer all the source code for free and you can host your own instance that doesn’t need an account.

esaru,

The software is free open source. But this case is not about the software. It’s about the web instance that the majority of the people was using. And that instance now lost its privacy feature and shouldn’t call itself privacy friendly anymore.

masterspace,

What information is transmitted to GitHub when you sign in with your GitHub account?

I’ll tell you: that you signed into jitsi.

That’s it.

VolunTerry,

I agree with you and it’s an important distinction. But for me it’s also about the ethos of the developers or company. Promoting free and open source tools is great, but requiring the opposite as a prerequisite to use the largest publicly facing implementation of that is a very odd decision.

masterspace,

Is there another OAuth identity provider they should use? I agree that it’s ludicrous that advertising companies are the primary identity providers we use, but I have no issue with GitHub / Microsoft as an identity provider.

At the end of the day they could create their own account system and take on the liability of storing passwords, but why? That’s not what their software is about and as instance admins it will take away their time and focus.

At the end of the day I think what you’re chafing against is not their fault but a fundamental problem with open source software at the moment, we have no system of decentralized identity verification, and identity verification is basically a necessary part of ensuring your system isn’t abused.

VolunTerry,

I’d personally prefer they didn’t implement any KYC-style identity verification at all in the first place, but it’s not my service or project and I’m not a paying customer, so my preference is largely irrelevant to them. But that said, I didn’t intend the comment to be damning, or even a particularly harsh criticism, just thought it wad an odd choice.

If what you are saying is accurate, and there aren’t better options, I at least understand that choice a bit more. If they feel they need an identity provider for whatever reason, they should obviously choose the one they feel best fits that need. And as others have noted, different servers and instances can be spun up or utilized. Users can choose to utlize whichever fits their needs best, or none if none of them fit.

Your other point is well taken though that it may be a gap in the marketplace. Sounds to me like a need waiting to be filled. I recall reading about some decentralized blockchain solutions for this sometime back, but do not recall the specifics. I haven’t followed along because it didn’t seem relevant to my personal or business needs at the time.

If anyone else knows of alternative options that may be better or more privacy friendly, I’d certainly be interested to hear about them. And would chip in funding for any good FOSS projects that might seek to solve this problem.

ReversalHatchery,

Or just remove that claim

dingleberry,

Why would federated sign-in suddenly make them non-open source.

ReversalHatchery,

The comment to which I replied complained that they claim their service to be privacy friendly. They didn’t complain about the open source claim, and me neither.

ubergeek77,
@ubergeek77@lemmy.ubergeek77.chat avatar

Why is everyone up in arms about this? The abuse of their free service was rampant. This isn’t a core project change, this is just a measure to keep a version of the project up for free without completely taking it down. They don’t even have a way to monetize this. An alternative was to simply shut it down and only allow you to self host it.

I self host my Jitsi instance, but as a privacy nut, I don’t see a problem with this. Absolute privacy cannot always coexist with free anonymous services. Don’t blame Jitsi, blame the people who ruined it for everyone else.

muelltonne,

How was their free service abused?

Hadriscus,

By overusing it, I think.

skullgiver, (edited )
@skullgiver@popplesburger.hilciferous.nl avatar

deleted_by_author

    •
    ubergeek77,
    @ubergeek77@lemmy.ubergeek77.chat avatar

    In this case, it sure does sound like abuse. Considering the careful wording, combined with the seemingly kneejerk reaction of requiring authentication, there was likely illegal activity going on:

    Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.

    Over the past several months we tried multiple strategies in order to end the violations of our terms of service. However in the end, we determined that requiring authentication was a necessary step to continue operating meet.jit.si.

    It was a free, anonymous service that let people stream video and send messages. Consider for a moment if that “video” was actually non-video data encoded to be streamed through Jitsi and sent to another location. Or, consider if the video was video, but was so egregious and illegal, that Jitsi had to take action. It doesn’t take a lot of thinking to consider the kinds of activities could have been going on.

    bmaxv,
    @bmaxv@noc.social avatar

    @esaru

    "One option to avoid this is to self-host, but then you’ll be identifiable via your domain and have to maintain a server."

    Makes it a non issue.

    It's free as in freedom not as in free beer and that's that.

    Jitsi doesn't have to offer free service and they particularly don't have to provide anonymity.

    The same is true for the fediverse, since the admins have info that could help identify users. That has it's uses too.

    esaru,

    Jitsi remains free. As you can see, this isn’t about money but rather about privacy, which has diminished compared to before.

    The issue with centralized systems becomes more apparent: the provders are held accountable for their users’ actions.

    PeterBronez,
    @PeterBronez@hachyderm.io avatar

    @esaru @bmaxv @technology concur that this reduces privacy for users of Jitsi’s hosted service. It also has some concrete benefits for Jitsi - they get to outsource account validation and security. Perhaps they were struggling to contain abuse.

    masterspace,

    Privacy has not diminished, you can host your own instance of the jitsi software account-free and take on the liability of people using your server for child porn yourself if you want to.

    Twashe,

    RIP

    shortwavesurfer,

    Well, time to find another instance, cause fuck that noise

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • uselessserver093
  • [email protected]
  • Food
  • aaaaaaacccccccce
  • test
  • CafeMeta
  • testmag
  • MUD
  • RhythmGameZone
  • RSS
  • dabs
  • SuperSentai
  • oklahoma
  • Socialism
  • KbinCafe
  • TheResearchGuardian
  • KamenRider
  • feritale
  • All magazines
    •