While Jitsi is open-source, most people use the platform they provide, meet.jit.si, for immediate conference calls. They have now introduced a “Know Your Customer” policy and require at least one of the attendees to log in with a Facebook, Github (Microsoft), or Google account.
One option to avoid this is to self-host, but then you’ll be identifiable via your domain and have to maintain a server.
As a true alternative to Jitsi, there’s jami.net. It is a decentralized conference app, free open-source, and account creation is optional. It’s available for all major platforms (Mac, Windows, Linux, iOS, Android), including on F-Droid.
Good thing that you can still self host it, post your favorite jitsi instances below for everyone to use.
I’ll start with this one: https://calls.disroot.org/
Thanks for that link. I didn’t know disroot hosted Jitsi.
For others in this thread, here’s a list of Jitsi instances: https://jitsi.github.io/handbook/docs/community/community-instances/
This is indeed sad news. I made my friends (who don’t care about free software) switch from google meet to jitsi for video calls just the other month.
The only thing that got them sold on jitsi was that it required no login.
Pick your favourite server and use that from now on: https://jitsi.github.io/handbook/docs/community/community-instances/
Thanks. I am aware of other instances, but my friends and family don’t understand the point of it. Anyways… I’ll see if I can get them to try other instances of Jisti.
Tell them that it works the same way, no registration too, but the old one had to shut down.
Technically, it did shut down, for those that don’t want to log in with anything.
Criminals ruin everything.
Oh hell no. Why they dont make it optional?
People were doing illegal stuffs on it
What kind of illegal stuff?
starting video chat with one self, with nobody else involved
Possibly stupid question: if they found out that people were doing illegal stuff on it, doesn’t that mean that they were monitoring people’s conferences? I thought that the FOSS community was big on privacy.
I imagine they’re receiving reports from other parties, such as law enforcement, that there are inappropriate things happening, rather than monitoring the streams themselves.
No, because we don’t know how they got the information. Someone might as well just have reported it, or it was forwarded from law enforcement.
Théry are plenty of FOSS people who don’t believe in privacy. Just because you like openness in one thing doesn’t mean you want it in another. Though there is probably a larger overlap.
deleted by creator
That’s just not true at all. You’re talking from a very small circle if you think most OSS is used by privacy buffs. The largest users of OSS are companies, followed by techies who enjoy the challenge or the ownership. Privacy wonks are by far the smallest userbase.
deleted by creator
It ded
This is its downfall
Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.
Cannot be less clear.
Anyway I don’t understand why you’d need an account. I’ve always created rooms and share the link to people to invite. You can setup a password if you want privacy. Any reason to login?
There was likely a broad campaign of abuse that violated some sorta law. There’s not really another reason for this move short of something that puts them in an untenable situation.
They are probably talking about using it to share CSAM or other illegal content. They need one person to login to be not anonymous so they can give it to the authorities if necessary.
Yepp I agree, that kind of cryptic speak and this kind of drastic action taken by a FOSS project likely eludes to something of this nature IMO.
If they want to continue to appeal to businesses they’re almost certainly not going to release a statement saying people were sharing illegal material on our platform especially when they’re not a big well-known company like Facebook, Google and Microsoft, where normal people tend to disappointingly dismiss bad findings with a “benefit of the doubt” stance.
I assume their hosted version doesn’t have this limitation? In that sense, this news really is a non-issue I think, considering everyone usually has one of those three accounts. Someone looking for privacy should probably host their own IMO
I don’t understand, even if I use a google login I haven’t necessarily give my real name to google so why is it safer for them? Anyone can create a new email with google and particularly people sharing illegal material wouldn’t use their real personal email so what’s the point?
Law enforcement can subpoena Google for breadcrumbs, and then go to data brokers for the missing pieces. It’s not perfect, but this likely isn’t the reason for Jitsi doing this.
The real reason likely falls along the line of the extra requirement driving people away from misusing the service, if they now need a VPN + killswitch and a burner “faang” account to share illegal content. They’ll just go to the next common denominator sadly, resulting in truly anonymous services dropping like flies (anonfiles.io being the last example of this)
Is a mobile phone number not required for a Google account? In many countries, including all EU ones, you need to authenticate yourself when ordering a SIM card. This makes your phone number your personal ID. Your Google account is connected to your person, and what you do on Jitsi after logging in with your Google account as well. It’s easier to track back to you that way.
Yeah I didn’t think about the phone number, I made my google account a long time ago and they didn’t use to ask you for your number but now every service needs it for “security” reasons
But why a Google/FB/MS account? Why isn’t an email account from an established provider enough, why centralise to three megacorps?
There’s plenty of disposable email services out there.
And they’re added to spam lists all the time. All you need do is draw up a list of the twenty most popular, because frankly Gmail and outlook already cover so many while leaving room for privacy-friendly providers.
Because these three provide federated login most email providers do not.
I didn’t think I’d unironically hear “This is an advantage because now one company controls all your logins” as a reply to privacy concerns.
I didn’t say that. Security and privacy are nearly opposites. This is a security decision.
Those are all SaaS providers with meeting software available. If someone was using Jitsi, it was specifically to not use a login with any of those providers. They’re actively deciding not to continue operation with this. Its like when OnlyFans declares they wouldn’t allow adult content going forward
I imagine that, at least, the videos wouldn’t go through those SAAS providers, and that’s relatively a plus still.
Those are all SaaS providers with meeting software available.
With paid for commercial meeting software available.
If someone was using Jitsi, it was specifically to not use a login with any of those providers.
Or because they didn’t want to pay ongoing SAAS fees.
They’re actively deciding not to continue operation with this. Its like when OnlyFans declares they wouldn’t allow adult content going forward
It’s literally nothing like that since Onlyfans is not an open source project that lets you host your own instance and run it however you like.
If you want anonymity run it yourself. If you want to use their servers it’s reasonable that they expect to know a modicum about how to verify you are who you say you are. There is literally no other way to prevent abuse other than identity verification of bad actors.
Never used Jitsi. Above you indirectly say that from the functional point of view Jitsi is noticeably worse than meeting solutions of MS/Google/FB. Is this really so?
I don’t know how I indirectly said that. I certainly didn’t mean to. Its less well known, perfectly fine, and it’s killer feature for a long time has been being decoupled from privacy disrespecting big tech companies
“If someone was using Jitsi, it was specifically to not use a login with any of those providers” this sounds like the only reason to use jitsi is avoid big guys, and if you cannot avoid them jitsi makes no sense - i.e. “no big guys” is the only feature worth it.
Btw, “login via Google” and use “Google meet” are significantly different cases from privacy point of view.
It’s not the only reason to use jitsi, just that most people wouldn’t bother seeking any alternative if they didn’t care.
“Main motivating factor” != “Only viable reason”
Sorry for any unclarity I introduced. And yes, login via google vs full on google meet are two different things, but if I have to login via google for Jitsi I’m suddenly far more likely to use Jami
My experience has been that Jitsi is much better when the connection is bad. However, its default setting is that video is cropped to be square, which is very bad. I don’t even think that the user can change that.
Its like when OnlyFans declares they wouldn’t allow adult content
So… Tumblr?
OnlyFans announced it too, but walked back on it later.
I laughed pretty hard at OnlyFans trying to remove the only thing that I was aware they hosted.
Yeah but at least Tumblr had a majority of non porn content. Jitsi is almost entirely privacy wonks, and only fans is almost entirely porn
If its open-source, couldn’t somebody just fork it and remove the login requirement?
You can self host it as well. This is just a restriction of the online service - the problem being that most people are not going to self-host their conference calls.
Yeah they’d have to maintain upgrades security patches etc and could get pricey depending on how much storage and bandwidth is involved.
Come on, one more step and you’ll get to the part where you have to deal with preventing other people from using your instance for child porn.
Or you could just restrict it for use by a select few you know.
Lol, it was my GOTO specifically because it doesn’t require a login and I can send it to my parents who need minimal clicks to enter the room. I even have family that doesn’t have a github, facebook, nor google account, so they won’t be able to join.
Amazing move Jitsi.
Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.
What kind of “illegal things” were they doing? Say it, so that we can comprehend. Make it make sense.
Tbf I’d not get angry if it was jihadist recruitment, child porn, human trafficking, etc. etc.
But won’t those criminals always find another way of communicating? If you’re doing something illegal, it’s worth it to you to go through some hoops to have safe and private communication. All this does is remove that option from less tech literate people.
But now the illegal content is not happening on their owned instance, taking them off the hook.
Communication network providers in the EU generally aren’t liable for illegal activity of their users.
That doesn’t make it a non-issue. Ignoring the obvious ethical issues, there are still serious costs to addressing conduct they’re made aware of, both in terms of actual man hours and mental health of any employees, and the actual bandwidth of the abusive traffic.
@esaru
Shodan finds 21k instances. https://meet.ffmuc.net/ and https://meet.element.io/ are just two, and I don’t expect them to require log in.I’m on mobile, but does meet.element.io just work? I would expect that to only work for Matrix users
@ReversalHatchery
Just verified (from mobile) and it just works 🤷
Safe to assume it was child porn, because that ends up being an issue on any service that lets people share images or video privately. By not stating it directly, they don’t prompt news organizations to quote the company in click bait articles about how their platform enables child porn as if that wasn’t a universal issue that all services have to actively discourage.
If I’m reading it correctly, you only need one person in the meeting to have one of those accounts.
lmao
That said, it is completely understandable that some users may feel uncomfortable using an account to access the service. For such cases we strongly recommend hosting your own deployment of Jitsi Meet. We spend a lot of effort to keep that a very simple process and this has always been the mode of use that gives people the highest degree of privacy.
Seems like you can avoid it by self-hosting. Still a very suspicious move, kinda defeats the whole point of an alternative to big tech conference services.
Google, GitHub and Facebook for starters but may modify the list later on
Maybe they could support some auth provider from some fediverse app? That would be kinda neat.
Earlier this year we saw an increase in the number of reports we received about some people using our service in ways that we cannot tolerate. To be more clear, this was not about some people merely saying things that others disliked.
Over the past several months we tried multiple strategies in order to end the violations of our terms of service. However in the end, we determined that requiring authentication was a necessary step to continue operating meet.jit.si.
This sounds to me like a pattern of people using it for actual serious crimes (with the obvious guess being video sharing of sex crimes/trafficking/kids). I understand that that justification is used for a lot of extremely invasive privacy violations, and stuff like scanning every file in the name of that is too far, IMO, but if you’re the only platform with resources to handle that traffic that allows anonymity, it’s very likely to grow at a significantly larger rate than the rest of your traffic.
You can’t (shouldn’t) scan every file every individual sends to every other individual in order to prevent it, but once you have a platform that’s capable of supporting community-type activity, it’s a very real issue that you can face.
“You can host yourself with your own choices on vetting participation because here are the tools to do it” isn’t really a bad line to draw. But you can’t have your servers be a central point for that.
RIP Jitsi ಠ_ಠ
You can also use matrix. Matrix currently uses jitsi. In the future it’ll use “element call” but right now, jitsi.
Ah. Thank you. Decent work around, still more steps sadly enough, but it’ll have to do.
RIP
