Jitsi: video conferencing for the privacy minded
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
Title |
| |
Subtitle |
| |
Title of Series | ||
Number of Parts | 490 | |
Author | ||
License | CC Attribution 2.0 Belgium: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
Identifiers | 10.5446/47320 (DOI) | |
Publisher | ||
Release Date | ||
Language |
Content Metadata
Subject Area | ||
Genre | ||
Abstract |
|
FOSDEM 2020485 / 490
4
7
9
10
14
15
16
25
26
29
31
33
34
35
37
40
41
42
43
45
46
47
50
51
52
53
54
58
60
64
65
66
67
70
71
72
74
75
76
77
78
82
83
84
86
89
90
93
94
95
96
98
100
101
105
106
109
110
116
118
123
124
130
135
137
141
142
144
146
151
154
157
159
164
166
167
169
172
174
178
182
184
185
186
187
189
190
191
192
193
194
195
200
202
203
204
205
206
207
208
211
212
214
218
222
225
228
230
232
233
235
236
240
242
244
249
250
251
253
254
258
261
262
266
267
268
271
273
274
275
278
280
281
282
283
284
285
286
288
289
290
291
293
295
296
297
298
301
302
303
305
306
307
310
311
315
317
318
319
328
333
350
353
354
356
359
360
361
370
372
373
374
375
379
380
381
383
385
386
387
388
391
393
394
395
397
398
399
401
409
410
411
414
420
421
422
423
424
425
427
429
430
434
438
439
444
449
450
454
457
458
459
460
461
464
465
466
468
469
470
471
472
480
484
486
487
489
490
00:00
Information privacyLattice (order)PlanningProjective planeBitVideoconferencingSet (mathematics)Information privacyComputer animation
00:29
Mobile WebVideoconferencingTelecommunicationCartesian coordinate systemComputing platformQuicksortComputer animation
01:12
VideoconferencingNumberAngleMultiplication signDifferent (Kate Ryan album)Electronic mailing listQuicksortInformation privacyEndliche ModelltheorieVideoconferencingComputer animation
02:07
Integrated development environmentPhysical systemWeb browserInformationFingerprintSanitary sewerIP addressMobile appNeuroinformatikRevision controlMetadataVideoconferencingPhysical systemInformationVector spaceTrailPerspective (visual)RootUniform resource locatorWeb applicationWeb browserSurfaceServer (computing)Cartesian coordinate systemFingerprintQuicksortComputer configurationOperating systemData conversionComplex (psychology)MalwareThread (computing)Degree (graph theory)Integrated development environmentTouchscreenTelecommunicationFrame problemDevice driverComputer animation
06:06
QuicksortVideoconferencingIntegrated development environmentInformation securityChannel capacityInformation privacyPlanningTable (information)Computer animation
06:55
VideoconferencingOpen sourceComponent-based software engineeringAndroid (robot)GoogolWebsiteMobile appPolarization (waves)Service (economics)Android (robot)Server (computing)Point (geometry)TouchscreenConnectivity (graph theory)VideoconferencingOperating systemVirtual machineLattice (order)MereologyOpen sourceInstance (computer science)Cartesian coordinate systemCubeComputer animationLecture/Conference
09:11
RoundingMotion blurBeta functionDisk read-and-write headBeta functionUniform resource locatorSound effectPerfect groupSource codeComputer animation
10:00
Phase transitionModule (mathematics)CodeServer (computing)Student's t-testLattice (order)Projective planeSelf-organizationRow (database)Computer animation
10:45
Maxima and minimaReal numberTransportprotokollEncryptionWeb 2.0Data miningPeer-to-peer
11:22
Router (computing)Lattice (order)CASE <Informatik>CalculusIP addressServer (computing)Connected spaceCore dumpVideoconferencingHypermediaPlastikkarteBand matrixOpen setWordSystem callWeb browserPoint (geometry)Bridging (networking)Connectivity (graph theory)Mathematical optimizationComputer animation
13:07
Public key certificateCartesian coordinate systemServer (computing)Set (mathematics)String (computer science)Different (Kate Ryan album)Arithmetic meanGreen's functionConnected space
13:53
Formal verificationArithmetic meanQuicksortPoint (geometry)Computer animation
14:08
Configuration spaceDirection (geometry)Virtual machineComputer filePoint (geometry)Server (computing)Goodness of fitGraphics tabletDampingDemo (music)Row (database)Binary codeComputer animation
15:22
Multiplication signPhysical systemSystem callMoment (mathematics)Meeting/Interview
16:38
Point cloudFacebookOpen sourceComputer animation
Transcript: English(auto-generated)
00:07
Well, so after being here the entire day you still get a little bit more of me Today the plan is to talk about Privacy in the video conferencing Scenario, let's say my name is Saul and I've been working in the RTC industry for pretty much my entire career
00:27
Right now I'm working with the Jitsi project. The Jitsi project is a set of tools that Allow you to deploy a Comprehensive video platform have API's to video enable existing applications and mobile SDKs as well so you can
00:47
Video enable anything you sort of already built we believe that every communication should be private should be secure and It should be hassle-free and we strive to get there by building these tools and making them available
01:05
To people such as yourself. So thanks a lot for being here and listening to me tell you about all these stories Privacy is a very big topic these days is pretty much have it has been mentioned Throughout the day in a number of times already
01:23
But before I I sort of dive into it and actually I want to dive into it from a different angle First I want to discuss what are the threat models that affect video conferencing So after all a video conference is a very exposing activity
01:41
We are showing our camera to somebody else in the remote end And that has some implications that might be more severe than an audio only call. So we need to keep this in mind. So This does not aim to be a comprehensive list of all the threats that exist But I'm going to focus on some of them and then we're going to see
02:02
What we can do about them and how did she? Can help in this regard? So the first thread that we can face is pretty generic It doesn't necessarily only affect video conferencing with this having a compromised environment So sort of from the base of it if our operating system has been compromised
02:25
There's really not much we can do because It's at the root of it So from an apps perspective we're at the mercy of what already happened Imagine you have a rogue video camera driver that copies frames and sends them over to a remote server Our application wouldn't know this there's not much we can do but it is a threat that we need to consider
02:47
the browser Could be could be compromised browsers have a huge attack surface these days They are more complex than many operating systems were 20 years ago Let's say so. It's a it's a huge attack vector and we kind of we have to make sure we are up-to-date
03:04
And all these things to make sure that we are not a target And last we have our own web app our application could have been somehow injected with malicious code and then Our communications are compromised So these are the things that we we think of when we talk about having a compromised environment
03:26
The last two items here could be replaced by one which is using a mobile application In a way its complexity might be lower than a browser. So that is always an interesting option as well because
03:41
Typically, there has been a lot of involvement in securing mobile applications sandboxing and stuff So something to consider maybe not use a desktop application Another of the threats is user fingerprinting so first of all, what would be Potentially very severe is knowing the physical location of where we're talking with
04:05
maybe they are in jeopardy if this becomes known and So we need to make sure we either conceal that or are mindful about it Then it's user agent information kind of piggybacking to what they just said Yeah, it would if it's easy for somebody to get a grasp of what browser and what version of it they're running
04:27
Maybe there exists an exploit that can be used to then Infiltrate into that person's computer or maybe there's a zero day. We can buy in the black market Then nobody knows about for that version and then again we can compromise so limiting
04:44
All the exposure of all these metadata that is left around is something which we need to consider when we When we're about to have a video conference In a kind of harmful situation if you will and then of course, there's networking information
05:02
I'm pretty sure you have heard about Leaking IPs in WebRTC and how you could know the IP of your VPN and these and that so all of these In the end you always leave a certain trail of metadata wherever you are and Be having a video conference doesn't eliminate that so we need to consider all this information and we're leaving
05:27
And the most severe of them all is probably eavesdropping or grilled wiretapping That would mean that somebody somehow is listening into our conversation is looking at the video
05:40
We're looking this could be accomplished by having a Compromised environment be that the application be that the server But there is also to a certain degree a very more crude Shoulder surfing if you're having a conference in a public space somebody passes by looks at your screen see something
06:02
so What can we do about that? So the plan is can we help well? I'm here to try so plan is we cannot solve all the problems. So what we're going to try is To look at some solutions to some of these problems and maybe provide some advice
06:25
For the rest of them to try to have the most secure possible video conferences What we strive for is sort of you think about how PGP was called pretty good privacy Like literally that's what we aim for like pretty good privacy akin to
06:42
Meeting with these people you want to communicate with in a sort of private secluded environment around the table this is what we aim for but in an online capacity with all the challenges that it has so First and foremost common sense, which seems to be scarce these days sometimes, but let's try let's try to use it
07:03
So if we need to have a meeting which is you know critical and somebody would be in jeopardy if it's known where they are Maybe we shouldn't have it in the first place or maybe not there and go to a more private place While you know, I'm a video conference user of every day
07:22
Maybe not all meetings need video if shoulder surfing is a concern You can use a screen polarizer or you just mute the damn video and then nobody will see where the other person is This may sound super common sense. I realize that but I thought we have to say it and then
07:42
The hardest of them all which is try to ensure that your equipment hasn't been compromised There are some interesting articles in the freedom of press Website on how to run for instance cube OS which is an operating system Where each application runs in like a tiny virtual machine thus
08:01
Limiting the exposure of if you have compromised part of it. At least the rest is not compromised and so on so There are things that can be done in that regard. It's not necessarily an impossible problem to solve now on a more concrete fashion how Can we help so I think the major way in which we help solve these problems is by being
08:25
All-in when it comes to open source all the GT meat components are open source All the server components are open source on the mobile apps are open source the Android app can be built without any Google services Enabled this is the build that is available today on fdroid
08:45
and we made it so it's easy to self host so You know, you can choose to trust me because I'm here today, but that's irrelevant because you can verify And that's the whole point trust less and verify more and everything. You can find it right there and
09:03
Feel free to start poking Now some little gadgets to help with other things one of the things I mentioned is Concealing the location of a user. So we recently introduced in beta background blur Which is not only a way that it looks cool because we have this bokeh effect around your head
09:25
So we use tensorflow to do face detection on the browser and blur the background And the idea here is that the background is harder to distinguish So if there are specific aspects that would allow somebody to know where somebody else is
09:42
This would be a way to help you conceal that it is by no means perfect And there are some performance implications because tensorflow is expensive But we're working on it and it's getting there is getting to becoming something useful that can be done Now we have
10:01
Something else in the in the planning phase. We we have applied to be a Google summer of code organization Again, we have done this for a few years and one of the projects we have We want to do with a student is voice obfuscation so the idea is to introduce a module in Jitsi meat that allows us to
10:22
Sorry Modulate your voice before it's sent to the server and this way we could use it To conceal who you are and this should give us plausible Deniability like if there is an unauthorized recording of a meeting this should allow you to say that's not me
10:40
Because that's not my voice now Some of you might be thinking Well, yes, I will but I heard end-to-end encryption is cool and solves all the problems Let's take a look So you start reading about you know, WebRTC literature online probably saw and it has been mentioned even here
11:03
Web RTC is peer-to-peer and WebRTC has built-in encryption with SRTP DTLS and This means there is no way to do mine in the middle and because it's peer-to-peer and it's encrypted It's end-to-end encrypted. And thus we have no problem, right? I
11:20
Want to show you a video? So here this is me having a meeting with myself As it happens obviously and then my other self joins in third participant and now We're gonna see some IP address there. That's the IP address of the remote endpoint where my media is flowing
11:47
Now one of the participants leaves we keep looking at the IP address of the remote endpoint and At one point that thing has changed and it's now flowing into a different place
12:04
What happened here so In Jitsi meet we one of the core components of our infrastructure is the Jitsi video bridge This is our advanced video router that allows us to do Smart video routing to use your bandwidth in an efficient way to hold and scale our conferences
12:22
Now this also means that our server technically has access to your medium Ha big whoop. You didn't notice did you so you have to sort of take my word for it or verify now we do have a An optimization which is in the one-to-one case
12:42
We can actually bypass the server because we don't need all the advanced functionality So you establish a one-to-one call directly and that is technically Yes, it sent when encrypted but actually that's not the point because did you see any consent window? Did you see the browser telling you that your media is now going elsewhere?
13:02
No, so it doesn't matter that they sent to an encrypted because I sent it elsewhere and you didn't know And how would you know well if you open WebRTC internals you would see that we open two peer connections one is direct the other one goes via the server and Each connection has its different set of certificates
13:21
And what we do is we move the string from one to the other when the third participant joins and so on But there is no way for you as a user to realize this Yes, you can put the green lock, but that doesn't mean anything you need to If you're really concerned about this you need to look into the application
13:41
And you need to know that it's doing the right thing So that you don't blindly trust what's happening because right now all you can do is trust I can move the strings to a different peer connection and you don't know So does this mean that Everything is broken and there is no sort of way to solve it
14:01
Well, I think not the whole the whole point here was to say that Don't trust but verify and better yet run your own and The way we try to help here is by making it super easy I've been given demos where I'd set up a server from scratch in less than three minutes
14:21
And now we provide different ways to do this so we have pre-built Debian and Ubuntu packages You can install on your own machine We have a comprehensive docker setup which includes recording after pad for documents sharing all of it just by Flipping for switches in a config file and then everything just works
14:42
Now I know that the astute amongst you are probably thinking yes, I will should I trust your binaries though? That's a great question Maybe not so the manual install is also available You can always compile in all the packages yourselves and then you should be at peace hopefully
15:01
And last there is a very good ansible playbook by the freedom of press foundation on their github repo It hasn't been updated in a while. I looks like there might not be using it at this point But it will be a pretty good start for someone who wants to go in in that direction
15:21
and I like to finish by Showing you something very recently on the French radio Edward Snowden gave an interview. This is a screenshot from that interview So he was using Jitsi meat and he said I set up my own technical system for this call This was no doubt one of the proudest moments of my career because it's like this is exactly what we want
15:46
That people run their own because you don't need to trust and you can verify Thank you. And if my timing is right, we have time for a couple of questions, I think
16:07
So are there some questions questions I Didn't know that of is Snowden pretty impressive
16:23
Well, obviously you may not want to ask questions in public because So feel free to send me encrypted or plain text email, I'll take it all the same. Thank you. Okay. Thank you