We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

Jitsi: video conferencing for the privacy minded

00:00

Formal Metadata

Title
Jitsi: video conferencing for the privacy minded
Subtitle
Journalists, tinkerers, privacy concerned netizens, Jitsi may help you!
Title of Series
Number of Parts
490
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
Language

Content Metadata

Subject Area
Genre
Abstract
Jitsi is a set of Open Source projects which provide state-of-the-art videocconferencing capabilities. In this presentation we will explore the Jitsi ecosystem from a privacy minded point of view. Communicating privately via a public network (specially if we are using video) can be challenging. Jitsi provides the necessary tools to do so and we'll explore the seccurity model employed by our tools and how to setup a Jitsi instance with ease, while respecting your privacy.
33
35
Thumbnail
23:38
52
Thumbnail
30:38
53
Thumbnail
16:18
65
71
Thumbnail
14:24
72
Thumbnail
18:02
75
Thumbnail
19:35
101
Thumbnail
12:59
106
123
Thumbnail
25:58
146
Thumbnail
47:36
157
Thumbnail
51:32
166
172
Thumbnail
22:49
182
Thumbnail
25:44
186
Thumbnail
40:18
190
195
225
Thumbnail
23:41
273
281
284
Thumbnail
09:08
285
289
Thumbnail
26:03
290
297
Thumbnail
19:29
328
Thumbnail
24:11
379
Thumbnail
20:10
385
Thumbnail
28:37
393
Thumbnail
09:10
430
438
Information privacyLattice (order)PlanningProjective planeBitVideoconferencingSet (mathematics)Information privacyComputer animation
Mobile WebVideoconferencingTelecommunicationCartesian coordinate systemComputing platformQuicksortComputer animation
VideoconferencingNumberAngleMultiplication signDifferent (Kate Ryan album)Electronic mailing listQuicksortInformation privacyEndliche ModelltheorieVideoconferencingComputer animation
Integrated development environmentPhysical systemWeb browserInformationFingerprintSanitary sewerIP addressMobile appNeuroinformatikRevision controlMetadataVideoconferencingPhysical systemInformationVector spaceTrailPerspective (visual)RootUniform resource locatorWeb applicationWeb browserSurfaceServer (computing)Cartesian coordinate systemFingerprintQuicksortComputer configurationOperating systemData conversionComplex (psychology)MalwareThread (computing)Degree (graph theory)Integrated development environmentTouchscreenTelecommunicationFrame problemDevice driverComputer animation
QuicksortVideoconferencingIntegrated development environmentInformation securityChannel capacityInformation privacyPlanningTable (information)Computer animation
VideoconferencingOpen sourceComponent-based software engineeringAndroid (robot)GoogolWebsiteMobile appPolarization (waves)Service (economics)Android (robot)Server (computing)Point (geometry)TouchscreenConnectivity (graph theory)VideoconferencingOperating systemVirtual machineLattice (order)MereologyOpen sourceInstance (computer science)Cartesian coordinate systemCubeComputer animationLecture/Conference
RoundingMotion blurBeta functionDisk read-and-write headBeta functionUniform resource locatorSound effectPerfect groupSource codeComputer animation
Phase transitionModule (mathematics)CodeServer (computing)Student's t-testLattice (order)Projective planeSelf-organizationRow (database)Computer animation
Maxima and minimaReal numberTransportprotokollEncryptionWeb 2.0Data miningPeer-to-peer
Router (computing)Lattice (order)CASE <Informatik>CalculusIP addressServer (computing)Connected spaceCore dumpVideoconferencingHypermediaPlastikkarteBand matrixOpen setWordSystem callWeb browserPoint (geometry)Bridging (networking)Connectivity (graph theory)Mathematical optimizationComputer animation
Public key certificateCartesian coordinate systemServer (computing)Set (mathematics)String (computer science)Different (Kate Ryan album)Arithmetic meanGreen's functionConnected space
Formal verificationArithmetic meanQuicksortPoint (geometry)Computer animation
Configuration spaceDirection (geometry)Virtual machineComputer filePoint (geometry)Server (computing)Goodness of fitGraphics tabletDampingDemo (music)Row (database)Binary codeComputer animation
Multiplication signPhysical systemSystem callMoment (mathematics)Meeting/Interview
Point cloudFacebookOpen sourceComputer animation
Transcript: English(auto-generated)
Well, so after being here the entire day you still get a little bit more of me Today the plan is to talk about Privacy in the video conferencing Scenario, let's say my name is Saul and I've been working in the RTC industry for pretty much my entire career
Right now I'm working with the Jitsi project. The Jitsi project is a set of tools that Allow you to deploy a Comprehensive video platform have API's to video enable existing applications and mobile SDKs as well so you can
Video enable anything you sort of already built we believe that every communication should be private should be secure and It should be hassle-free and we strive to get there by building these tools and making them available
To people such as yourself. So thanks a lot for being here and listening to me tell you about all these stories Privacy is a very big topic these days is pretty much have it has been mentioned Throughout the day in a number of times already
But before I I sort of dive into it and actually I want to dive into it from a different angle First I want to discuss what are the threat models that affect video conferencing So after all a video conference is a very exposing activity
We are showing our camera to somebody else in the remote end And that has some implications that might be more severe than an audio only call. So we need to keep this in mind. So This does not aim to be a comprehensive list of all the threats that exist But I'm going to focus on some of them and then we're going to see
What we can do about them and how did she? Can help in this regard? So the first thread that we can face is pretty generic It doesn't necessarily only affect video conferencing with this having a compromised environment So sort of from the base of it if our operating system has been compromised
There's really not much we can do because It's at the root of it So from an apps perspective we're at the mercy of what already happened Imagine you have a rogue video camera driver that copies frames and sends them over to a remote server Our application wouldn't know this there's not much we can do but it is a threat that we need to consider
the browser Could be could be compromised browsers have a huge attack surface these days They are more complex than many operating systems were 20 years ago Let's say so. It's a it's a huge attack vector and we kind of we have to make sure we are up-to-date
And all these things to make sure that we are not a target And last we have our own web app our application could have been somehow injected with malicious code and then Our communications are compromised So these are the things that we we think of when we talk about having a compromised environment
The last two items here could be replaced by one which is using a mobile application In a way its complexity might be lower than a browser. So that is always an interesting option as well because
Typically, there has been a lot of involvement in securing mobile applications sandboxing and stuff So something to consider maybe not use a desktop application Another of the threats is user fingerprinting so first of all, what would be Potentially very severe is knowing the physical location of where we're talking with
maybe they are in jeopardy if this becomes known and So we need to make sure we either conceal that or are mindful about it Then it's user agent information kind of piggybacking to what they just said Yeah, it would if it's easy for somebody to get a grasp of what browser and what version of it they're running
Maybe there exists an exploit that can be used to then Infiltrate into that person's computer or maybe there's a zero day. We can buy in the black market Then nobody knows about for that version and then again we can compromise so limiting
All the exposure of all these metadata that is left around is something which we need to consider when we When we're about to have a video conference In a kind of harmful situation if you will and then of course, there's networking information
I'm pretty sure you have heard about Leaking IPs in WebRTC and how you could know the IP of your VPN and these and that so all of these In the end you always leave a certain trail of metadata wherever you are and Be having a video conference doesn't eliminate that so we need to consider all this information and we're leaving
And the most severe of them all is probably eavesdropping or grilled wiretapping That would mean that somebody somehow is listening into our conversation is looking at the video
We're looking this could be accomplished by having a Compromised environment be that the application be that the server But there is also to a certain degree a very more crude Shoulder surfing if you're having a conference in a public space somebody passes by looks at your screen see something
so What can we do about that? So the plan is can we help well? I'm here to try so plan is we cannot solve all the problems. So what we're going to try is To look at some solutions to some of these problems and maybe provide some advice
For the rest of them to try to have the most secure possible video conferences What we strive for is sort of you think about how PGP was called pretty good privacy Like literally that's what we aim for like pretty good privacy akin to
Meeting with these people you want to communicate with in a sort of private secluded environment around the table this is what we aim for but in an online capacity with all the challenges that it has so First and foremost common sense, which seems to be scarce these days sometimes, but let's try let's try to use it
So if we need to have a meeting which is you know critical and somebody would be in jeopardy if it's known where they are Maybe we shouldn't have it in the first place or maybe not there and go to a more private place While you know, I'm a video conference user of every day
Maybe not all meetings need video if shoulder surfing is a concern You can use a screen polarizer or you just mute the damn video and then nobody will see where the other person is This may sound super common sense. I realize that but I thought we have to say it and then
The hardest of them all which is try to ensure that your equipment hasn't been compromised There are some interesting articles in the freedom of press Website on how to run for instance cube OS which is an operating system Where each application runs in like a tiny virtual machine thus
Limiting the exposure of if you have compromised part of it. At least the rest is not compromised and so on so There are things that can be done in that regard. It's not necessarily an impossible problem to solve now on a more concrete fashion how Can we help so I think the major way in which we help solve these problems is by being
All-in when it comes to open source all the GT meat components are open source All the server components are open source on the mobile apps are open source the Android app can be built without any Google services Enabled this is the build that is available today on fdroid
and we made it so it's easy to self host so You know, you can choose to trust me because I'm here today, but that's irrelevant because you can verify And that's the whole point trust less and verify more and everything. You can find it right there and
Feel free to start poking Now some little gadgets to help with other things one of the things I mentioned is Concealing the location of a user. So we recently introduced in beta background blur Which is not only a way that it looks cool because we have this bokeh effect around your head
So we use tensorflow to do face detection on the browser and blur the background And the idea here is that the background is harder to distinguish So if there are specific aspects that would allow somebody to know where somebody else is
This would be a way to help you conceal that it is by no means perfect And there are some performance implications because tensorflow is expensive But we're working on it and it's getting there is getting to becoming something useful that can be done Now we have
Something else in the in the planning phase. We we have applied to be a Google summer of code organization Again, we have done this for a few years and one of the projects we have We want to do with a student is voice obfuscation so the idea is to introduce a module in Jitsi meat that allows us to
Sorry Modulate your voice before it's sent to the server and this way we could use it To conceal who you are and this should give us plausible Deniability like if there is an unauthorized recording of a meeting this should allow you to say that's not me
Because that's not my voice now Some of you might be thinking Well, yes, I will but I heard end-to-end encryption is cool and solves all the problems Let's take a look So you start reading about you know, WebRTC literature online probably saw and it has been mentioned even here
Web RTC is peer-to-peer and WebRTC has built-in encryption with SRTP DTLS and This means there is no way to do mine in the middle and because it's peer-to-peer and it's encrypted It's end-to-end encrypted. And thus we have no problem, right? I
Want to show you a video? So here this is me having a meeting with myself As it happens obviously and then my other self joins in third participant and now We're gonna see some IP address there. That's the IP address of the remote endpoint where my media is flowing
Now one of the participants leaves we keep looking at the IP address of the remote endpoint and At one point that thing has changed and it's now flowing into a different place
What happened here so In Jitsi meet we one of the core components of our infrastructure is the Jitsi video bridge This is our advanced video router that allows us to do Smart video routing to use your bandwidth in an efficient way to hold and scale our conferences
Now this also means that our server technically has access to your medium Ha big whoop. You didn't notice did you so you have to sort of take my word for it or verify now we do have a An optimization which is in the one-to-one case
We can actually bypass the server because we don't need all the advanced functionality So you establish a one-to-one call directly and that is technically Yes, it sent when encrypted but actually that's not the point because did you see any consent window? Did you see the browser telling you that your media is now going elsewhere?
No, so it doesn't matter that they sent to an encrypted because I sent it elsewhere and you didn't know And how would you know well if you open WebRTC internals you would see that we open two peer connections one is direct the other one goes via the server and Each connection has its different set of certificates
And what we do is we move the string from one to the other when the third participant joins and so on But there is no way for you as a user to realize this Yes, you can put the green lock, but that doesn't mean anything you need to If you're really concerned about this you need to look into the application
And you need to know that it's doing the right thing So that you don't blindly trust what's happening because right now all you can do is trust I can move the strings to a different peer connection and you don't know So does this mean that Everything is broken and there is no sort of way to solve it
Well, I think not the whole the whole point here was to say that Don't trust but verify and better yet run your own and The way we try to help here is by making it super easy I've been given demos where I'd set up a server from scratch in less than three minutes
And now we provide different ways to do this so we have pre-built Debian and Ubuntu packages You can install on your own machine We have a comprehensive docker setup which includes recording after pad for documents sharing all of it just by Flipping for switches in a config file and then everything just works
Now I know that the astute amongst you are probably thinking yes, I will should I trust your binaries though? That's a great question Maybe not so the manual install is also available You can always compile in all the packages yourselves and then you should be at peace hopefully
And last there is a very good ansible playbook by the freedom of press foundation on their github repo It hasn't been updated in a while. I looks like there might not be using it at this point But it will be a pretty good start for someone who wants to go in in that direction
and I like to finish by Showing you something very recently on the French radio Edward Snowden gave an interview. This is a screenshot from that interview So he was using Jitsi meat and he said I set up my own technical system for this call This was no doubt one of the proudest moments of my career because it's like this is exactly what we want
That people run their own because you don't need to trust and you can verify Thank you. And if my timing is right, we have time for a couple of questions, I think
So are there some questions questions I Didn't know that of is Snowden pretty impressive
Well, obviously you may not want to ask questions in public because So feel free to send me encrypted or plain text email, I'll take it all the same. Thank you. Okay. Thank you