Invitation is encrypted and the entire video and audio streams are also encrypted (source: ), but only between client and server Jitsi does not provide E2E encryption, unless under certain circumstances and only as a by-product of an architecture designed to reduce server load (see ). Therefore some extra manual configuration is needed, (covered in the howto). The only issue is that in the default Jitsy deployment (quick install) prosody uses self-signed certificates, so XMPP clients may display error messages (or even refuse to connect). In this way, basic GDPR compliance can be achieved. However, since Prosody server is accessible independently from Jisti-meet, the solution is ask users to change their password through an external XMPP client, like Pidgin. Unfortunately, this is not GDPR-compliant, because “enabling users to set their password without the admin knowing it” is a basic and unavoidable security measure. In Jitsi official documentation, the suggested way to set user passwords is using prosodyctl command, that can be run only by the sysadmin. In any case, jitsi-meet provides a login form and profile settings where users can set their displayed name and email, but it does not provide any GUI to change user password, despite XMPP protocol API would allow it (as Jitsi can be integrated - and, well, it is mainly intended to be integrated - in larger applications which supply their own user management GUI). Prosody has a simple built-in authentication system (with passwords stored in plain text or hashed, depending on the module used) many other authentication services can be implemented through dedicated Prosody modules. User authentication may be added in various ways authentication control belongs into the XMPP server on which Jitsi relies/depends ( Prosody). In the default deployment authentication is disabled: whoever can open a new room and invite people room access may be protected by a single password by the moderator, but it is not mandatory by default rooms are opened to anyone. Besides, even if you redirect all the logs to /dev/null (which is not a security-wise practice, anyway), to operate the service you still process data relating to identified or identifiable natural persons. This is true as to conversation contents and participants’ names and email addresses shared during the conversation but it does not hold for browsing data and metadata, which are actually stored in webserver and Jitsi logs (registered and unregistered users’ accesses, connection data - IP address, browser type, pages – i.e. Jitsi developers claim that the default deployment does not store any personal information, because “everything stays on the client browsers” (source: ). This is their privacy notice General notes on architecture (only compliance-relevant aspects) ¶ Personal Data ¶ The company is 8x8, based in California, with subsidiaries in UK, Romania and Australia. Most of the active jitsi-meet maintainers are working for a company where we develop a video conferencing solution, is a free service, which the developers use to improve with every new version and monitor in order to spot problems and add new features. It is available as a free service provided by 8x8 at, but since it is FLOSS (Apache 2.0 License) anyone can self-host it it can be deployed in minutes even on small servers with no particular hardware requirements only good bandwidth is required. Jitsi is a videoconferencing platform (a web application that does not require to install any client software app or plugin). Take it as a starting point for discussion. It may contain inaccurate or incomplete information.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |