Privacy-aware video conferencing

Why avoid Zoom?

Zoom has had a litany of privacy and security problems. People far more esteemed than me have detailed them, so I’ll only post a short summary:

Privacy:

  • Sharing large volumes of personal data with Facebook - Link
  • By default the app reports to the host whether you are “paying attention” - Link
  • Links you to your LinkedIn profile and allows other users to secretly mine this - Link
  • “Private” messages between individuals in a group chat are visible to the meeting host - Link

Security:

  • Lying about using “end-to-end” encryption - Link
  • Lying about the strength of encryption key used - Link
  • Covertly installing a webserver on your Mac which (as an accidental byproduct) left you exposed to being DoSd (this has since been fixed) - Link
  • Leaking Windows’ user credentials - Link

Houseparty?

They seem worse than Zoom - to quote their Privacy policy (emphasis mine):

You agree that Life on Air [Houseparty’s creator] is free to use the content of any communications submitted by you via the Services, including any ideas, inventions, concepts, techniques, or know-how disclosed therein, for any purpose including developing, manufacturing, and/or marketing goods or Services

Life on Air is owned by Epic Games, who have an awful privacy record, literally refusing to list the companies it shares data with, and specifically reserving the right to use it to profile you - Link

Security-wise, the discussions about Houseparty “hacking” your other accounts seem false. What probably happened is people reused the same password across many services (Houseparty, Spotify, Snapchat etc.); someone got a hold of some username/password combinations and tried it in many different places - Link

A great alternative - Jitsi Meet

I’ve been looking into an alternative to use with my family and friends, and stumbled across Jitsi Meet, an open source video-conferencing solution that offers a free hosted version, and the option to deploy your own server(s) for even more privacy and control.

I’ve had a play with the free one and the video quality looks great, and their privacy and security policies are both clearly written and user-friendly.

To start using it, on your mobile install the Android or iPhone clients, or on your computer just navigate to https://meet.jit.si/.

Set up a meeting with a room name (make it long to avoid ending up with one currently in use by other people - I’d just use the weird default ones provided) and click “GO”. Once you’re in the meeting, make sure you set up a password so random people can’t join, and you’re set!

Once (if) I’ve had a play with deploying my own server(s), I’ll write up how to link the clients to them.