Explain jitsi meet appimage end to end encryption?

I have not tested the appimage. In security options, there is an end
to end encryption option. If I start meet.jit.si in firefox 94,
there is no such option. meet.jit.si does not support end to end encryption? Which encryption
does meet.jit.si support about audio, video and text? Thanks.

End-to-end encryption is still not supported on Firefox, you can try it in any chromium-browser.
More info: 1631263 - Support RTCRtpScriptTransform (formerly webrtc insertable streams)

then on

the text End-to-End encryption
is misleading. Instead it should say, only on chromium is end to end encryption
available. I only got aware of the inaccuracy about the meet.jit.si
end to end encryption statement, because I ran through the menus
of jitsi meet appimage. Which has an end to end encryption option. Before
that I was under the impression, if a browser is able to run meet.jit.si then the session is
end to end encrypted. It is untenable if people think their communication
is end to end encrypted and in fact it is not. The text on https://meet.jit.si/ should get
altered accordingly.

So, which part of this poignant warning did you miss?

You clearly started the conversation with reference to the Electron app. The app is based on Chrome. And as you’ve read, it supports E2EE. In the same vein, in testing a meeting with Firefox, you noticed that the E2EE option is missing. Firefox does not currently support insertable streams. More importantly, it states boldly that the feature is still “EXPERIMENTAL”. There’s more than sufficient information already, so it’s unclear where your angst is coming from.

which part of this poignant warning did you miss?

You have not understood what initiated my starting post. I only recently
became aware of the jitsi meet appimage. Before that I already knew about
https://meet.jit.si.
Let us say a person has gotten aware of https://meet.jit.si.
He calls the https://meet.jit.si. website from a non chromium or chrome browser.
I mention chrome assuming the chrome browser also supports end to end
encryption. The person gets to read, that “End-to-End encryption” is supported. He know has
a just expectation, that anytime he runs a meet.jit.si session it will be end
to end encrypted. That was the impression I got about meet.jit.si. But that is not so. In fact I now have learned, that only certain browsers support end to end encryption. My starting post came
about, because I started jitsi meet appimage. Going through the menus, I discovered a
setting about enabling end to end encryption. Why would that option be there? I thought
a https://meet.jit.si. session would always be end to end encrypted. The phrasing on
https://meet.jit.si.
is misleading. Instead it should say something like, running a meet.jit.si session by default
is not end to end encrypted. If all parties in a meet.jit.si session use chromium,
chrome or jitsi meet appimage they can enable end to end encryption in security options. That
is how you properly inform people.
But starting a meet.jit.si session a message should display, saying
this meet.jit.si session is not end to end encrypted. If available go to security options for enabling
end to end encryption.

No, the process flow cannot work that way. End to End Encryption is something you activate and it needs to be a conscious activation (not just by default) because activating it means some other services will be disabled. If a browser doesn’t support E2EE, the option doesn’t even show up at all (as you’ve noticed in Firefox). P2P (two-party) calls are encrypted by default, no need to turn on E2EE, but once you add a 3rd party to the call, then the bridge needs to relay media. In order to make sure the bridge while relaying media does not provide a potential access point for capturing any of the media, you activate E2EE. That’s how it works.

It’s almost like saying because recording is supported, all meetings should be automatically recorded. No, there’s a conscious request and action by the parties in the meeting to activate recording. If a feature is not available due to specific browser constraints, making sure the trigger button for the feature does not show up is best practice.

There are many messages that people think should come up whenever they start a Jitsi meeting. If you read through the posts on the forum, you’ll find a number of them. It is absolutely impossible, impractical and awful design strategy to try to include any and every message.

1 Like

@a111 if you are worried that meetings on meet.jit.si are not secure, that is not true, everything is encrypted and secure. E2EE is an extra layer of security. More information you can find on Jitsi Meet Security & Privacy | Jitsi

apparently I am not able to phrase my sentences such, that
you do not misunderstand what I am writing. I do not suggest
end to end encryption should be the default encryption. I ask meet.jit.si officials
to improve how they inform people about how encryption is done
on https://meet.jit.si

impossible, impractical and awful design strategy to try to include any and every message.

I think you are right about that. The question is, if the matter of end to
end encryption is so important, that a notice would be in place?

reading your post and the Does Jitsi support end-to-end encryption? paragraph, confirms my
notion that this is a matter of improving how https://meet.jit.si informs people about
how meet.jit.si encryption works. Much would be gained, if instead of saying End-to-End encryption on
the website, it would say:
Communication is encrypted. Please inform yourself on how encryption works on this link. The link
would then direct people to the Does Jitsi support end-to-end encryption? paragraph. The
phrase End-to-End encryption is inaccurate and not comprehensive.