Hidden users and E2E

Hello

There are some noise coming out the Jitsi project about implementing E2E.
This could be seen as a mean of achieving the ‘do not trust the server’ goal.

However I see that many are using Jibri to record meetings, a software that connects as a hidden user. There are even people asking for the same rights to lurk as a regular user.

However, when using E2E, the goal is not to burn Cpu cycles, it is to not be lurked at.
If there is a hidden user on the server and that your software is sending ‘it’ the encryptions keys, you are not exactly in a great shape; it could be argued that you are even worse, much worse since you expect your communication to be confidential.

So IMO E2E for a video server is an interesting idea, but without first:

  • in the client there is a clear indication on the number of people to whom the client has sent the encryption keys, so that the user can compare it to the number of thumbnails can be seen on the screen in tile view (realistically if there are so many participants to the meeting that you can’t count the number of people on the screen there is no hope to keep the content secret anyway)

  • also the client can be downloaded and checked (built) on the user device with full control on updates. If the server sends the client as Javascript/wasm to a browser, you definitely can’t trust E2E on the server since you can’t seriously look at what you receive from the server in the browser console to decide if the client is booby trapped to keep secret the possibility of a hidden participant.

without these 2 preconditions, E2E is a gimmick, a marketing trick, not something people relying on it can trust. Are these ideas taken in account in the Jitsi plans ?

1 Like