[jitsi-dev] Is Jitsi Meet end-to-end encrypted?


#1

Hello,

I give digital security trainings, and Jitsi Meet is a tool we always
recommend.

I've searched quite a bit at the documentation and couldn't find one
valuable information, though: is it end-to-end encrypted? I mean, are
the keys that encrypt the audio and video stored locally at the browser,
or is the server capable of listening / storing the conversation if
operated/took over by a malicious agent?

I think this information could be useful if put on the project's
repository -- the presence or absence of E2E encryption is getting more
and more important these days, and since "vanilla" Jitsi itself is E2E,
it would be valuable to clarify this point.

Thanks in advance and sorry if my websearch-fu did not work this time
and I'm wasting your time :frowning:

Kudos for such nice software!

···

--
Lucas Teixeira
https://antivigilancia.org
https://twitter.com/eletrorganico


#2

While the browsers does not store the keys and should be using DTLS-SRTP with ciphers supporting PFS, the video bridge is acting as peer and terminating encryption and can record your audio and video, as can any peer participating.

See https://www.youtube.com/watch?v=cmzERa0bk0Y for an excellent explanation of the topic.

···

Am 18.11.2015 um 10:14 schrieb Lucas Teixeira:

Hello,

I give digital security trainings, and Jitsi Meet is a tool we always
recommend.

I've searched quite a bit at the documentation and couldn't find one
valuable information, though: is it end-to-end encrypted? I mean, are
the keys that encrypt the audio and video stored locally at the browser,
or is the server capable of listening / storing the conversation if
operated/took over by a malicious agent?