[jitsi-users] Jitsi-Meet: Question Regarding Tracker Origins


#1

VWhen evaluating Jitsi-Meet, I noticed a number of third-party requests
being made from the browser. I am grateful to find they seem to be
disabled when the "disableThirdPartyRequests" option is set, introduced
in PR #427 [1].

When looking at the changes that introduced the third-party requests, I
saw that commit 1c2a1ebb shows the Google analytics tracker code added
[2]. The author is shown as "root <root@lambada.jitsi.net>", and the
title is given as "Specifies css versions." This change has nothing to
do with CSS, and in fact only adds the tracker snippet and nothing else.

Who added the snippet? And why does the commit title not match the
contents of the change?

If I may ask a more general question, what claims do the Jitsi authors
make regarding the security and privacy of Jitsi-Meet?

Steffen Prince

[1] https://github.com/jitsi/jitsi-meet/pull/427
[2]
https://github.com/jitsi/jitsi-meet/commit/1c2a1ebb905d8fc1070b0285c4ad733115a94cb5.patch


#2

Hi,

VWhen evaluating Jitsi-Meet, I noticed a number of third-party requests
being made from the browser. I am grateful to find they seem to be
disabled when the "disableThirdPartyRequests" option is set, introduced
in PR #427 [1].

Yes this should disable all external requests.

When looking at the changes that introduced the third-party requests, I
saw that commit 1c2a1ebb shows the Google analytics tracker code added
[2]. The author is shown as "root <root@lambada.jitsi.net>", and the
title is given as "Specifies css versions." This change has nothing to
do with CSS, and in fact only adds the tracker snippet and nothing else.

Who added the snippet? And why does the commit title not match the
contents of the change?

I see this commit, and it is in the days jitsi-meet was born. After
that I personally had touched a few times analytics.js file which is
the file that holds the google analytics part currently.
You can change it yourself or also there is a property that you can
set in config.js that can point to some custom analytics
implementation (analyticsScriptUrl).

If I may ask a more general question, what claims do the Jitsi authors
make regarding the security and privacy of Jitsi-Meet?

That's quite a broad question. Could you please tighten the scope a little bit?

Regards
damencho

ยทยทยท

On Mon, Aug 22, 2016 at 7:10 PM, Steffen Prince <steffen@sprin.io> wrote:

Steffen Prince

[1] https://github.com/jitsi/jitsi-meet/pull/427
[2]
https://github.com/jitsi/jitsi-meet/commit/1c2a1ebb905d8fc1070b0285c4ad733115a94cb5.patch

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users