so it would mean encryption/decryption of packages takes places on the computers of jitsi users locally, the server does not take part in encryption, is just there to route the traffic?
for text-messages: as long as you enable OTR encryption (padlock in
the chatwindow) AND!!! compare fingerprints with your partner over a
safe channel (best would be to meet in person) the server could just
record encrypted messages and wait untill quantum computers are ready.
why would it be best to meet in person is it not enough for the users to read the fingerprint to each other over jitsi at each call?
For jingle (voice/video): enable zrtp (the padlock-thingy, should do
that on its own) AND!! compare the letters/numbers and you are safe.
jingle is allways out of band (i.e. the data is routed as direct as
possible between you and your partner and (if possible) does not ever
touch the server) but if the server is manipulative it could make you
route your data over the server.
it would be very helpful when jitsi would make a chart like this: https://blog.crypto.cat/2013/06/cryptocat-who-has-your-metadata/
helpful to users who don't know the technical security terms
If you do not compare fingerprints/numbers&letters man in the middle
attacks would be possible.
fingerprints and numbers&letters is the same thing???
where can you see it in jitsi?