Lobby easily bypassed by arriving early

I might be missing something, but it seems that anyone who visits the meeting URL before the moderator arrives is automatically admitted after the moderator authenticates. A room “bomber” would simply have to arrive early and wait for the moderator to log in.

Is there any way to alter that behavior?

Well, the way things work in Jitsi right now, you can’t enable the Lobby feature until you log in as an authenticated moderator if you’ve enabled secure domain (similar to setting a password only after you’ve actually created a room and logged in). So yes, anyone with the URL can enter the room before the moderator because Lobby wouldn’t be turned on yet. There’s been conversation around modifying this behavior, but this is what obtains for now.

I should’ve clarified that I’m using a secure domain, so anyone who arrives at the meeting URL must wait for a moderator to arrive and log in.

No, they can’t enter the room before the moderator, but they are automatically admitted immediately after the moderator authenticates and enters the room.

So if the moderator is “running late” and logs into the room just a couple minutes before (or after) the scheduled start time, then everyone who was waiting is just freely admitted. That doesn’t seem desirable and is not the behavior I’d expect.

I do understand that the lobby can’t be enabled until the room exists, but perhaps there should be a “start meeting” (or “open the doors”) feature that only moderators can invoke. Otherwise, the lobby is just trivial to bypass.

The concerns you’re stating have been highlighted and discussed on several threads. Many of us agree the Lobby implementation right now is not optimal. There are even bigger concerns than the one you’re honing in on right now, but I’m sharing with you how things work at the moment.

Yes, if you have secure domain, no one can get in before the moderator, but as you’ve observed, once the moderator gets in, then anyone waiting in the pool is automatically admitted. It’s like the password feature right now: if you enable the Lobby and issue a password, participants go straight into the meeting without needing to be admitted. The current behavior of the Lobby is not desirable in many ways.

Ok, thanks. I just wanted to make sure I wasn’t missing something.