Obfuscate jitsi

I would like to obfuscate Jitsi, is this possible?

Thanks in advance

What do you mean?
If you install on your own server, the code is available to you. You can play around with it and see what works. Code obfuscation can be a bit tricky though.

Yes the server is mine, not on server-side, I mean on client-side only (on browser).

If you want help, you have to provide more details as to what you want to obfuscate…more details…as many details as you can…

For example I would like to obfuscate those files:
/usr/share/jitsi-meet-web-config/index.html (JS parts only)
/usr/share/jitsi-meet-web-config/config.js
/usr/share/jitsi-meet/interface_config.js

and actually as many Javascript (*.js) files I can, in order to hide my configuration (for extra security).

Any ideas? Tools? Tutorials about it? Or, just about Jitsi security?

Personally, I don’t think security via obscurity is going to get you very far. As soon as someone catches on that you’re using Jitsi, all the source is open and available and this defeats the purpose of you obsuring your local copy.

As with any open source project, security comes from a well designed product that is inherently secure, and many eyes to identify gaps. From what I can tell, jitsi does well on this front.

These files should never contain any sensitive information – if this every contains compromising info, then either you’ve done it wrong or there is a fundamental flaw in the product that should be fixed rather than hidden under the carpet .

If you do choose to go ahead with obfuscating these, note that these files are loaded separately from the main bundle so any obfuscation attempts which renames the vars would make the config unreadable by the main app and unusable. Which means you’ll need to change the main app
so that the config files are embedded with and minified along with the app bundle, track down how the config vars are loaded and referenced to make sure these still work after obfuscation.

Also note that these config vars are referenced by name from the state object, so I suspect this won’t be as easy as simply bundling the config files along the main app and running an uglify tool since those indirect references may not be detected.

In short, this is non-trivial and of questionable benefits.

1 Like