Persisted User Information

Hi folks,

thanks for developing and running all those open Jitsi instances. I was able to implement the integration of meet.jit.si via iFrame within minutes. Great!

As we just found out Jitsi persists the userInfo set from our internal application and reuses them in any other calls made on meet.jit.si. Example: My software sets the avatar of the user when starting a call. Now this user is in a business meeting at work using Jitsi and the others will see his private avatar from my software. This seems contradictinal to the privacy statements made on https://jitsi.org/security

Any information they choose to enter, such as their name or email address is purely optional and is only shared with other meeting participants. We do not retain this information after the meeting.

While this may be technically be true (the data is persisted by the user itself in its localStorage) the effect is nevertheless an unintentional sharing of user information on future calls. This problem becomes even more severe taking into account that the user itself seems to have not the possibility of removing his Avatar by himself.

I hope I just missed something and you guys can correct me. Nevertheless at least the documentation should be more clear about the side effects what happens when calling api.executeCommand('avatarUrl'', url).

Thank you!

Stephan