I think people should be able to know what data is being collected and stored, what for, for how long and by whom. People who self-host should be able to provide this information, and ideally be given the option to limit the collection and storage of personal data to what is strictly necessary. Aside from what I think is the right thing to do in terms of privacy, self-hosters should also be able to comply with GDPR to avoid legal issues. My questions then boil down to the following:
What personal data is collected and stored, what for, for how long and by whom?
If personal data is collected and stored, can the maintainer of an instance limit, or completely disable this collection and storage, and if so, how?
Question 2 I would like to see answered in the documentation, so that it is clear for self-hosters what is in their power to protect the privacy of the people who use their instance.
Furthermore, I would like to point out that the text on the welcome page is misleading, as it tells people Jitsi Meet is ‘fully encrypted’, while except for a peer-to-peer session (which is never guaranteed), everything is decrypted on the server. The words ‘fully encrypted’ give people the false impression that their communication is end-to-end encrypted, just like in the case of meet.jit.si, ‘secure’ gives people the false impression their personal data is safe with you while in reality it’s being shared without consent.
I’m looking forward to see this addressed.