I am talking about this article: https://jitsi.org/news/security/
In that article there is a heading “Are my meetings encrypted? Is encryption end-to-end?”
But the problem is that the text does not answer the last question. Are they end-to-end encrypted or not? In which cases they are or are not? The answer to this question is not explicitly stated anywhere.
The article does say “In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers.”, but this absolute gibberish to the end user.
The same problem is with the text that describes the encryption scheme in JVB-mode. It should explicitly state something like this: “In JVB-mode, calls are not end-to-end encrypted due to technical limitations.”
Under the same heading it says
“Jitsi meetings can operate in 2 ways: peer-to-peer (P2P) or via the Jitsi Videobridge (JVB). This is transparent to the user.”
But this is not at all transparent to the user! I created a call and looked at the interface, menus and settings, but nowhere it was stated what was the current mode: P2P or JVB?
In the article it says “P2P mode is only used for 1-to-1 meetings”, but this statement does not rule out the possibility that JVB-mode might be used for 1-to-1 meetings. Also when I create a new meeting, it looks to me that it is in a group mode by default. User will start to think: “Well this obviously looks like it is in group mode, so I wonder how could I switch this to 1-to-1 mode so I could get better assurance of confidentiality? How can I switch between modes?”