To the devs of jitsi and Co

Ok, do not get me wrong I’m not ranting or being rude or sarcastic.
It seems that my posts are ignored for some reason and I think I know why its because there is no answer to my questions and it feels like I’m talking to myself.
For such a great project/community, I do not see much going on?
As I have said before I am an expert on making chat clients and have been doing so since yahoo chat shut down in 2007 so I know great smile methods to stop hacking and trolling witch trust me is already a massive problem.

The first thing on any devs mind when making a chat client is security first and it seems to be totally missed on jitsi not unless I’m missing something out that I don’t know about but a little shield is not going to cut it in the rooms.

I could give you a number of ways to protect the rooms but the simplest way is a text doc in the admin page which does not have much on it, A whitelist it is like a firewall for the room.

Passwords are such an old way of protection and you have to remember the public are not smart on computers so a whitelist is the best way inside or and a password.

if I get a reply from this ill be amazed lol but the most important thing is being totally missed and could even be the downfall of this client.

Just add a lot more admin options server side and user side and you will make it.
starting with a simple whitelist watch is about 6 lines of code.

when the user is kicked he can not see the room to change the password, for example, same way as if blocked on Facebook.

Make a good control panel with great security options and you will go far but if this keeps being ignored it will be taken over by someone else, I have seen it happen so many times over the years.

Many thanks for reading this and let us try and push this topic to the top.
Regards
Anton

Hi and welcome.

Jitsi meet is not a chat client but a distributed platform for video conferencing. It is designed so the system has a state about rooms only till those exist, once the room has no occupants it does not exist anymore. The reason for that is that it is distributed and creating the room second time you can land on a completely different signaling node.

The right way for this would be to enable jwt and create jwt tokens per room and have a centralized service managing the rooms, with its state and allowing authenticated users and particular rooms. Probably there are other ways of limiting the number of rooms and controlling them, and that greatly depends on how you run your deployment and the tools you have.

In a system where you run hundreds of nodes and having thousands of rooms every minute approach with writing in text file does not scale.

What is the problem you are trying to solve?

1 Like

Many thanks for replying

I know it is not a chat client you know what I mean and I have made a few WebRTC clients before so I know a bit about it.

The problem I am trying to solve is Trolling hacking rooms and changing passwords on the owners, vulnerabilities of the room.

Ive been reading lots of peoples posts and sadly I have seen a few leave because of trollers messing up the room and playing porn, take a look on youtube you will see its gaining a trend.

A whitelist would solve problems that I have stated.

Regards
Anton

And what do you want to whitelist?

We have seen and we recommend to users that is here: https://jitsi.org/security/ to use strong room names and we are showing a warning when this is not the case.
And we are currently working on few more options that will help, like the Lobby Room or the option to have a single moderator in the room.

If you had a simple and I say all the time because it is simple to implement into the admin panel
Whitelist the people’s user ids chosen for the room and it’s impossible to get in and a lot easier to understand for the owner of the room. I have been there and done it with all types of ways to secure a room and the way jitsi are doing it. People have to be told what to do for the best security and people just want a simple method including your methods as well, it’s just a text doc coded into the admin panel and to add one more layer you could have it so if someone is not on the whitelist or kick/banned then they can’t see the room just like when you get blocked on other apps or Facebook or they will keep coming back and troll the room. encrypt the passwords to hashes like bitcoin. I could go on with a lot more ways. You could also have a Moderator list like a white list and only the room owner can ban but the mods can kick and once there out the room they can not see it anymore. Just copy the other apps because passwords are easy to crack and it only takes trollers to get hold of a good python script and there in because it is on Linux. It is so easy to code these security methods and all automated.
I have already said some of this to 8x8 but no reply and that makes me think they’re slacking.

I saw a post in this section of a teacher trying to teach her kids on Jisti and she was badly trolled to the point where her last words were ( I give up) it was so sad to read on here.

There is no right-click on users and the admin panel is nearly empty with little options, so there is so much room to put options for the owner.
For the owner of the server it’s self they should have the choice to be invisible so they can go through the rooms to make sure all is well. I guess they call it black hat turned whitehat :wink:

Sorry if I sound like I’m ranting a bit lol
I am about to use this software myself and being a security-minded guy I look for vulnerabilities in software I’m going to use and pay a lot of money for.

When I was younger I used to be a hacker/troller but now I know most of the ways to stop it now.

All I want is the best for this project so thanks for replying, Yay I got a reply lol

Anyway many thanks
Anton

The thing with the administration is possible and the tools are there everyone can implement it based on its needs.
That just does not work for anonymous and stateless environment like meet.jit.si.

Yes, we are adding stuff that will greatly improve experience there as I mentioned earlier.

I have my 8x8 hat on, and on an environment where there is authentication, where a moderator can be authenticated you have more freedom to add stuff similar to what you suggest. And we are already working on such features.

1 Like

That’s fantastic news and I hope I might of put a little light on the subject :wink:
Looking forward to using Jitsi as it won’t be long now.

Many thanks for your information and replies they are great.
If you need any ideas just let me know :wink:

ill leave this to the pro’s of Jitsi now to create a great project and I can’t wait to use it. Im getting it set up soon.

Many thanks
Keep safe and all the best to all the devs.

Regards Anton