Jitsi Meet abandons anonimity promise
reclaimthenet.orgThis was talked about before here: https://news.ycombinator.com/item?id=37316959
I assume this move, in essence, is meant to combat spam?
what went unsaid but very heavily implied in the Jitsi announcement was that it was (allegedly) CSAM and not mere spam.
I have proof of it being because of CSAM in as of late 8x8 rooms. Would you like me to post the links to the currently active rooms?
Stop with the allegedly it was a anonymous service that was reachable from onion. There is no question at all that there was CSAM shared over it. I don't care about the rest but all this "allegedly" shit in regards of CSAM gets on my nerves. I actually thought people here either work in bigger corps or have experience in running services themselves and would know about the real size of the CSAM problem. But I guess not, ignorance is bliss.
Also it's only their hosted for profit service. Use the fsf instance if you feel violated by a user account. https://jitsi.member.fsf.org/
I personally think it was likely/almost certainly the case. That doesn’t change the fact that without sufficient actual evidence it remains “allegedly.”
Well, the announcement talks about clear-cut ToS violations. Maybe it was about illegally streamed soccer matches - that's a bit of a plague as of late.
I mean, it could also be beheadings, revenge porn, doxxing, etc. Lots of clear-cut violations that are more serious than illegally streamed soccer matches.
But the true answer is probably "all of the above".
Not all porn is CSAM... Are we just assuming it's CSAM because non-CSAM would be on OnlyFans? Is there not an appeal for the anonymity and zero-cost Jitsi offered vs. OF-like services, for consenting adults?
I've never used OF but assumed they take a cut. Through Jitsi a performer could arrange for payment via crypto, protect their identity, and not pay a cut to any middle-men beyond the crypto fees. What am I missing?
Piracy is still the best way/our best chance to get rid of soccer and all the nothingness that it involves in terms of drama, gossip, etc
“allegedly” aside, is this the only way to tackle the CSAM problem? I get a whif of a false dilemma here but I’m not sure if I have a blindspot
is requiring Oauth from Facebook, Google or Github for hosts something meaningful, necessary or the obligation of Jitsi Meet to do at all
No, it isn't. Jitsi is free to offer a signup and run an LDAP directory of their own. They do not need to federate with FAANG.
If they still wish to do any sort of reporting or eavesdropping on content, something they claim to be specifically impossible, yet somehow they've unearthed, that is their perogative I suppose.
Personally, I think <insert law enforcement authority> of some sort has made rumblings or threats about them daring to run an uneavesdroppable open comms service, so once again, nice things cannot be had, and everyone is happy to torch the ability to low-frictionly connect between arbitrary people because of the CSAM boogeyman, which no evidence has been brought forth to assert the existence of. In fact, there's been no evidence brought forth that there is any sort of worthwhile reason other than "Jitsi wants in on monetizing user's contact meta info".
In every thread someone comes with "but is this the only way to tackle the problem?" Noone ever even makes a suggestion so I guess yes it's the only way.
that’s mentally negligent.
the only people that have to identify problems and solutions are founders that are grifting for capital or customers. and that’s sad.
the rest of rational actors can see a false dilemmas from afar without knowing what the third and fourth and fifth possibilities are.
in this case its pretty obvious that “privacy for hosts, or not via FAANG Oauth and an unaccountable change in the terms of service to further distance from privacy” is a false dilemma while also not preventing anonymous CSAM rooms on their service.
It's not mentally negligent, "is this the only solution?" is a weird standard that for some reason gets brought up in the specific instance but isn't something we apply to other problems.
Is MFA the only solution to the auth problem? No.
Is having a firewall the only way to prevent unauthorized traffic on your network? No.
Is docker the only solution to how to package software in containers? No
Is git the only DVCS? No.
Is git-flow the only way to manage branching and pull-requests? No.
Is Rust/Python/Javascript the only programming language? No.
Are relational databases the only way to persist important data? No.
etc etc etc...
We normally expect for difficult problems to have a variety of solutions with different tradeoffs and in particular, for really hard problems involving adaptive human adversaries, a lot of time we rely on applying multiple levels of "solution" in order to give us defense in depth and a chance to really crack a particular problem.
personally I think its weirder how CSAM (or a mere rumor of it in this case) gets people to not question anything
when without that rumor the criticism of the change would be criticism
“is this the only solution” is actually just me being diplomatic on a topic people are emotional about, as its clearly not the only solution, but even that is met with deflection
maybe thats the reason this “weird standard” is only noticed on CSAM mitigation discussions, because people know they cant be frank to you
So you are basically saying my way or the highway without even offering a option at all. So your "diplomatic" is just another way of saying "I don't give a shit and please stfu". Why would you inject yourself in a discussion if you don't really want to participate? Yikes.
That’s not my position at all
Its “is this the least worst solution, or the most best, and why?”
if you cant engage you have the same choice
It’s only a false dilemma if there’s a third, etc. possibility. You can’t just assume that every problem has a magical happy solution that requires no tradeoffs.
I agree, so here are several
3. the same signup requirements for the participants instead of just the host
4. phone number verification for the host and participants
5. a credit card for the host and participants
6. some kind of deposit for the host and participants
7. discriminating against Tor users
8. including Apple ID in the list of auth services
9. it actually not being Jitsi Meet's obligation at all and authorities continue to prosecute the criminal action of the participants by doing actual investigations
10. ...
How is 3-8 a better solution, rather than merely different?
It seems like your actual opinion is #9, but that's not actually a solution they can implement.
Its just a random assortment of possibilities to demonstrate that Jitsi’s is a false dilemma
people pretending that the only people that can question one solution must also be the person to have the other solution
I personally have no issue with having to log-in to use the hosted Jitsi and have it store that I created a room. That's a small price to pay for the longevity of the service.
If logging in is an issue, you're still able to selfhost Jitsi just fine.
Edit: this article feels like blogspam to me. https://jitsi.org/blog/authentication-on-meet-jit-si/ is the source the article refers to.
What about having to log in with a Google/Facebook/MS account as opposed to a Jitsi account?
ON THE PUBLIC JITSI-MEET DEMO SERVER https://meet.jit.si/!
Selfhost jitsi-meet!
It isn't rocket science: https://jitsi.github.io/handbook/docs/devops-guide/devops-gu...
Even easier with docker/docker-compose
https://jitsi.github.io/handbook/docs/devops-guide/devops-gu...
Making a separate account on Jitsi would have been fine, but they only allow use of existing centralized account systems from github (microsoft), facebook, or google.
That's Not Good(tm).
Good thing Self-hosting still works I guess. Will have to set it up.
Managing a public authentication service requires ongoing maintenance and monitoring costs. While they could pay a third party to manage it for them, this is a reasonable decision for them to keep costs low.
It doesn’t sound like Jitsi is sending Facebook and Microsoft transcriptions of your meetings so I don’t see why this is a big concern for a free service.
It requires you to have a Microsoft/Facebook/Google account in the first place.
Google/microsoft authentication is a platform risk and is basically saying those third parties own all your users. It can and does backfire all the time.
Self hosting isn’t exactly anonymous either.
Anonymity is in the eyes of the beholder. In this case, self-hosting might make your interactions "anonymous" in the eyes of Google, Microsoft, or Meta, even if it doesn't make you anonymous to whatever platform you use to host the software.
Maybe it is just my mood, but this blog's full screen newsletter subscription banner on mobile is much more infuriating than whatever Jitsi did (screenshot: https://imgur.com/a/fSEyZ8x)
"Other Site Abandons Anonymity" says website which puts large "Sign Up" prompts on first-use and below every article.
Slightly hypocritical reclaimthenet
That's what happen when awful people abuse nice things.
Those bad actors and privacy-conscious people (both entirely distinct group, just in case it looks like I'm putting those two in the same category..) can still self-host their own Jitsi Meet server if they want to.
Most such tools can no longer afford their stance once adoption passes a threshold.
Why that might be is often revealed on techdirt:
- https://www.techdirt.com/edition/freespeech/
For other reasons, see also:
- https://mattfrisbie.substack.com/p/the-ugly-business-of-mone...
people keep mixing the service and the software it seems.
Could a mod fix the spelling, please?
Isn't webrtc leaking the IPs of call participants anyways, regardless of which service?
If you are going through Jitsi (a SFU) all your media goes through them.
If you are doing P2P then you will be able to get the remote's IP address.