Running Jitsi’s software in the cloud means you need to trust it in the same way you’d trust Zoom or other videoconferencing tools like Microsoft Teams or BlueJeans, which was just acquired by Verizon. But Ivov says there are other advantages to using products built on open source.
The fact that anyone can modify and share Jitsi’s code means that others can build the tool into their software. WeSchool did that. So did open-source chat software service Riot, which uses Jitsi for its video chat component. Ivov says 8×8 benefits from these sorts of projects because they test how Jitsi’s code performs on different devices and in different environments. That helps the core Jitsi development team improve the software for both open-source users and paid 8×8 customers.
Many customers have no problem trusting 8×8 to host their videoconferences. But Ivov thinks his team has found a way that others can use 8×8’s service without having to trust the company not to snoop on their conversations.
One concern raised about Zoom in recent weeks is that the company advertised its service as “end-to-end encrypted,” which would mean Zoom couldn’t decrypt the communications flowing through its servers even if it wanted to. Then, it emerged that the company has access to decryption keys; Zoom now generally advertises its service as using “encryption” instead of “end-to-end encryption.” A Zoom spokesperson says the company plans to add end-to-end encryption in the future.
Few companies offer true end-to-end encrypted videoconferencing; Apple’s FaceTime service is one example. That’s because it’s fairly hard to do, according to Ivov.
Jitsi offers end-to-end encryption for one-to-one calls, which the software can establish directly between two devices. But things get more complicated for larger conversations. Directly connecting all participants at the same time would use too much bandwidth and processing resources, he says. So most videoconferencing solutions use a centralized server to route video among attendees. When you’re talking to three other people through a centralized server, you send just one video stream, rather than three.
That means the server needs to decrypt the data it receives from each person before re-encrypting it and passing it to the other users. That gives the server access to the raw video content, which is why you need to trust whoever runs the central server.
The Jitsi team is working on a way to offer end-to-end encryption, even with a central server, thanks to a new feature of Google Chrome called “Insertable Streams,” which makes it possible to add an additional layer of encryption. It won’t be necessary for a Jitsi Meet or 8×8 Video Meeting server to decrypt both layers of video before forwarding it to others. That means that in the future you might not need to trust 8×8 with your encryption keys, because it won’t need them to do the work of routing video streams. And without those keys, someone snooping on the central server will only be able to see scrambled video.
More Great WIRED Stories