BBBsecureChat
Add E2EE instant messaging to Big Blue Button meetings
BigBlueButton is a video conferencing framework built on open source components. It is being used worldwide for education, events and training, and gained a lot of usage during the Covid-19 pandemic. Whilst audio and video are being handled by scalable components (notably Freeswitch and Kurento), the chat currently integrated in BBB is a single node.js thread for all conferences. This causes performance problems if used heavily in conferences, and lacks features such as E2EE and emoji support. In this project we will be trying to create an alternative chat service component based on mature open source solutions which have a richer feature set and offer end-to-end encryption. Some of the challenges are: respecting privacy in recordings, allowing chats 1:1 and in break-out rooms, automatic exchange of encryption keys, authentication, SingleSignOn and handling file exchange among chat users. We will be testing the enhanced chat with selected BBB users and will offer the result to the BBB developer and user community.
- The project's own website: https://fairkom.eu
Why does this actually matter to end users?
One of the things people enjoy the most about the internet, is that it enables them to talk to others remotely almost without limit. Internet allows anyone to keep closely connected with friends and family, and help their kids solve a math problem while they are at work. People collaborate with their colleagues from the couch of their living room, the cafe where they enjoy lunch or on their cell phone on the bus to the gym. Businesses can easily service their customers where this is most convenient to them, without having to travel themselves. This is so convenient, that some businesses have already moved entirely online. Internet communication has become the nerve center of whole neighbourhoods, where people watch over the possessions of their neighbours while these are away for work or leisure.
However, users have a hard time to understand how privacy is impacted if they use the wrong technology. Because internet works almost everywhere, the natural privacy protection of the walls of a house, a school or an office is gone. Unlike the traditional phone companies, many of the large technology providers run their business not on delivering an honest service but on secretly eavesdropping on their users and selling information to others. It is mostly not about what you say, so it is relatively easy for providers to allow some form of privacy by encrypting messages. The more interesting parts are who talks to whom, when, and where they are in the real world while they meet on the internet. if you want to be reachable across the internet, you have to constantly let the communication provider follow you wherever you go. This makes the private and professional lives of citizens an open book to companies that with the help of AI and other technologies make billions from selling 'hidden data' normal people are completely unaware of even exists. And of course in societies that are not so democratic, this type of information is critical to bring down opposition and stifle human rights.
Users assume the confidentiality and privacy when they communicate, and they are morally justified to do so. There is nothing natural or final about internet communication providers having access to all this very personal information - or going down the dark path of selling data about customers. The cost of this in terms of internet usage and computer power needed is actually negligible, and so all it takes it the availability of open alternatives that people can use. BigBlueButton is a popular and widely used tool for videoconferencing and in particular virtual education, with features like whiteboard annotation, breakout rooms and shared polling and notes. Like other projects, this is an initiative to make the chat where links, suggestions and sometimes sensitive data are shared, end-to-end encrypted. This will make BigBlueButton a more secure and private alternative to videoconferencing tools that require you to hand over your personal information and data.
Run by fairkom
This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.