Calls:

Send in your ideas. Deadline December 1st, 2020.

 

End-To-End Encryption for Jitsi Meet

[End-To-End Encryption for Jitsi Meet]

Jitsi Meet is an open-source video conferencing application that uses Jitsi Videobridge to provide high quality, secure and scalable video conferences. Traditionally, it used hop-by-hop encryption to secure the contents. The drawback of this is of course that the videobridge is able to view the unencrypted contents. With the advent of the WebRTC Insertable Streams API in Chrome it became possible to implement actual end-to-end encryption on top of WebRTC. This project will implement and verify a more complete solution that involve a key management system which establishes public keys, derives encryption keys and changes them depending on the state of the conference.

Why does this actually matter to end users?

One of the things people enjoy the most about the internet, is that it enables them to talk to others remotely almost without limit. Internet allows anyone to keep closely connected with friends and family, and help their kids solve a math problem while they are at work. People collaborate with their colleagues from the couch of their living room, the cafe where they enjoy lunch or on their cell phone on the bus to the gym. Businesses can easily service their customers where this is most convenient to them, without having to travel themselves. This is so convenient, that some businesses have already moved entirely online. Internet communication has become the nerve center of whole neighbourhoods, where people watch over the possessions of their neighbours while these are away for work or leisure.

However, users have a hard time to understand how privacy is impacted if they use the wrong technology. Because internet works almost everywhere, the natural privacy protection of the walls of a house, a school or an office is gone. Unlike the traditional phone companies, many of the large technology providers run their business not on delivering an honest service but on secretly eavesdropping on their users and selling information to others. It is mostly not about what you say, so it is relatively easy for providers to allow some form of privacy by encrypting messages. The more interesting parts are who talks to whom, when, and where they are in the real world while they meet on the internet. if you want to be reachable across the internet, you have to constantly let the communication provider follow you wherever you go. This makes the private and professional lives of citizens an open book to companies that with the help of AI and other technologies make billions from selling 'hidden data' normal people are completely unaware of even exists. And of course in societies that are not so democratic, this type of information is critical to bring down opposition and stifle human rights.

Users assume the confidentiality and privacy when they communicate, and they are morally justified to do so. There is nothing natural or final about internet communication providers having access to all this very personal information - or going down the dark path of selling data about customers. The cost of this in terms of internet usage and computer power needed is actually negligible, and so all it takes it the availability of open alternatives that people can use. Jitsi Meet is a popular alternative to proprietary videoconferencing solutions. Users can host Jitsi Meet on their own system or use a host they can trust. This project will provide additional security and privacy by completely encrypting your video conferences from end to end, leaving no chance for possible data leaks or spying third parties between users.

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.