Greg Troxel: > Hans-Christoph Steiner <[email protected]> writes: > >> With everyone needing video conferencing these days, there has been an >> explosion of public Jitsi Meet instances, which is great to see. In >> order to help people choose which one works for them, I have set up >> "jitsi-monitor", it runs once a day on all known public Jitsi Meet >> instances and gathers some basic data on them: >> >> * configuration including STUN servers, analytics, etc. >> * TLS settings and connection timing >> * TCP traceroute >> * what else? > > To me, the biggest question about a public Jitsi Meet instance would be > their privacy policy, as well as some hard-to-deal-with notion of > whether the community believes it. I understand why e2e crypto is too > hard for multiparty calls, particularly when there is no authentication > infrastructure, but because of plaintext at the bridge, the key question > is how the bridge handles that plaintext.
yes, it would be great to have all this info somewhere, but that's not the goal of this project. This is to gather meaningful info that can be gathered automatically. Then something can consume that data to make a nice representation to the user. > So I'd add to your list (all things that are hard to figure out, and > perhaps worthy of being on a json endpoint on each server): > > Does the server publically commit not to log any traffic contents? This thing already includes the "logging_config.js", but that's not the webserver config. > Where is the server located, in terms of legal jurisdiction? Using a WHOIS on the domain and an ASN lookup on the IP address, you could get a pretty good idea of the relevant legal jurisdictions. > How is the server hosted, in terms of bare metal in data center, VPS > in data center, or someplace else? IP ownership will cover a lot of these cases. E.g. if the IP is allocated to Hetzner, then its probably hosted there. > Does the server publically commit not to log any metadata? Or commit > to retain those logs for some limited time? > > Who is the operator of the server? > > Are random people welcome to use it? Limitations? These require a person to answer. .hc -- PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556 https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556 _______________________________________________ List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev To unsubscribe, email: [email protected]
