Jitsi Meet Security & Privacy

In many respects Jitsi meetings are simply private by design. To begin with, all meeting rooms are ephemeral: they only exist while the meeting is actually taking place. They get created when the first participant joins and they are destroyed when the last one leaves. If someone joins the same room again, a brand new meeting is created with the same name and there is no connection to any previous meeting that might have been held with the same name.

This is all very important. Some of the systems that let people “pre-create” rooms, have subtle indications that let a potential attacker distinguish reserved from unreserved meetings which then makes the reserved meetings easier to identify and target.

That said, since a name is all that one needs to actually access a room, we have to be really careful about how we choose and advertise them. We don’t want others accidentally stumbling into our meetings, just as we want to keep pranksters and snoopers away.

One has to really keep in mind that the name of a meeting is sensitive and needs to be protected. You shouldn’t send it to anyone you do not want in your meeting. Advertising this name publicly, for example on social media, is something you should only ever do if you truly are comfortable with maximum exposure and the possibility of unwelcome visitors.

Then there’s the matter of choosing the name. If you start a meeting with the name “Test”, “Yoga” or “FamilyMeeting” for example, chances of having some random uninvited people joining are very, very high. How does one pick a good room name then? Jitsi random meeting name generator is a great start. It offers names that are easy to remember and read out loud on a phone call, and come from a set of over a trillion possible combinations. Picking out one of the auto-generated names is therefore quite safe.

Jitsi also give people the option to set a meeting password. A few important things to keep in mind: if you do set a password, it is your responsibility to communicate it to your peers.

More importantly, keep in mind that your password, just as chat and speaker stats, will be reset once the last person leaves the room. So you have to make sure that you set the password again, if you find yourself ending the meeting and then rejoining.

Jitsi support end-to-end encryption

You can turn on end-to-end encryption (e2ee) as long as you are using Jitsi Meet on a browser with support for insertable streams. Currently this means any browser based on Chromium 83 and above, including Microsoft Edge, Google Chrome, Brave and Opera. You may also use Jitsi Electron client, which supports it out of the box.

All you need to do is select the “End-to-end Encryption” option in the overflow menu and then make sure that all participants fill in the same pass word or phrase in the Key field.

Jitsi Meet offers very strong protection even if you don’t explicitly turn on e2ee. Here are more details:

Jitsi meetings in general operate in 2 ways: peer-to-peer (P2P) or via the Jitsi Videobridge (JVB). This is transparent to the user. P2P mode is only used for 1-to-1 meetings. In this case, audio and video are encrypted using DTLS-SRTP all the way from the sender to the receiver, even if they traverse network components like TURN servers.

In the case of multiparty meetings all audio and video traffic is still encrypted on the network (again, using DTLS-SRTP). This outer layer of DTLS-SRTP encryption is removed while packets are traversing Jitsi Videobridge; however they are never stored to any persistent storage and only live in memory while being routed to other participants in the meeting.

It is very important to note that when packets are also end-to-end encrypted, this second layer of encryption is never removed (nor can it be)

Since Jitsi is built on top of WebRTC, a deeper look into its security architecture is very important when evaluating Jitsi’s security aspects.

By default Jitsi Meet does not require users to create accounts. Any information they choose to enter, such as their name or email address is purely optional and is only shared with other meeting participants.  Jitsi do not retain this information after the meeting. Other pieces of data such as the chat, or speaker stats, for example, are stored for the duration of the meeting and then destroyed when it ends.

Recordings are a bit of an interesting case. They are kept on Jitsi servers until upload them to the place you indicated (currently Dropbox). If Jitsi haven’t managed to do that in 24 hours Jitsi still delete them and they are gone forever (so make sure you have enough space in your Dropbox folders

And Obviously many of these things can be customized by the configuration of the actual deployment…