[dougwbrunton]

At https://team.video instead of lying to you and saying we do end to end encryption, we tell you that we do point to point encryption: https://team.video/pages/security

This allows us to identify the active speaker, keep some statistics on who spoke in the meeting, and rely on mediasoup's fantastic media router ("e.g. hey, we missed a keyframe there, can you give one to me?")

(edit: omit needless words)

[dependenttypes]

Or... you can instead use a service with actual end-to-end encryption like Jitsi.

[dougwbrunton]

Yes!, at the cost of recording, speaker stats, and all participants having a pre-shared secret. Or you could use a peer to peer service that doesn't use a media router, if you have few enough participants.

Insertable streams are coming, along with e2ee through media routers. The Jitsi folks are doing great experiments there, and I'm happy they have taken the lead.

[dependenttypes]

> and all participants having a pre-shared secret

This is actually a good thing.

> at the cost of recording

You can use an external application. Inconvenient? Sure, but worth it for e2ee.

Bonus: Unlike your application Jitsi is foss and does not require a centralized account.

[dougwbrunton]

I think if I were in your shoes right now I might use a peer to peer video conferencing application that relies on tried and true p2p e2ee (or build one, it's not hard).

Insertable streams are new, and less proven.

An honest question, do you visit sites served by Cloudflare? Is point-to-point encryption okay for your use cases there, or do you have security concerns that require e2ee for your communications?

[dependenttypes]

> Is point-to-point encryption okay for your use cases there, or do you have security concerns that require e2ee for your communications?

I would actually be fine even with raw http for said sites.

[montroser]

How does zoom's implementation compare with the insertable stream approach that I think Jitsi were also talking about?

https://webrtchacks.com/true-end-to-end-encryption-with-webr...

[dougwbrunton]

I think the biggest difference is that Zoom's implementation will be opaque, and Jitsi (and mediasoup's, etc.) will not be.

https://webrtchacks.com/true-end-to-end-encryption-with-webr...

https://jitsi.org/blog/e2ee/

https://github.com/versatica/mediasoup/issues/383

[ex3ndr]

Aha, how did you built e2e? Is it working only in chrome with experimental flag enabled?

[kerkeslager]

The person you are responding to specifically says they didn't implement e2e.

[m3kw9]

So we should try your service just because you say you won’t lie? What do you think of this white paper anyway?

[dougwbrunton]

You should do whatever you want to do, you are your own human.

My biggest question about Zoom's implementation is, how can we trust it? They haven't proven themselves to be trustworthy, so it's a big ask for the world to believe their latest pitch.

[kerkeslager]

Compare:

1. Zoom: is actively lying right now, has lied in the past, and has had numerous security breaches which were easily avoidable.

2. Team.video: This Doug W. Brunton fellow may be lying, but at least is not currently taking an opportunity to lie, and seems to have a decent grasp of the tradeoffs involved in end-to-end versus point-to-point.

[m3kw9]

So we should use your service because you don't lie, correct?

[logie17]

I don't think he's trying to convince you he's not lying, but rather we should promote services that encourage transparency and open standards.

[kerkeslager]

Nope, I don't have a competing service.

Try again.

[m3kw9]

There are instances in every large corp in and out of the Nasdaq of lying, don't be a hypocrite.

[kerkeslager]

I have done my best throughout my career to tell the truth. If you can find an example where you think I've lied, I'd be happy to clarify. So no, I'm not a hypocrite.

You're literally taking a pro-lying stance right now. Is that really who you want to be?