Show more

Prof. Dr. Roßnagel von der Uni Kassel hat sich Anfang der Woche mit der datenschutzrechtlichen Zulässigkeit von Zoom an Unis (und indirekt auch Schulen) beschäftigt und kommt zu einem recht eindeutigen Ergebnis: In jetziger Form unzulässig.

uni-kassel.de/einrichtung/inde

Hi Frank @Karlitschek

keeps being a pain for calls with several participants even on powerful servers.

Talk works much better for 1:1 calls, but it fails when calling several participants unless an external SIGNALING server is used: help.nextcloud.com/t/signaling

However, Nextcloud supports only its own servers: github.com/nextcloud/spreed/is

Are these running proprietary software?
Or could you provide some tips on how to 100% self-host an instance for 10+ participants?

.com, a 300M$/year revenue company, purchased in October 2018: en.wikipedia.org/wiki/8x8

What is their business model in your opinion?

Notice:
* Jitsi is licenced (not ), hence it can turn proprietary and be killed any time: github.com/jitsi
* Jitsi uses STUN servers of by default: mastodon.social/@FuckOffGoogle

Thanks @ajz

Hmm. How come I missed that tech news ? Probably social distancing... #jitsi #atlassian

Ich war mal so frei und habe eine automatische Weiterleitung für Jitsi Instanzen gebaut:
jitsi.random-redirect.de/
Verbindungen werden mittels Status Code 302 auf eine zufällige Jitsi Instanz umgeleitet.
#dezentral #homeoffice @linuzifer @kuketzblog

Talk vs.

NextCloud Talk:
✅ much less resources needed on server-side thanks to p2p (5x to 20x less)
✅ requires an account to create a *new* room (server overload protection)
✅ runs in a browser
✅ AGPL licence

Jitsi:
❌ resources-hungry (on server)
❌ no end2end encryption (need to trust server)
❌ uses servers by default
✅ runs in a browser
❌ Apache licence (code can be closed)

NextCloud is easier to install than Jitsi on Debian Buster:

docs.nextcloud.com/server/18/a

Aktuell suchen Schulen fieberhaft nach Lösungen, wie sie mit ihren Schülern während der Coronakrise in Kontakt bleiben können. Viele Schulen und Verantwortliche wählen nun leider Lösungen und Dienste, die ihre Nutzer mit Google, Facebook und Co. tracken bzw. von der eigenen Infrastruktur abhängig machen.

Dezentraler Unterricht geht aber auch datenschutzfreundlich und ohne Lock-in-Effekt.

digitalcourage.de/blog/2020/sc

Some desktop browsers with their search defaults:
- Chrome / Google
- Cliqz / Google
- Eolie / Google
- Firefox / Google
- Opera / Google
- Safari / Google
- Edge / Bing
- Vivaldi / Bing
- Waterfox / Bing
- Beaker / DuckDuckGo
- Brave / DuckDuckGo
- Epiphany (GNOME Web) / DuckDuckGo
- Falkon / DuckDuckGo
- Midori / DuckDuckGo
- Min / DuckDuckGo
- Otter / DuckDuckGo
- Pale Moon / DuckDuckGo
- SeaMonkey / DuckDuckGo
- Tor Browser / DuckDuckGo
- Wexond / DuckDuckGo
- Ephemeral / Startpage

#Privacy

If you install on your server, edit the file
/etc/jitsi/meet/jitsi.example.com-config.js

and comment these lines:
// The STUN servers that ..
stunServers: [
{urls:'stun:
stun.l.GOOGLE.com:19302' },...],

!!!

Also, it is *not true* that is "fully encrypted" as stated on meet.jit.si/. Instead:

" does not provide a way of conducting multi-party
conversations with end-to-end ."
github.com/jitsi/jitsi-meet#se

Thanks @galaxis and @infosechandbook

Show thread

If you install on your server, edit the file
/etc/jitsi/meet/jitsi.example.com-config.js

and comment these lines:
// The STUN servers that ..
stunServers: [
{urls:'stun:
stun.l.GOOGLE.com:19302' },...],

!!!

Also, it is *not true* that is "fully encrypted" as stated on meet.jit.si/. Instead:

" does not provide a way of conducting multi-party
conversations with end-to-end ."
github.com/jitsi/jitsi-meet#se

Thanks @galaxis and @infosechandbook

Show thread

Regarding Jitsi Meet servers:
There is a recent trend to use Jitsi Meet, a JavaScript WebRTC application, for videoconferencing.

Please note that these video conferences aren't end-to-end encrypted. This means server-side parties can monitor your activity. If you want to use Jitsi hosted by others, look for a comprehensive privacy policy as always.

There could be additional legal requirements if you want to use third-party Jitsi servers for school or work.

#jitsi #privacy #security #infosec

Oops!

"Microsoft Teams goes down for two hours as Europe logs on to work remotely"

For those who have a say in tools they use and want an alternative, give about.riot.im/ a chance. Free, open-source, encrypted and supports chat, file sharing, video/voice calls...

Show thread

If you can , install your own server not to overload public ones.

Step-by-step example (30-60 minutes):

* rent a DEV1-M server on scaleway.com/ with Debian Buster (7,99 Eur/month)
* disable IPv6 (to avoid bugs later)
* reboot (!)
* note public and private IP
* buy a domain (gandi.net,..), and set public IP
* follow github.com/jitsi/jitsi-meet/bl (with NAT)
* reboot and enjoy!!

A single call with two users uses about 10% of CPU.

alternatives

While we're all focused on the Corona crisis the US government is quietly pushing an internet #surveillance bill that is aimed at abolishing message encryption:

We should probably pay attention to this and spread awareness even if we are not American: eff.org/deeplinks/2020/03/earn

A ver, para el tema del #FuckOffGoogle en los centros educativos de #Catalunya ;)

Hay una lista de correo a la que sus podéis suscribir para organizar la acción de pedir el contrato con Guguel a la Generalitat.

¡Seguimos!

Show thread

Noticing Google Analytics being used on a website for open source projects, security blogs / systems or privacy rights organizations...

(Choose all that apply...)

Show more
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!