Friction-less instant video calling

Most communication on the internet today is encrypted between the server you are accessing, and the device which you are using. This is usually known as HTTPS, SSL or TLS security and indicated by the lock icon in the browser location bar. This type of encryption can help you to be sure that you are connecting to the right service, to prevent interception by 3rd parties, and also ensure that the content which you are viewing has not been tampered with in transit.

For video and audio calling things are different but achieve the same ends - that there is assurance of who you are connecting to, that nobody is able to intercept that communication, and that the communication has not been altered. This is achieved through a protocol known as DTLS-SRTP. You can think of this as a "wrapper" for the video stream between each party in the video call.

When you connect 1:1 to another device, the video service encrypts communication between each party as the call is routed through a peer-to-peer connection. In this scenario there is no decryption of the video stream except between the sender and receiver.

When you connect to a group call where there is more than 2 devices involved, then due to the nature of how the service must route information between participants, the DTLS-SRTP wrapper is removed on our server. The video streams are mixed together and then re-routed to the call participants. This operation happens in memory of the servers we use to host the video call and are never written to disk or persisted in any way.
‍
However, this is why it is important for video services to be located in regions which have strong privacy protections and for video calling service to support information security best practices and alignment to industry standards.

If you wish to ensure security even further, you may enable End-to-End-Encryption (E2EE) in your call. In order to do this you will need to share a secret key or passphrase will all call participants prior to the call and each participant will need to enter the key to connect to the video call. Read more about Jitsi E2EE here. Also note that this feature is under development and not all browsers or devices will support it.

Jitsi Meet and Videobridge are based on WebRTC which is an open standard for real-time conferencing developed and supported by Google, Microsoft, Apple, Mozilla and others.

Modern desktop, tablet and device browsers support WebRTC calls without any plugin required.

Most video calling software and services come from the corporate world and have inherited the teleconference paradigm and of the notion that each person has a "room" which they can invite other people to join. Due to the complexities of authentication for people outside of the corporate organisation, these services rely on PIN codes or logins to ensure that only authorised people can join the call.

We have taken a different approach which allows people using our services to simply click a "magic" link. The secret is that we have embedded a unique code for each participant in the link we send them. This link is also encrypted so that it is tamper-proof.

However, you should note that the magic link *is* your PIN so you should treat it as sensitive information and not share it with anyone else.

Thankfully Zoom and the rest of the video conferencing industry have been able to greatly reduce this problem through the configuration of their software and education of their users.

We prevent people from Zoom bombing our calls by how the "magic" links are constructed. First, they are specifically addressed to an individual, either through their email address or their mobile phone number. Next, we generate a random "room" name which is then shared to the other participants through their own magic links. And finally, the magic links are only valid for 10 minutes prior and 1 hour after the scheduled time of the call.

Right now we do not support recording or transcripts of calls being made. This is something we are tracking on our roadmap and will invest in providing this service should there be enough demand.