Readit News logoReadit News
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
cryo · 6 years ago
Thanks for the clarification, imo and as you already see in this discussion different people understand different meanings into the word.

Maybe it's safer to use a clear description rather than "anonymous". The "no user account is required" is a good statement which can be hardly misunderstood.

There are many people out there (including me) which think anonymous means nobody can trace or identify me. Anonymity even with Tor is very hard to achieve on the Internet, I would even say it's impossible.

On my software I'm using the word "private" instead of anonymous to describe such communication; which was inspired by Tor tech talks. I've written about it here https://cryonet.io/technology.html

perenzo · 6 years ago
Ok, I get the point. I opened a ticket to use a clearer wording: https://github.com/holtwick/briefing/issues/51 Thanks clarifying the ambiguity.
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
lioeters · 6 years ago
Thank you for making both the client and server sides of this video chat application open source.

The only missing piece it seems is the STUN/TURN server. Would you have a plan to also release it?

perenzo · 6 years ago
I use coturn. Find installation details here https://github.com/holtwick/briefing/blob/master/app/INSTALL...
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
waynenilsen · 6 years ago
> you'll need some other channel to exchange the peers connection data

Perhaps using IPFS to pin the data temporarily and share that hash between the peers?

perenzo · 6 years ago
That's a good idea. I don't know the internals of IPFS, but the related https://libp2p.io/ looks promising. Follow up https://github.com/holtwick/briefing/issues/52
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
seesawtron · 6 years ago
Yes password protection would definitely make this more usable.

Have you also seen apprtc [0]? Could you point out if there are any differences you see there to Briefing?

[0] https://appr.tc/

perenzo · 6 years ago
It is basically the same. Briefing is a bit more modern and has a few more features. As I mentioned in the help text on https://brie.fi/ng#help I started the project as a spin off of a virtual classroom project https://peer.school/ Sources https://github.com/holtwick/peer2school
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
seesawtron · 6 years ago
Looks really cool. One key element is that anyone can spy on your call if they guess the random name that you generate to create the link. I am curious what randomizations you have used to generate those? (perhaps you don't want to share to avoid exactly the spying, I can understand if you feel that way). Thanks for your insights. Cheers
perenzo · 6 years ago
Indeed, it is a rather simple algorithm [1] But you can set any name you like, either in the input field or directly in the URL. Protected rooms, where the participants need to know a common secret, are planned to be added to the project, see [2]

[1] https://github.com/holtwick/briefing/blob/master/app/src/com...

[2] https://github.com/holtwick/briefing/issues/1

perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
waynenilsen · 6 years ago
How can we further decentralize this such that the entire app runs "without any servers"? Sadly it is so close but the realities of ipv4 and local subnets definitely makes this more difficult. I always thought that this is part of what webrtc was trying to solve
perenzo · 6 years ago
Well technically it is possible to avoid the signaling server, but you'll need some other channel to exchange the peers connection data. This is pretty inconvenient though. But a signal server is a rather light thing and easy to install on a location you trust: https://github.com/holtwick/briefing/tree/master/signal
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
nannal · 6 years ago
"No camera or microphone has been found!"

Using firefox 79, the usual prompts to allow permissions were not issued.

perenzo · 6 years ago
This is a Firefox Nightly release, correct? Current stable release is 77.0.1 Do you experience those issues with the stable release as well? If so I would like to ask you to file a bug here and add the OS version. Thanks for letting me know! https://github.com/holtwick/briefing/issues/new
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
walterbell · 6 years ago
How about the term "unauthenticated", which is well understood for HTTP requests?
perenzo · 6 years ago
Well, IMO the definition of the word "anonymous" still fits how personal information is handled in Briefing: "Anonymity describes situations where the acting person's name is unknown" [1] And this is true regarding the Briefing service.

[1] https://en.wikipedia.org/wiki/Anonymity

perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
clawoo · 6 years ago
> This outer layer of DTLS-SRTP encryption is removed while packets are traversing Jitsi Videobridge

What this means is that the packets are encrypted between you and the video bridge and the packets travel unencrypted within the videobridge infrastructure, but at no point does the outside world see the unencrypted stream. Talking to the Jitsi video bridge is just a regular WebRTC session as far as clients are concerned (so any DTLS encryption WebRTC has, the Jitsi call has), I know this because before they had a decent SDK I had to manually wedge my WebRTC calls into it.

If you're looking to add e2ee to your project, you're pretty much left to choose between Olm and Signal Protocol, which are quite similar, but libsignal is GPLv3 while libolm is Apache 2.0.

I've used Olm more intensively over the last two years. While it works, it's great, when it randomly wedges a session for no apparent reason you feel like throwing it out the window.

perenzo · 6 years ago
Thanks for the feedback, I'll take Olm/Matrix and Signal into consideration, although I believe for the described purpose of Briefing the current implementation is sufficient and secure.
perenzo commented on Show HN: Briefing – Anonymous, secure, open source WebRTC group video chat   brie.fi/ng?ref=hn... · Posted by u/holtwick
Lunrtick · 6 years ago
Jitsi has end-to-end encryption now (used it a few days ago).

It behaves quite hilariously when you switch to e2e encryption after a normal connection - the other party gets random noise for a little while.

perenzo · 6 years ago
But it only works with Blink/Chrome right now because it depends on Insertable Streams:

https://jitsi.org/blog/e2ee/

https://www.chromestatus.com/feature/6321945865879552

Hopefully this will be implemented in other browsers as well soon.

p

u/perenzo

KarmaCake day124July 2, 2011View Original