Don't blame Jitsi. Blame the people abusing their previously wide open service. They're why we can't have nice things.
As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.
Nobody is complaining about the login requirements per se, we are complaining about the fact that a supposedly "privacy friendly" and FOSS service chose to implement a login system using only Google, Facebook and GitHub accounts and god knows when they'll add better options.
ffs, they're OAuth providers. It's not like they're passing the video streams over to Google and Facebook so they can mine them for PII. All they'll learn is that a user with an identity on their platform is using Jitsi. So what?
Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
And if the complaint is that now Jitsi can tie back activity to a durable identity: yeah, that's the entire point. They're fighting abuse. At some level, to prevent that abuse, they need some form of trustworthy authentication. That, by definition, means to some extent piercing the veil of anonymity.
It's also why running their own auth doesn't fundamentally solve the problem, as anonymous users creating their own accounts on their platform is a minor speed bump to folks who would use the service for nefarious activity. For that auth to be worth anything, they'd have to engage in their own forms of user verification, and that'd be no more privacy protective, and frankly probably less so since you'd have to trust their security posture.
The fact is they simply cannot run the service in a way that's both perfectly anonymous to Jitsi themselves and simultaneously resistant to abuse (thereby protecting them from potential liability).
Look, I get it, I'm not a fan of the big tech providers, either. But the claim that this somehow crosses the privacy rubicon is a massive overreaction. And the software itself remains as Free and Open Source as it ever was.
I don't have a Google, Microsoft/Github and Facebook account. Do you know what they require to register one in terms of privacy? Their terms are horrendous. Jit.si must not care about privacy or they'd have other OAuth options from the start.
>Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.
I don't think you know the typical user profile of Jit.si. If people are happy with Google, Microsoft and Facebook, then why use Jit.si instead of their own video call offering?
> I don't think you know the typical user profile of Jit.si. If people are happy with Google, Microsoft and Facebook, then why use Jit.si instead of their own video call offering?
This hits the nail on the head. It’s not just about having an account with those platforms or being unhappy with their video call services. It’s more about which platforms one chooses and for what reasons. Those who choose jit.si would be the ones who want to avoid these tracking and profiling platforms and/or are completely against those platforms.
I agree that we are not entitled to Jitsi (8x8?) providing us with a free service. But it is not as clear of a cut as saying "Run it yourself then!" to a bunch of spoilt brats.
At the height of the pandemic I started using Jitsi for all my conferencing needs and was very happy to find that 8x8 had a paid-for option so that I could support Jitsi development through a 8x8 Meet Pro subscription. However, in December 2022 8x8 decided to axe the service and replace it with their "X Series plans" that are an order of magnitude more expensive (can not even find quotes easily right now [1]) and clearly geared towards large-scale enterprise. "By moving to 8x8 X Series, you will have access to features
like business SMS/MMS, unlimited calling to select countries, fax, voicemail transcription, integrations with business applications, call queuing, analytics, and more.", sounds great right? But not really to someone wanting to have a fixed URL and make twelve or so video calls per week on a budget.
This effectively forced me to go and "freeload" on Jitsi again, despite being willing to pay. However, I refuse to go crawling to Facebook, Google, or Microsoft for an account as I worked long and hard to divorce them already. It is doubly frustrating when you know that 8x8 has an account infrastructure (I have used it) and they are deciding not to offer it to us.
So, yes, we are not entitled to their free labour. But it is not like their track record is perfect here. This could all have been done much smoother.
To end on a more positive note, I posted this story a few days ago [2] and here are some alternatives that were brought up:
Do seriously consider supporting organisation that provide these services so that we can continue to have nice things. I would also love for there to be a Jitsi alternative out there with a "leaner" technology stack and higher focus on security that (paranoid?) people such as myself would feel more comfortable hosting on our own.
> As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
Pretty much every web site that requires login allows local registration. This is the first web i heard about that requires third-party registration. That seems absurd to me.
>If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.
Wait. They want me to sign up to Google, Microsoft or Facebook (worst possible choice ever) and I shouldn't complain. Seriously?
Don't blame Jitsi. Blame the people abusing their previously wide open service. They're why we can't have nice things.
As for expecting them to run their own auth service instead of relying on a third party, that is a hell of a lot more complex than it looks. I can't blame them for not wanting to take that on.
If you really disagree that much, go ahead and fire up your own Jitsi service and open it up for anonymous use by the public. Let's see how long you can run it before you encounter the exact same problems.