Secure Private Open-Source Video Conferencing without unwanted guests
- by joeri
- April 6, 2021
If there’s one experience that sums up the pandemic for most of us who have been fortunate enough not to encounter the virus in person, it’s the lockdown. Day after day at home, it may be boring and monotonous, but we’re fighting the spread of the virus by doing it so it remains essential. Our lives must go on though, so if there’s another thing we’ll remember from all this it will be the video conference. The office and school have been replaced by our phones and laptops, and a new etiquette has evolved. If you’ve carefully arranged a bookcase full of impressive tomes in the background or you’ve persuaded everyone you’re not really still in bed by putting a shirt on and brushing your hair, we salute you!
The commercial video conferencing apps and websites that have become so familiar may have helped us get through all this, but they are not without their own problems. The interests of a large tech company don’t always coincide with those of an end user, and its provider will inevitably see it as a target for data mining and monetisation. Then there’s a new word that’s entered the lexicon in the last year, Zoombombing. It refers to the practice of intruders gaining entry to the video calls of others for the purpose of disruption, and though it is derived from the name of one service it has in practice appeared in more than one place.
If strangers can gatecrash your video call and cause mischief, perhaps a more serious consequence is that bad actors can insert themselves into calls and impersonate a genuine participant. You may have seen in the news from November 2021 that the RTL Nieuws journalist Daniel Verlaan gained access to an online European defence conference after its credentials were unintentionally leaked by a politician. He identified himself as a journalist and the meeting was promptly ended, but imagine for a minute that he had been an agent of a third party state who had not. He could have sat there in a sober suit with a politician’s home office background, and listened to the whole meeting undetected among the mosaic of genuine participants. The security on video conferencing systems even at the highest level can often be woefully inadequate, and clearly some means of verifying the identity of those who join them is called for
Perhaps most serious of the flaws with proprietary services comes in their apps. You may be used to permission pop-ups when you install a new app on your phone, for instance asking to use your camera or microphone. You trust an app because it comes from a company you have heard of, but do you know what the app is really doing? In autumn 2021 there was concern from security researchers over the spyware capabilities of the popular TikTok video sharing app, and if there’s a lesson to take away from that it’s that putting your privacy in the hands of closed-source code can be a minefield.
The solution offered by IRMA-meet attempts to address these challenges, by combining Privacy By Design’s open-source IRMA secure authentication app technology, and the popular BigBlueButton open-source video conferencing and collaboration system. IRMA is an open-source system for securely verifying identity while retaining privacy, and it takes the form of an app that allows you to verify yourself while remaining in control of how much personal data is revealed. This alongside BigBlueButton and top-notch infrastructure from ProcoliX yields a secure and private space for online meetings without the need to worry about snooping, spyware, or uninvited guests.