I fired up https://meet.jit.si/ just to explore how it works. Following the hint, I chose a simple phrase for the meeting name, something like “MyFamily”, and hit “Go”.
What did I expect?
A blank meeting screen.
What did I see?
Six elderly people whom I don’t know, talking to each other, looking surprised to see me and saying “Oh, who is that?!”
Walking In on Strangers
I left the meeting after a few seconds. Perhaps they worked out what happened and how they could change their settings to stop strangers intruding. Perhaps they were worried. Perhaps I could have gone back in and explained that I walked in on them unintentionally and meant no harm. Perhaps.
There is a UI/UX problem here. Jitsi-Meet is insecure by default. Certainly it’s possible to use it in a more secure way, but that is not good enough.
The UI here is supposed to suggest that I can use a randomly generated phrase as a meeting name. The designers clearly intended that as a security measure: a sufficiently unguessable name is secure against accidental visits, and forms a part of the security measures against intentional attacks. I know that from my background knowledge of security practices and software design. From further background knowledge and exploration, I also know that I can press “GO” to accept the suggestion. But still I fell into this trap.
As a new user, it looks like I need to enter something, and I would expect to enter a simple and meaningful name, and would absolutely not expect that doing so would immediately remove the expected privacy.
Filed as a bug: https://github.com/jitsi/jitsi-meet/issues/5407 “Choosing a meeting name is insecure by default”
## Description In real life just now, I chose a simple meeting name, something like "MyFamily" (but not that) and hit "Go". I saw and heard six elderly people whom I don’t know, talking to each other, looking surprised to see me and saying “Oh, who is that?!” Their privacy was violated to me, and mine to them. This is insecure by default, and inconsistent with claiming "security". Reported here: https://blog.foad.me.uk/2020/03/26/jitsi-meet-excuse-me-who-are-you/ --- ## Current behavior On entering a simple meeting name there is a real chance of walking in on someone else's meeting, uninvited. --- ## Expected Behavior On entering a simple meeting name, there should be some protections in place to prevent walking in on someone else's meeting, uninvited. --- ## Possible Solutions There are several possible solutions and measures, including... * explain about the random phrase and its security implications and make accepting the suggested phrase a more discoverable option; * have the "create meeting" UI user choose whether they want a public/open meeting or a private/closed meeting; * if a user-specified meeting name is chosen for a new meeting, then very strongly encourage setting a password (unless explicitly chose to start a public meeting); * when "start a new meeting" UI leads to joining an existing meeting, that is a violation of expectation, so interpose a second step, e.g. "this already exists; try to join it or choose another name?" * interpose a "new user is knocking on your door" step whereby existing participants have to explicitly accept the new user; etc. --- ## Steps to reproduce * one user uses the "Start a new meeting" UI using a common phrase like "MyFamily" as the name; * another, supposedly unrelated user uses the "Start a new meeting" using the same common phrase like "MyFamily" as the name; * see that they join, without protection; --- # Environment details Using https://meet.jit.si/ on 2020-03-26.
I’m surprised that Jitsi has been developed like this from the beginning, I’ve read your github issue and saw what he wrote.
I mean, if they speak about security how can they implement such a fragile way of creating a room, even if just 10 people used it, security is not something to be taken lightly.