While Jitsi is open-source, most people use the platform they provide, meet.jit.si, for immediate conference calls. They have now introduced a “Know Your Customer” policy and require at least one of the attendees to log in with a Facebook, Github (Microsoft), or Google account.
One option to avoid this is to self-host, but then you’ll be identifiable via your domain and have to maintain a server.
As a true alternative to Jitsi, there’s jami.net. It is a decentralized conference app, free open-source, and account creation is optional. It’s available for all major platforms (Mac, Windows, Linux, iOS, Android), including on F-Droid.
Calling them hypocritical is hysterical when they offer all the source code for free and you can host your own instance that doesn’t need an account.
The software is free open source. But this case is not about the software. It’s about the web instance that the majority of the people was using. And that instance now lost its privacy feature and shouldn’t call itself privacy friendly anymore.
What information is transmitted to GitHub when you sign in with your GitHub account?
I’ll tell you: that you signed into jitsi.
That’s it.
I agree with you and it’s an important distinction. But for me it’s also about the ethos of the developers or company. Promoting free and open source tools is great, but requiring the opposite as a prerequisite to use the largest publicly facing implementation of that is a very odd decision.
Is there another OAuth identity provider they should use? I agree that it’s ludicrous that advertising companies are the primary identity providers we use, but I have no issue with GitHub / Microsoft as an identity provider.
At the end of the day they could create their own account system and take on the liability of storing passwords, but why? That’s not what their software is about and as instance admins it will take away their time and focus.
At the end of the day I think what you’re chafing against is not their fault but a fundamental problem with open source software at the moment, we have no system of decentralized identity verification, and identity verification is basically a necessary part of ensuring your system isn’t abused.
I’d personally prefer they didn’t implement any KYC-style identity verification at all in the first place, but it’s not my service or project and I’m not a paying customer, so my preference is largely irrelevant to them. But that said, I didn’t intend the comment to be damning, or even a particularly harsh criticism, just thought it wad an odd choice.
If what you are saying is accurate, and there aren’t better options, I at least understand that choice a bit more. If they feel they need an identity provider for whatever reason, they should obviously choose the one they feel best fits that need. And as others have noted, different servers and instances can be spun up or utilized. Users can choose to utlize whichever fits their needs best, or none if none of them fit.
Your other point is well taken though that it may be a gap in the marketplace. Sounds to me like a need waiting to be filled. I recall reading about some decentralized blockchain solutions for this sometime back, but do not recall the specifics. I haven’t followed along because it didn’t seem relevant to my personal or business needs at the time.
If anyone else knows of alternative options that may be better or more privacy friendly, I’d certainly be interested to hear about them. And would chip in funding for any good FOSS projects that might seek to solve this problem.