robertwessen
commented
5 years ago this is related to https://github.com/RocketChat/Rocket.Chat/issues/9419 which was recently addressed.
Closed robertwessen closed 2 years ago
robertwessen
commented
5 years ago this is related to https://github.com/RocketChat/Rocket.Chat/issues/9419 which was recently addressed.
geekgonecrazy
commented
5 years ago I think https://github.com/RocketChat/Rocket.Chat/pull/12259 can help with this
pierre-lehnen-rc
commented
2 years ago Fixed by the new videoconf system.
Description:
There still exists a privacy issue in the current Jitsi integration. Any one user can calculate all jitsi URLs for any user/room combo (including video meetings launched from DMs)
I think a feature when launching a new jitsi meeting would be needed to address this best. It would require two different jitsi meeting types when launched from RC:
permanent meeting - a jitsi url which is determined much like the current implementation. the url is deterministic, based on the ID of install and users/channel name. This is useful for long term consistent meetings on a topic, channel or group.
ephemeral meeting - similar to a permanent url, but with a nonce (HMAC of same ID values w/ nonce as key?) to make it unique. New nonce is created every time an ephemeral jitsi meeting is requested. This is best for private meetings which should only last as long as the jitsi session itself and be random enough to give basic privacy properties.
Expected behavior:
Jitsi meetings launched from RC should provide some privacy, at least equivalent to the protections provided within RC.
Actual behavior:
Any one user of RC can calculate the jitsi meeting URL of rooms and DMs (between any two users) as the Jitsi URLs are based on public account/room ID values.
Server Setup Information: