
Jami: GNU end-to-end encrypted alternative to Zoom and Jitsi - surround
https://git.jami.net/savoirfairelinux/ring-project/wikis/home
======
surround
In comparison to Zoom and Jitsi:

Jami’s major advantages are that it’s end-to-end encrypted and completely
peer-to-peer, requiring no server in-between.

The major disadvantage is that it doesn’t support calls from the browser.

See also: [https://jami.net](https://jami.net)

~~~
Freak_NL
Not running in the browser is a major downside. I've used Jitsi this past week
with technologically illiterate family members, and being able to just have
them enter a URL while talking on the phone is really great.

Also, being able to just use any OS with a modern browser you please.

~~~
smcleod
Personally I don’t want to have my web browser run applications, I’d rather
have native MacOS or Linux apps, but I do see how having at least a version of
it available in a browse is handy for potability.

~~~
Freak_NL
Don't get me wrong: I want both to be possible, but being able to just get up
and go is really helpful.

For a tool like this though I'm not sure what a native app would add. Most of
what it does builds on the functionality of a modern web browser.

~~~
wagaf
Modern Web browser don't allow true peer-to-peer, you always need a server.

Jami uses a fully distributed network (DHT) to initiate connections.

~~~
dependenttypes
Webtorrent is a thing though. Is it not true peer-to-peer?

~~~
yellowsir
webtorrent builds on webrtc, which requires stun and ice servers. so you still
send metadata to defined servers for connection handeling and most sadly you
can't p2p in an offline LAN.

~~~
dependenttypes
> so you still send metadata to defined servers for connection handeling

This is also true for typical p2p protocols though, isn't it? Normal torrent
clients for example have hardcoded servers to start their dht search from.

~~~
PersonalOps
Not necessarily. It does follow that if you submit to a tracker, but there's
the DHT option which is advertised locally [0]. The way it seems to do it is
the magnet uri includes the contents of a few IPs that might have, at minimum,
a more up-to-date DHT with more IPs. At best it also includes some chunks of
whatever you're trying to download.

[0]: [https://stackoverflow.com/questions/1332107/how-does-dht-
in-...](https://stackoverflow.com/questions/1332107/how-does-dht-in-torrents-
work#1746896)

~~~
dependenttypes
[https://superuser.com/questions/592238/](https://superuser.com/questions/592238/)
does not seem to agree with that statement.

------
thekyle
Looks like GNU Ring changed its name to Jami.

Also, I already have an GNU Ring account saved in my password manager but
can't seem to login (or even find a place to). However, if I try to create a
new account using my old username it (correctly) states it is taken.

~~~
r0bbie
I'm having the same issue. Previously created an account, and I'm completely
puzzled how to now log in to it! Seem to have options to create a new account
or import a backup..

------
beanjammin
Interesting, I haven't tried Jami. If I am understanding it correctly it seems
to provide calling features, which Zoom and other typical video conferencing
type applications don't.

I'll also through Jitsi out there as a very capable FLOSS alternative to Zoom.
If you tried it a few years ago it's changed dramatically in the last while.
It's now WebRTC based and runs in browser without any download. It's not quite
end to end encryption because the stream needs to be decoded on the server
before being re-encoded for the other clients, but since you can easily self
host it on a cheap VM I find this acceptable.

~~~
divbzero
Can’t WebRTC support peer-to-peer video calls without running the stream
through a server? I have vague recollection that it can but am not
particularly familiar with the protocol.

~~~
divbzero
To answer my own question: Yes, WebRTC supports peer-to-peer video calls but
does require a “signaling server” to help establish and close the peer-to-peer
connection. [1]

[1]:
[https://www.html5rocks.com/tutorials/webrtc/basics/](https://www.html5rocks.com/tutorials/webrtc/basics/)
"Getting Started With WebRTC"

~~~
littlestymaar
The signaling server is only useful for the connection initialization though,
and it never has access to the video stream, only to metadata (like your IP
address, the supported encodings of each party, etc.). And it doesn't even
really need to _access_ them: it just needs to forward them from one peer to
another, so it could be end to end encrypted.

It also needs one or several STUN servers as part of the hole punching scheme,
but this one doesn't even exchange anything with anyone, so there aren't many
issues here (and you don't need to roll your own: you can use Google's one)

------
y7
This used to be called GNU Ring. Wikipedia has some info on features:
[https://en.wikipedia.org/wiki/Jami_(software)](https://en.wikipedia.org/wiki/Jami_\(software\))

I'd be really curious if this is a viable option for videoconferencing for say
>10 people.

~~~
oucp
I'd really be interested in this as well! As Jitsi for example isn't really
able to handle many participants apparently:
[https://community.jitsi.org/t/maximum-number-of-
participants...](https://community.jitsi.org/t/maximum-number-of-participants-
on-a-meeting-on-meet-jit-si-server/22273/20)

------
hkt
I've used this while trying to find open source video conferencing solutions
and chat applications in the past. It spends significant amounts of time not
finding my friends before timing out.

As an aside, I don't believe in the virtues of P2P anymore. It's clear to me
that centralised systems scale further and faster, and what we need are benign
organisations to run them. Legal forms like cooperatives and community benefit
societies (nonprofits in the US I guess) are the way forward. I'd choose a
community instance of Jitsi as being the best approximation of this for now.

~~~
lambertsimnel
I share your interest in cooperatives, but not all cooperatives are equal. If
we expect cooperatives to provide public interest services that might
otherwise be P2P or nonprofit, I think we need a special kind of cooperative.

I belong to cooperatives that are politically partisan, that engage in sharp
practice, and that aren't as democratic as I'd like. I'd prefer cooperatives
to concentrate on treating stakeholders fairly, representing members equally
and effectively, and prudent stewardship of their assets.

Cooperatives might lose their focus on their main purposes and discourage some
non-progressives from becoming members/customers by pursuing too wide a range
of progressive causes.

~~~
hkt
In the UK we have a legal form called a community interest company. This,
owned by a co-op, would probably be the right form.

------
conradev
The marketing website itself seems to be a better resource for information:
[https://jami.net](https://jami.net)

------
CiPHPerCoder
> end-to-end encrypted

O RLY?

[https://git.jami.net/savoirfairelinux/ring-client-
android/is...](https://git.jami.net/savoirfairelinux/ring-client-
android/issues/604#note_14329)

[https://security.stackexchange.com/a/171461/43688](https://security.stackexchange.com/a/171461/43688)

I looked through their code to see where data is being encrypted/decrypted,
and was unable to locate it.

Since their issue indicated they use 4096-bit RSA, I really wanted to see if
they were vulnerable to Bleichenbacher's 1998 padding oracle attack.

[https://git.jami.net/savoirfairelinux/ring-
project/wikis/tec...](https://git.jami.net/savoirfairelinux/ring-
project/wikis/technical/Technical-overview#jami-certificate)

> The SHA-1 fingerprint (160-bits) of this public certificate is the JamiId.

this-is-fine.mp4

~~~
tptacek
The code you were looking for is in the OpenDHT project, which simply calls
GnuTLS's gnutls_pubkey_encrypt_data(), which is PKCS1v15. OpenDHT doesn't do
anything special with errors from decryption. You'd have to actually set up a
test environment to say it was vulnerable with any confidence, though.

~~~
CiPHPerCoder
Thanks Thomas!

------
mrwesleycrusher
Maybe it got better, but for the past 6 months a friend and I tried to get
this app to work with little success. The messages just DONT FREAKING SEND in
a timely manner even when in the same room.

Right now we use Briar and are pretty happy with it. There's also signal as a
better option.

Either way, IMO, Jami sucks.

------
prophesi
I haven't tried it myself, but I saw [https://wire.com/](https://wire.com/)
linked as an open-source E2E-encrypted alternative during a few of the Zoom
articles that have been posted these past few days. I'd love to see if anyone
here has any experience self-hosting it, and whether it matches up
performance/usability-wise.

~~~
y7
Note that Wire only supports video conferences for up to 4 parties.

[https://support.wire.com/hc/en-
us/articles/360001019225-Star...](https://support.wire.com/hc/en-
us/articles/360001019225-Start-a-video-conference-call)

------
jokowueu
Just realised this is Ring . Wonder why they changed their name

~~~
thayne
Possibly to avoid confusion with the company that makes doorbells.

------
fulafel
C/C++ implemented custom protocols, no webrtc... What explains these security
and compatibility compromises?

~~~
kelnos
The first commit was in late 2004, which was _well_ before WebRTC was a thing.

------
steerablesafe
I tried Jami recently and it just doesn't work, I think it has problems with
punching through NAT and routing.

I would love to see a messenger/audio call/video call app built on the
zerotier SDK, I never had connection problems with zerotier.

------
merricksb
Originally discussed here 9 months ago:

[https://news.ycombinator.com/item?id=20311324](https://news.ycombinator.com/item?id=20311324)

------
squarefoot
I just installed on a Debian 10 machine, then on my old Android 6.0.1 junk
tablet. No problems on the PC, while the Android one always crashes when
attempting to pair with the PC by pointing the camera at the QR code, and
adding manually the exported account on the network hangs indefinitely on the
"adding account" window.

Not a big issue since I don't carry the tablet around, just to let the
developers know if they read here.

~~~
lilSebastian
> just to let the developers know if they read here.

Or, raise the issue with them for investigation, since a comment on an
unrelated site isn't a reasonable way to provide feedback

~~~
Brian_K_White
But it was most convenient for the user. Maybe it's equally fair to lecture
developers on reasonable ways to collect feedback.

~~~
lilSebastian
I didn't lecture anyone. What did you find inconvenient about the existing
methods of contact?

------
saagarjha
Obligatory: has anyone used this before?

~~~
Animats
Never even heard of it.

This has been around for a while. Why isn't it in the Ubuntu repository?

~~~
dmca
It's there in 19.10

~~~
Animats
Ah. Running 18.04 LTS here.

------
systemvoltage
Does anyone find these names a bit weird?

What happened to 80's glorious days where company and product names were super
cool.

    
    
      - DynaMax
      - Ultron
      - Trinitron
      - Hypersystems
      - Logicore
      - Supra
      - Intertech
      - UniversalSystems
      - NationalTech
      - Automark
      - Spectra
      - Pentatype
      - PolyMatrix
      - MicroSpace
      - RotoCore
    

Now we have things such as Flikr, Waymo, Skype, Jitsi and this thing... Jamo
or Jami. :-/ Human race is regressing.

~~~
egypturnash
“Jami is inspired by a Swahili word that means “community”. The name was
chosen as it reflects the vision: to be a service open to all, to be community
supported, and to respect the privacy of users.” -
[https://jami.net/help/](https://jami.net/help/)

~~~
systemvoltage
Why does a product name have to have a "meaning" behind it? Kodachrome was
abstract.

~~~
jachee
Kodachrome wasn't abstract. It was Kodak's color film, and thus a pseudo-
portmanteau of "Kodak" and "chroma" (i.e. color).

I'm sure there are meanings behind a lot of the other names you listed, too.

~~~
systemvoltage
How about Kodak? I am sure there are many names that are abstract.

~~~
pmontra
From [https://petapixel.com/2011/08/03/origin-and-evolution-of-
kod...](https://petapixel.com/2011/08/03/origin-and-evolution-of-kodaks-name-
and-logo/)

> The letter “K” had been a favorite of Eastman’s, he is quoted as saying, “it
> seems a strong, incisive sort of letter.” He and his mother devised the name
> Kodak with an anagram set. He said that there were three principal concepts
> he used in creating the name: it should be short, one cannot mispronounce
> it, and it could not resemble anything or be associated with anything but
> Kodak

------
exabrial
Ok stop with the E2EE encrypted. Literally if you're running your own
hardware, you don't "Need" E2E. You need to understand your attack surface,
your vulnerabilities, and your goals. E2EE is not the optimal use case for
everyone and everything.

~~~
surround
\- Zoom does not support self-hosting

\- Self-hosting Jitsi is not the optimal use case for everyone.

People are free to choose between Jami and Jitsi, and it’s great to be able to
have different options based upon your use case.

~~~
anilakar
Most importantly, these one-click-join services are easily accessible by
everyone* with a web browser, so switching service providers is a breeze.

