These days, lots of people are communicating with each other via video conferencing, but it seems a number of popular video conferencing services are less than secure. Zoom, in particular, has come under a lot of fire recently because of the ease with which interlopers can get into ongoing meetings. You probably know that PassLok has had its own way to create secure chats for quite a while, but now it has been completely redesigned for version 2. This version works more reliably than before, and now includes the option to initiate Jitsi chats.
Here’s a list of the new features in PassLok chat:
- Screen sharing.
- Mute/blank yourself during a meeting.
- Initiator can leave the meeting, and the meeting continues.
- Lighter use of resources.
- For the first three kinds of chat (text, audio, video) connection is direct between participants so that streaming data does not go through a server (well, actually this isn’t new ;-).
- Fourth option to create a Jitsi chat instead (nice and full-featured, though it still does not support file exchange).
- All types of chat are password-protected, and the password (as well as the meeting ID) is never sent in plaintext. Login is automatic, even with password.
- Now you can switch the type of chat (say, from text only to video, or even to Jitsi) even after it has started, as your need for features changes.
- Create a chat link if you are not yet ready to join the chat (handy for chats sent in read-once mode).
The new kid on the block is the Jitsi option, hence the picture for this post. Jitsi is an open-source alternative to Zoom and its like, which does not require anybody (even the initiator of a meeting) to make an account anywhere. This is also PassLok’s philosophy, and one main reason why we added Jitsi as an option. You can read more about Jitsi at jitsi.org. Now, we don’t have our own servers, so the Jitsi chats in PassLok run through meet.jit.si.
Here’s how Alice initiates a secure PassLok chat, to which she invites Bob and Carol, using one of the compatible apps (PassLok Privacy, URSA, SeeOnce, FusionKey, PassLok for Email, PassLok Universal):
- Alice clicks the Chat button on the interface (a chat option, followed by an Encrypt button, in PassLok for Email or Universal), after having selected Bob and Carol on the interface (apps differ on the way to do this).
- A popup asks for the type of chat (Text, Audio, Video, or Jitsi) and offers to add a short message. This is handy for extra instructions, or simply to add the time for the meeting.
- An encrypted item is created, which Alice then emails or messages to Bob and Carol. Nobody else will be able to read the contents for the encrypted invitation.
- Bob and Carol receive the encrypted invitation. When loaded into a compatible app, it decrypts and a popup reveals the attached short message. If the recipient clicks OK, a new browser tab opens, if he/she clicks cancel, a link is created in the app, which can be copied and used later, with the same result (this allows, for instance, to open the chat inside a PageCage frame, for extra security).
- The new tab displays the type of chat, which can be changed at this point, and contains a box for the participant to write an alias for the chat. Click “Join” and then you’re in. Allow audio and video as requested.
- If you become disconnected or wish to change the type of chat, simply reload the page, which takes you back to the previous step.
This process is much more secure than Zoom, or even Jitsi itself, because:
- Nobody can see the meeting ID (which is random anyway) until the encrypted invitation is decrypted, which only the rightful recipients can do. The only way for interlopers to know the meeting ID is if one of the participants gives then the decrypted link.
- Even id the meeting ID gets intercepted as participants try to connect, you still need the password, which does not come out of your computer at all (at least, in the first three kinds of meeting).
- Nobody has to make an account anywhere.
- The software running is open source, and you can watch it even as it runs.
Here’s the Github repo for PassLok Chat 2: https://github.com/fruiz500/PassLok-Chat-2