Hey, you, get off of the cloud!
One of our goals with Talky is to make the service itself and its underlying components as secure as possible. For example, as Bear explained recently, we use a variety of industry-standard encryption techniques, including strong cipher suites to enable Perfect Forward Secrecy whenever possible.
Unfortunately, encrypting video conferences end-to-end with more than a few people is difficult. The challenge is that in peer-to-peer, “full-mesh” mode, your laptop or tablet or mobile phone needs to encode and encrypt one outbound video stream for each person involved. This works well for one-to-one video, but even the most modern computing devices simply can’t encode that much video data if you have more than a few people in the session.
To overcome that challenge, a service like Talky needs to use a server in the middle (e.g., the Jitsi Videobridge) that accepts one incoming video stream and fans it out to all the other participants. Unfortunately, this kind of Selective Forwarding Unit has to decrypt the video streams that it receives in order to do its job.
We don’t like that any more than you do. And we’re involved with nascent efforts at the Internet Engineering Task Force to come up with standardized solutions. But it will take a while before those efforts bear fruit, because it’s a hard problem.
In the meantime, what’s a more private and secure alternative? One approach our customers like is to run their own private installation of Talky behind the firewall so that their conversations never leak outside the company network. Although that doesn’t fully encrypt conversations with external parties like vendors and partners at other companies, it’s a big step in the right direction for internal discussions.
To make this possible, you need to use a technology that can actually be run on your own network. That’s simply not an option with most video chat services on the market today because they’re built to run in the cloud and only in the cloud.
By contrast, we’ve put a lot of work into on-premise video chat. Led by Marcus and Bear on our operations team, we have created beautifully containerized versions of Talky that will run quite happily with Docker or Vagrant on the hardware of your choice.
This means you can run an entire Talky instance - signaling, messaging, audio, and video - on your own network, thus keeping all your conversations safely in house. We’re even working to make our Talky iOS app compatible with this more private and secure option for on-site video conferencing.
You might also enjoy reading:
- The real case for digital security: meet the ISC Project
- Improved Screensharing UX on Talky
- Investigating the ban on Talky in the UAE
- The official title of this post is “Lift off” (in honor of how good NLF’s puns are), but just to be clear, it’s about the fact that npm acquired ^lift and nsp
- Talky gets Real-time Text