Source: https://www.derechosdigitales.org/wp-content/uploads/webrtc_en.pdf
When the physical distancing measures began to stop the contagion curve for Covid-19, from many places we demanded to strengthen the social meeting, and there was the internet to satisfy us. According to the ECLAC2 , during the first half of 2020, the consumption of broadband communication services in Latin America and the Caribbean increased dramatically: the use of teleworking solutions increased 324%, distance learning 62%, and E-commerce and delivery services 157%. This meant an increase in traffic and greater demands on capacity and resilience for the networks operating in the region, although the potential for connectivity remains quite limited. ECLAC says that in order to guarantee effective participation in digital environments in the region, including access to health, education and work, as well as to shopping, banking and entertainment services, it is first necessary to expand fixed broadband coverage and improve mobile broadband connection speed. In addition, for the provision of online health services, it calls the attention the need to guarantee access to digitized medical information and interoperability of services, as well as data privacy and security. Nonetheless, beyond access to digital goods and services, or the figures on the quality of connection to fixed or mobile broadband, in confinement it has become evident how in digital environments we have experiences and initiate relationships in which we are necessarily embodying multiple identities and realities. This is recognized by the Feminist Principles for the Internet3 , which for several years have called for “universal, acceptable, affordable, unconditional, open, meaningful and equal” access, especially for women and queer people.
The possibility of accessing the internet is crossed by multiple dimensions and while the industry seeks profitable solutions to connect the other half of the world’s population, it israpidly advancing towards cutting-edge technologies, which are increasingly complex and require better infrastructures to function optimally. In point of fact, for this reason, it is imperative to work so expansion of coverage is done with criteria of quality and dignity for users, since it is about connecting communities that have traditionally been marginalized and subjected to different types of violence. During the first months of 2020, different organizations published guides to lead the proper use of video calling platforms and applications, some addressed to wide audiences,4 others at critical groups such as journalists,5 school teachers6 or activists7 . Security and privacy analysts turned their eyes to the most popular platforms, and many of these had to update their policies, designs and settings, to respond to the needs of the moment. Zoom’s case is paradigmatic. This company located in Silicon Valley, since 2013 was trying to position itself as a competition against Google, Apple or Microsoft, offering a simple and friendly interface, while guaranteeing a stable transmission of audio and video. As early lockdown measures began to take effect, Zoom became the most popular video conferencing option in businesses, State entities and schools. Thus, it went from 10 million participants per day in December 2019, to 300 million in April 2020.8 As early as March, a series of criticisms began to be published regarding the vulnerabilities in the platform and the misleading discourse with which it was advertised. Already in 2019, it was denounced its ability to “bypass browser security settings and remotely enable a user’s web camera without the knowledge or consent of the user”9 , to what it was added criticism for the attention tracking; which allowed the hostess see if any attendees do not have the desktop client or mobile app in focus for more than 30 seconds.10 Alerts were also raised for the so-called Zoom Bombing, 11 for the data that the platform sent to Facebook to notify when someone opened the application,12 and for the data filtering of those who subscribed with email accounts in other servers different than the most popular ones like Gmail, Hotmail or Yahoo.13 Then, it came analysis on the pre-installation mechanisms implemented in macOS,14 the implementation of “what the company calls end-to-end encryption”,15 its routing alternatives, using servers in China since the pandemic began,16 and a vulnerability in the waiting room of a meeting.17
As explained by The Intercept at the end of March,18 until that moment in Zoom, only the connection between the client and the platform was encrypted, in the same way as navigation on a website that has HTTPS is encrypted. The communication was not encrypted end-to-end (E2E) but only the chat, that is, text messages. According to the report by CitizenLab,19 Zoom implemented its own transport protocol, with some modifications over the existing RTP (Real-Time Transport Protocol) standard, and all media traffic was encrypted and decrypted with a single AES-128 key (Advanced Encryption Standard-128 bits), generated and distributed by the platform’s server to the participants, in ECB (Electronic codebook) mode, considered as very weak within existing standards. In order to be brief on Zoom, it is worth saying that the company made a commitment to the privacy of its users and in April launched a 90-day plan to repair errors and vulnerabilities.20 However, the payment services of this and other platforms such as Meet (Google), Teams (Microsoft) and Webex (Cisco) continue to offer a better service in terms of quality, stability and privacy.21 Perhaps, that is why, with the advance of the pandemic, these were the companies that best answered to the institutional demand for video calling and video conferencing services and they are the ones who dominate the market today. But what about the organizations, movements, groups and individuals who cannot afford access to the services offered by the greats of the internet? Regarding difficulties and risks associated with the increasing use of free digital platforms, some organizations shared recommendations for remote work22 based on free and privacy-friendly tools, where Jitsi Meet appeared as one of the best options for video calls23. Jitsi is an open source project that in 2003 began developing a desktop application for voice and text messaging over the internet. Over the years, it has been implementing different technologies to integrate video and guarantee fluid communication, which does not require so many resources from end customers.24 Since its code is open, it is possible to install your own instances and many organizations did so during the pandemic.25 For instance, in Argentina, it was developed Jitsimeter,26 a comparison of the quality of the instances and the privacy conditions in which they operate, based on the use of intermediate servers, owned by large companies in the data market such as Amazon, Google or Microsoft. It is important to mention that the infrastructure behind a video call is much more complex than setting up an instance.