If you work remotely on the web, you’re probably getting comfortable with multiple video chat tools. At Freedom of the Press Foundation (FPF), we’ve published a high-level comparison of some common video chat applications, while many others maintain detailed comparison spreadsheets to help you compare dozens of tools. We also wanted to dive deeper into what we know about a few individual tools. This fact sheet will detail some security, privacy, usability, and anti-abuse properties of Whereby. In particular, we focus on properties that are critical to high-risk users, like journalists, and have developed a series of questions to help examine these properties.
In our fact sheets, we’ll be taking a closer look at several tools in common use at media organizations. We can’t possibly cover them all. But in addition to Whereby, we’ll examine…
Each of these platforms changes regularly, so check back to see our regular updates. And if you see anything wrong, let us know at freedom.press/contact.
Table of Contents
- Background
- Evaluating the platform’s security properties
- Evaluating the platform’s privacy properties
- Can I get the job done easily and without abuse?
Background
Whereby was first known as Appear.in, a small Norway-based startup that was later bought by Videonor. Much like Jitsi Meet, Whereby is a completely browser-based video chat platform, so all you need is a link to open in a browser to join, without a separate app, or even a Whereby account, unless you’re the room’s owner.
Whereby’s business model is centered around subscriptions, with paid tiers subsidizing the cost of its free tier instead of relying on advertising or other commercial data collection. Its target customers are remote knowledge workers, with a blog featuring tips on working from home and distributed work in general.
Evaluating the platform’s security properties
Does the platform support two-factor authentication? By what methods?
No. Whereby uses a password-free login mechanism where a unique code is sent to your phone or email address. This is commonly seen as a second factor on top of a password, but without the password it’s just one factor.
Does the platform support transit encryption? How is it implemented?
Yes. Whereby uses standard transport layer security, or TLS, to secure traffic between your computer and its servers. For paid “large meeting modes,” video and audio use WebRTC but are encrypted and decrypted on Whereby’s servers, not peer-to-peer or end-to-end encrypted as WebRTC is typically designed to be.
Does the platform support end-to-end encryption? How is it implemented?
In "small meeting mode," (two meeting participants) Whereby uses the WebRTC standard in a standard peer-to-peer architecture, which is end-to-end encrypted. As with other peer-to-peer systems, however, your IP address and, thus, potentially your approximate physical location, may be exposed to other parties in the chat. If location privacy is paramount, we recommend utilizing a VPN, which can prevent WebRTC leaks, and an up-to-date browser to keep your location protected from others in a Whereby small meeting mode room.
Has the platform undergone an independent security audit? If so, what were the results and how did the platform respond to any identified vulnerabilities?
In a response to an email from FPF, a representative from Whereby’s PR team said there was a third-party penetration test on Whereby’s application code conducted in September 2020, but does not plan on publicly releasing the results of the test.
Has the platform been breached before? How did it respond?
We could not find publicly available examples. We reached out to Whereby to learn more.
"We have not had any severe vulnerabilities or security issues that have been reported or we have identified [by security researchers]," it told us. Whereby did say it had previously paid a few bug bounties on a case-by-case basis, but the severity of the vulnerabilities discovered by bug bounty recipients was not disclosed.
Evaluating the platform’s privacy properties
How does the platform handle contact discovery?
It doesn't. There are also no documented endpoints in the Whereby API that account for contacts, suggesting it doesn’t provide this capability.
Can I use the platform without making an account?
You need an account to create a room, but not to join one.
What user metadata and content is logged by the platform?
According to Whereby’s privacy policy, collected data varies between free and paid users, but may include standard web metadata such as device, browser versions, and IP addresses, which may be correlated with location. Other metadata includes user roles, analytics data (if you opt in), billing data for paid users, and email addresses. If you use Google to sign in, Whereby retrieves the email address you have associated with that Google account. Additionally, a near-complete collection of your Whereby account metadata may also be found in a raw form with a GDPR user data export.
What user data does the platform sell?
Whereby has a subscription-based business model and claims not to sell user data.
How long does the platform hold on to user data after the user deletes it, or shuts down their account?
According to Whereby’s privacy policy, data associated with your account is deleted immediately after choosing to delete your account, unless retained for regulatory compliance. Rooms are retained until you choose to delete them, and transaction information is stored for a minimum of five years and a maximum of ten years. Recorded video is stored in your web browser’s local storage, rather than on Whereby’s servers, and that data can be cleared in your browser’s cache settings.
Can the platform be self-hosted?
No.
Does the platform publish a yearly transparency report?
No.
Does the platform alert users to requests for their data?
According to Whereby’s chief product and technology officer, this has been handled on a case-by-case basis historically, but recently Whereby has let users know of law enforcement requests if they are affected, unless they’re anonymous users and have no way of contacting them.
Are there any publicly documented cases of law enforcement requests for user data?
Aforementioned metadata. Video is not recorded, and host-recorded video lives locally in-browser only. Location data in terms of IP addresses are kept for 90 days. Billing information is kept for a longer, unspecified period of time due to local laws, but billing information is not required for the free tier.
Can I get the job done easily and without abuse?
Does the platform offer the ability to broadcast?
No. Whereby's top tier maxes out at 100 participants.
Can I use this platform to host closed-room meetings?
Yes.
Can I control who can access my call if I want to?
Rooms are "locked" by default so that the room owner has to approve whoever joins. To approve guests, a guest “knocks” from a “waiting room.” The owner can then get their presented name and video feed to see if it’s one of their guests or someone they weren’t expecting.
What is the maximum meeting group size?
100 participants.
Are there accessibility features? If so, what are they?
Whereby has made some improvements so that its website is more screen-reader friendly.
Who can record meeting video? Audio? Chats?
Only a room host can record video/audio, and it's saved in-browser using the Whereby browser extension and not on Whereby’s servers. Chats are treated ephemerally and deleted server-side and client-side after a session ends. Chats are not included in video recordings.
Is there a way to mute participants in the call? How does it work?
Yes, but only if they’re a room owner.
Is there a way to kick participants off the call? How does it work?
Yes, but only if they’re a room owner.
You made it to the end!
Now that you’ve read all about the platform, you can evaluate whether it’s right for your situation. If you want to check out another platform, consider looking at our short guide for a high-level comparison, or this videoconferencing guide for many more details. And, as always, contact our training team if you need more assistance.