Chances are that in the past few years you have spent more time in video chats than ever before and may be regularly using multiple video call applications. While your main consideration may just be that everyone is able to join the meeting in the first place, we do have a few key concerns for the security, privacy and practicality of these tools for newsrooms:
- Do they support end-to-end encryption?
- Do they support self-hosting?
- Do you need an account to join meetings?
- How many people can join meetings?
Let’s talk through some common video chat applications, in no particular order, and how they approach these issues.
Though Zoom has been around since 2011, nearly overnight it has become one of the most popular video chat services around. It provides good quality calls and supports up to 100 users on a free account. You can even host it on your own server, preventing video call content from ever interacting with Zoom’s servers. But with that newfound adoption comes newfound scrutiny from the security community.
Back in 2020 security researchers called attention to misleading claims about its encryption, as well as a series of vulnerabilities that could expose user data. And yet, the company has patched vulnerabilities nearly as fast as it could find them and has assembled talented teams of external security researchers to examine it for weaknesses. More recently, it has even enabled an option for end-to-end encryption. That means the service provider cannot listen into calls when end-to-end encryption is turned on in a video call, though users need to manually enable this feature. You do not need to register to join a meeting if you have the invite URL.
BigBlueButton is an open source videoconferencing service designed for classroom environments, giving it a number of unique features for presenting and interacting with participants. Among them is the ability for hosts to run live quizzes or to allow participants to collaboratively write on slide presentations. It does not support end-to-end encryption in the usual sense, but it is intended to be self-hosted, so if you trust the host, this may be a fine privacy tradeoff. It supports 200 people,with the minimum configuration requirements. It does not require users to register an account to join meetings.
Google Meet is not end-to-end encrypted and cannot be self-hosted. It supports as many as 100 people on a free account and 500 users on paid accounts. You don’t need to log into a Google account to join a meeting. If you’re comfortable with Google, it’s a reliable service accessible from nearly any device.
Skype is Microsoft’s consumer video chat application, offering reliable videoconferencing for up to 100 people. Using Meet Now, Skype allows hosts to invite anyone to join a meeting without registering an account. It’s not end-to-end encrypted and cannot be self-hosted.
Microsoft Teams includes Microsoft’s business and enterprise videoconferencing software, supporting up to 100 people on its free offerings and 1,000 participants on its paid offerings. Because it is integrated into Microsoft’s broader online Microsoft 365 suite, it’s not possible to keep it truly self-hosted, but Teams does support end-to-end encryption for one-on-one calls. It also allows participants to join meetings without registering an account.
Slack supports video chat for as many as 15 users. Like other parts of the Slack service, it’s not end-to-end encrypted and requires users to be signed into their Slack account. It does not support self-hosting.
Like many services, Cisco’s Webex makes user data readable to the server by default. But unlike many of its enterprise competitors, it also offers optional end-to-end encryption for up to 400 users with its paid offerings. Cisco Webex has removed its self-hosted Meeting Server option. However, Cisco offers a different product (Cisco Meeting Server) for self-hosting video calls. It does not require a user to register for an account to join meetings.
Jitsi Meet is an open source project, enabling anyone to download and self-host their own videoconferencing server. You can try it out or host your own meetings at meet.jit.si. The team behind Jitsi is now experimenting with scalable end-to-end encryption, but end-to-end encryption is enabled by default for meetings with only two users. With three or more users, the meeting is not end-to-end encrypted. Because it requires no sign-up, and users can even generate their own custom meeting IDs, it’s an effortless way to start a meeting. Technically, it supports up to 75 meeting participants, but in our experience call quality can get choppy with far fewer.
Whereby (previously Appear.in)
Whereby is simple: To host meetings, sign up and share a link with your contacts, who can join from their browser just by providing a name. On its free tier, Whereby supports voice-based group calls with up to 100 people (200 on a paid plan). With video enabled, only 12 people can speak at a time. However, Whereby can only support two people in an end-to-end encrypted video call. It does not support self-hosting.
FaceTime is simple and reliable, supporting end-to-end encrypted video calls for as many as 32 users. This is great for small- and medium-sized meetings. For a long time, FaceTime only worked on Apple devices, but newer versions of FaceTime allow users to invite Windows and Android users into video calls. FaceTime is entirely proprietary and can’t be self-hosted.
Signal is generally regarded as the gold standard in the security community. Signal offers end-to-end encryption, and through its open source implementation and public disclosure of court documents, the team has demonstrated both hardened encryption and minimal user data retention. At Freedom of the Press Foundation, these are reasons we so often recommend it to journalists. In video chat, it supports up to 40 participants. One trade-off to consider: It requires users to register with a phone number, and share that number with conversational partners. You could run your own Signal server, but because it won’t play nice with the central Signal servers it would likely be a lonely experience.
With over 2 billion users, there’s a good chance you have friends on WhatsApp. It leverages the same encryption behind Signal, so it is also end-to-end encrypted. WhatsApp is owned by Meta, the parent company of Facebook, and while it cannot share the content of your conversations, it still shares a fair bit of your information with the company. For example, WhatsApp shares users’ contact lists with Meta, among other things. If you’re comfortable with Meta, WhatsApp is a reliable way to video chat with a group as large as eight people, with registration required. It cannot be self-hosted.
Wire uses an independent implementation of the Signal protocol called Proteus. While it has similar encryption to Signal, in most other ways Wire is charting a separate path. For example, it allows users to self-host and to register without a phone number. Unlike Signal, it also allows guests to join calls. However, Wire only supports two users in videoconferences and up to 50 for paid accounts. Wire also stores your contact list on its servers. At FPF we sometimes use Wire, but the video call quality can be spotty.
Each of these tools has unique properties that might catch your attention, depending on what kind of conversation you want to have. To help you keep track of the differences between the tools, we made you a handy chart. Each of these tools is regularly updated, so we’ll make regular updates as well.
And as always, news organizations in need of assistance can reach out to our digital security training team for questions or concerns about videoconferencing software.