What we know about video conferencing with Whereby

David Huerta 2019

Digital Security Trainer

Header image reading, "What we know about video conferencing with Whereby"

If you work remotely on the web, you’re probably getting comfortable with multiple video chat tools. At Freedom of the Press Foundation, we’ve published a high-level comparison of some common video chat applications, and many others maintain detailed comparison spreadsheets to help you compare dozens of tools. We also wanted to dive deeper into what we know about a few individual tools. This “fact sheet” will detail some security, privacy, usability, and anti-abuse properties of Whereby. In particular, we’re focusing on properties that are critical to high-risk users, like journalists, and developed a series of questions to help examine these properties.

In our fact sheets, we’ll be taking a closer look at several tools in common use at media organizations. We can’t possibly cover them all. In addition to Whereby, we’ll examine…

Each of these platforms changes regularly, so check back to see our regular updates. And if you see anything wrong, let us know at freedom.press/contact.

Table of Contents

  1. Background
  2. Evaluating the platform’s security properties
  3. Evaluating the platform’s privacy properties
  4. Can I get the job done easily and without abuse?

Background

Whereby was first known as Appear.in, a small Norway-based startup which was later bought by Videonor. Much like Jitsi Meet, Whereby is a completely browser-based video chat platform, so all you need is a link to open in a browser to join, without needing a separate app, or even an Whereby account unless you’re the room’s owner.

Whereby’s business model is centered around subscriptions, with paid tiers subsidizing the cost of its free tier instead of relying on advertising or other commercial data collection. Its target customers are remote knowledge workers, with a blog featuring tips on working from home and distributed work in general.

Evaluating the platform’s security properties

Does the platform support two-factor authentication? By what methods?

No.

Does the platform support transit encryption? How is it implemented?

Yes. Whereby uses standard TLS to secure traffic between your computer and their servers. For paid “large meeting modes,” video and audio use WebRTC but are encrypted and decrypted on Whereby’s servers, not peer-to-peer or end-to-end encrypted as WebRTC is typically designed to be.

Does the platform support end-to-end encryption? How is it implemented?

For the free tier "small meeting mode," (up to 4 people) Whereby uses WebRTC standard in a standard peer-to-peer architecture, which is end-to-end encrypted. As with other peer-to-peer systems however, your IP address, and thus, potentially your approximate physical location, may be exposed to other parties in the chat. If location privacy is paramount, we recommend utilizing a VPN which can prevent WebRTC leaks and using an up-to-date browser to keep your location protected from others in a Whereby small meeting mode room.

Has the platform undergone an independent security audit? If so, what were the results, and how did the platform respond to any identified vulnerabilities?

Not yet, but in a response to an email from Freedom of the Press Foundation, Whereby’s co-founder says that they plan to go through some sort of ISO certification, as their parent company Videonor has already been certified.

Has the platform been breached before? How did they respond?

We could not find publicly available examples. We reached out to Whereby to learn more.

"We have not had any severe vulnerabilities or security issues that have been reported or we have identified." Whereby did say they have previously paid a few bug bounties on a case-by-case basis, but the severity of the vulnerabilities discovered by bug bounty recipients was not disclosed.

Evaluating the platform’s privacy properties

How does the platform handle contact discovery?

It doesn't. There are also no documented endpoints in the Whereby API that account for contacts, suggesting they don’t provide this capability.

Can I use the platform without making an account?

You need an account to create a room, but not to join one.

What user metadata and content is logged by the platform?

According to Whereby’s Privacy Policy, collected data varies between free and paid users, but may include standard web metadata such as device, browser versions and IP addresses, which may be correlated with location. Other metadata includes user roles, analytics data (if you opt in), billing data for paid users, and email address⁠⁠. If you use Google to sign in, Whereby retrieves the email address you have associated with that Google account. Additionally, a near-complete collection of your Whereby account metadata may also be found in a raw form with a GDPR user data export.

What user data does the platform sell?

Whereby has a subscription-based business model, and claims not to sell user data.

How long does the platform hold on to user data after the user deletes it, or shuts down their account?

According to Whereby’s privacy policy, data associated with your account is deleted immediately after choosing to delete your account, unless retained for regulatory compliance. Rooms are retained until you choose to delete them, and transaction information is stored for a minimum of five years and a maximum of ten years. Recorded video is stored in your web browser’s local storage, rather than on Whereby’s servers, and that data can be cleared in your browser’s cache settings.

Can the platform be self-hosted?

No.

Does the platform publish a yearly transparency report?

No.

Does the platform alert users to requests for their data?

According to Whereby’s Chief Product and Technology Officer, this has been handled on a case-by-case basis historically, but recently Whereby has let users know of law enforcement requests if they are affected, unless they’re anonymous users and have no way of contacting them.

Are there any publicly documented cases of law enforcement requests for user data?

Aforementioned metadata. Video is not recorded, and host-recorded video lives locally in-browser only. Location data in terms of IP addresses are kept for 90 days. Billing information is kept for a longer, unspecified period of time due to local laws, but billing information is not required for the free tier.

Can I get the job done easily and without abuse?

Does the platform offer the ability to broadcast?

No, Whereby's top tier maxes out at 50 participants at their most expensive subscription tier.

Can I use this platform to host closed room meetings?

Yes.

Can I control who can access my call if I want to?

Rooms are "locked" by default so that the room owner has to approve whoever joins. To approve guests, a guest “knocks” and the owner can get their presented name and video feed to see if it’s one of their guests or someone they weren’t expecting.

What is the maximum meeting group size?

50 at their most expensive tier.

Are there accessibility features? If so, what are they?

Whereby has made some improvements to make their website more screen-reader friendly.

Who can record meeting video? Audio? Chats?

Only a host of the room can record video/audio, and it's saved in-browser using the Whereby browser extension, and not saved on Whereby’s servers. Chats are treated ephemerally and deleted server-side and client-side after a session ends. Chats are not included in video recordings.

Is there a way to mute participants in the call? How does it work?

Yes, but only if they’re a room owner.

Is there a way to kick participants off the call? How does it work?

Yes, but only if they’re a room owner.

You made it to the end!

Now that you’ve read all about the platform, you can evaluate whether it’s right for your situation. If you want to check out another platform, consider looking to our short guide for a high-level comparison, or videoconferencing.guide for many more details. And as always, contact our training team if you need more assistance.

Donate to protect press freedom.

Your support is more important than ever.