If you work remotely on the web, you’re probably getting comfortable with multiple video chat tools. At Freedom of the Press Foundation, we’ve published a high-level comparison of some common video chat applications, and many others maintain detailed comparison spreadsheets to help you compare dozens of tools. We also wanted to dive deeper into what we know about a few individual tools. This “fact sheet” will detail some security, privacy, usability, and anti-abuse properties of Whereby. In particular, we’re focusing on properties that are critical to high-risk users, like journalists, and developed a series of questions to help examine these properties.
In our fact sheets, we’ll be taking a closer look at several tools in common use at media organizations. We can’t possibly cover them all. In addition to Whereby, we’ll examine…
Each of these platforms changes regularly, so check back to see our regular updates. And if you see anything wrong, let us know at freedom.press/contact.
- Evaluating the platform’s security properties
- Evaluating the platform’s privacy properties
- Can I get the job done easily and without abuse?
Whereby was first known as Appear.in, a small Norway-based startup which was later bought by Videonor. Much like Jitsi Meet, Whereby is a completely browser-based video chat platform, so all you need is a link to open in a browser to join, without needing a separate app, or even an Whereby account unless you’re the room’s owner.
Whereby’s business model is centered around subscriptions, with paid tiers subsidizing the cost of its free tier instead of relying on advertising or other commercial data collection. Its target customers are remote knowledge workers, with a blog featuring tips on working from home and distributed work in general.
Does the platform support two-factor authentication? By what methods?
Does the platform support transit encryption? How is it implemented?
Yes. Whereby uses standard TLS to secure traffic between your computer and their servers. For paid “large meeting modes,” video and audio use WebRTC but are encrypted and decrypted on Whereby’s servers, not peer-to-peer or end-to-end encrypted as WebRTC is typically designed to be.
Does the platform support end-to-end encryption? How is it implemented?
For the free tier "small meeting mode," (up to 4 people) Whereby uses WebRTC standard in a standard peer-to-peer architecture, which is end-to-end encrypted. As with other peer-to-peer systems however, your IP address, and thus, potentially your approximate physical location, may be exposed to other parties in the chat. If location privacy is paramount, we recommend utilizing a VPN which can prevent WebRTC leaks and using an up-to-date browser to keep your location protected from others in a Whereby small meeting mode room.
Has the platform undergone an independent security audit? If so, what were the results, and how did the platform respond to any identified vulnerabilities?
Not yet, but in a response to an email from Freedom of the Press Foundation, Whereby’s co-founder says that they plan to go through some sort of ISO certification, as their parent company Videonor has already been certified.
Has the platform been breached before? How did they respond?
We could not find publicly available examples. We reached out to Whereby to learn more.
"We have not had any severe vulnerabilities or security issues that have been reported or we have identified." Whereby did say they have previously paid a few bug bounties on a case-by-case basis, but the severity of the vulnerabilities discovered by bug bounty recipients was not disclosed.
How does the platform handle contact discovery?
It doesn't. There are also no documented endpoints in the Whereby API that account for contacts, suggesting they don’t provide this capability.
Can I use the platform without making an account?
You need an account to create a room, but not to join one.
What user metadata and content is logged by the platform?
What user data does the platform sell?
Whereby has a subscription-based business model, and claims not to sell user data.
How long does the platform hold on to user data after the user deletes it, or shuts down their account?
Can the platform be self-hosted?
Does the platform publish a yearly transparency report?
Does the platform alert users to requests for their data?
According to Whereby’s Chief Product and Technology Officer, this has been handled on a case-by-case basis historically, but recently Whereby has let users know of law enforcement requests if they are affected, unless they’re anonymous users and have no way of contacting them.
Are there any publicly documented cases of law enforcement requests for user data?
Aforementioned metadata. Video is not recorded, and host-recorded video lives locally in-browser only. Location data in terms of IP addresses are kept for 90 days. Billing information is kept for a longer, unspecified period of time due to local laws, but billing information is not required for the free tier.
Does the platform offer the ability to broadcast?
No, Whereby's top tier maxes out at 50 participants at their most expensive subscription tier.
Can I use this platform to host closed room meetings?
Can I control who can access my call if I want to?
Rooms are "locked" by default so that the room owner has to approve whoever joins. To approve guests, a guest “knocks” and the owner can get their presented name and video feed to see if it’s one of their guests or someone they weren’t expecting.
What is the maximum meeting group size?
50 at their most expensive tier.
Are there accessibility features? If so, what are they?
Whereby has made some improvements to make their website more screen-reader friendly.
Who can record meeting video? Audio? Chats?
Only a host of the room can record video/audio, and it's saved in-browser using the Whereby browser extension, and not saved on Whereby’s servers. Chats are treated ephemerally and deleted server-side and client-side after a session ends. Chats are not included in video recordings.
Is there a way to mute participants in the call? How does it work?
Room owners may mute a guest so that no one in the room can hear them. However, that guest may then unmute themselves without needing approval from the room owner. Room guests cannot mute anyone for the whole room, but can adjust the volume level they hear from any guest, for just themselves, including turning the volume all the way down.
Is there a way to kick participants off the call? How does it work?
Yes, but only if they’re a room owner.
Now that you’ve read all about the platform, you can evaluate whether it’s right for your situation. If you want to check out another platform, consider looking to our short guide for a high-level comparison, or videoconferencing.guide for many more details. And as always, contact our training team if you need more assistance.