-
Notifications
You must be signed in to change notification settings - Fork 465
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remote control return #483
Comments
No short term plans for it, sorry. |
This issue has some details on why it was removed: #431 If you understand the risks, then to get remote control back, you can either use an older version (e.g. 2.0.0 - 2.2.0), or you can rebuild the application with this boolean changed from Going forwards, I can see two options:
|
I'd be very, very happy to get remote control back! Just a thought: If you introduce a command line option, or maybe a very big gui warning I'd be happy. Maybe something like: This will allow your communication partner AND ALSO the provider of the Jitsi-Meet server $SERVER_DOMAIN to control your computer. Note: |
I'd be also very happy to get remote control back, thanks! ;-) I like the software very much, thumbs up! |
Here is a patch to set the remote control enabled/disabled in Settings If you run a private jitsi server, i think enable is not a real problem. Default is disabled. jitsi_remote_control_parameter.diff.txt Here is the fork/branch https://github.com/ojehle/jitsi-meet-electron/tree/rc |
Hi there, would be really cool to have the feature back. |
i did a merge request, but rejected. i‘m checking the possibility to enhance the security by exchange a key. somebody requests your screen. a number pops up, when you accept. this number must be entered by the other and is used to encrypt the remote control channel. so if there is a server between doesnt matters anymore. its the same in teamviewer. and the server can be hacked, but never get a notice of the key, so he cannot decrypt. the protection i did is to check, if the server entered in the settings is the same like the server of the conference. if its true and not the default remote control is allowed. |
Or some client /server cert. Like OpenVPN, the server and client are authenicated against your own CA. Invoked when using your own Private Jitsi server. I think it was responable to pull the feature of not secure, however the feature if required. Which my coding ninga skills were more up to scratch |
@ojehle apologies for the noob question, I'm not a node dev, How do you apply the patch that you created on the fork that you made. |
nothing special. i build the patched version according the developer infos in the documentation here |
I cant build this project on my windows 10 machine. npm install errors etc. I am not a developer, so I need a deeper explanation on what is to do on a clean Win10 machine to build this project. Maybe someone has a tip for me on how to build @ojehle 's fork/branch!? |
Any chance to get this into master branch? Maybe with enhanced Security? |
Get what exactly? The code is there, just disabled. You can enable it by building the app yourself. |
The remote control function will be great for helping your grandma out with computer problems remotely but of course it needs to be secure. Having a remote control function using Jitsi Meet is great for privacy and security since Jitsi Meet is open source, Jitsi Meet Electron is open source, Jitsi Meet Electron runs on Linux which many use for privacy and security and it is easy to setup and connect compared to other VNC apps which can be hard for "grandma" to connect to. The only good alternative I know is TeamViewer which is proprietary and closed source. I hope to see Jitsi Meet Electron to have remote control functionality someday with security for this reason alone. |
You don't have to reiterate, I know it was very nice to have. It was with a heavy heart that I had to disable it. |
@saghul if there are ideas how to protect the remote control let me know. i did the "small" protection for my jitsi server by adding the server hostname, for which i will allow the remote control. There is still the possibility on the server side, to intercept. with a private server (only for authenticated users), its under control of our company. but other ideas
more ideas are welcome.. Don't know if Zoom, Teams or other Tools protect from Administrator Access the Remote Control Data Streams? |
If you have control over the server and you supply your users with an Electron client which can only hit your server, you are fine. The fix involves reversing the logic so the actual sharing starts at the client end when they press the button, but this code must be local to the client. |
Please do not share links to foam with this feature enabled here. It's not safe to use except I very specific scenarios. Do not trust anyone who shares such binaries. |
I put heavy notices in the README there not to use it unless you understand the risks, but, if you do not want it here, I understand. Would you rather me delete the fork entirely? |
Feel free to have your fork, but please refrain from linking it here. |
any news on that? imo thats a very important feature for all who do some online tutoring. |
No news. The advisory said no such thing. The security issue was “fixed” by disabling the feature altogether. |
The meet.jit.si start page is still advertising the remote control feature |
Where is that? |
"Remotely control other participants desktop" - in the lower left box |
@saghul Sorry for hitting on this issue again but, just to find more insight and try to make the roadmap more clear. In your view, the remote control, given the architecture of Jitsi and given the security risk, is something that would be definitely out of scope for this project roadmap? Or is it still very much on the possible roadmap, but it requires some expensive/significant changes to the code/architecture or even a new/updated version of the protocol for it to work securely, or so? |
What about using the features that https://remotedesktop.google.com/ is built on so that electron app is not needed? This will probably require a new code base which with any luck might have no security bugs. |
Can https://github.com/ojehle/jitsi-meet-electron/tree/rc be used w/o problems? ("98 commits behind jitsi:master") Wouldn't it be better to make RC a configurable option in /etc/jitsi/ for the official version distributed for "sudo apt-get install"? |
Please read the security advisory, I quote:
We will NOT make it configurable. |
i really like jitsi, but remote control is - at least for me - a killer feature. and i also think in the more professional/business world is that. and i am sure some would donate to fix the security concerns. |
You can make your own build flipping that flag if you so desire. |
I see the point of making it a switch in the settings, maybe disabled by default? |
I won't repeat myself. Next time I'll just lock this issue. |
Sorry, I just did not read above....I'll get more coffee! |
Kinda disappointing that there is no insight on my proposal and instead people just come here and propose that the software should have a "PLEASE HACK ME" toggle. |
Hello,
The remote control functionality is expected to return in future versions of the jitsi meet electron?
This functionality is very important for me.
Regards
The text was updated successfully, but these errors were encountered: