Earlier this year we started a new project to examine and strengthen our digital resilience. Through this work we hope to further integrate social justice principles into our tech choices and practices and deepen our capacity to support our partners
After conducting a deeper needs assessment within the team, the first set of changes we made focused on our video conferencing infrastructure. In this blog post, we’re sharing some reflections about the new tools our team is testing out and how our experience has been so far.
We are using the term “digital resilience” to refer to a set of practices that support the ability of an organisation to protect itself from — and respond to — digital security threats, to ensure the wellbeing of its members/individuals, and to adopt infrastructures that respond to the ever-changing needs and contexts of the organisation and its members.
Deciding which video conferencing tools fit our needs and values
At The Engine Room, we aim for a justice-based approach to our technical choices. This means we prioritise choosing technology solutions that intentionally weave anti-oppression strategies into all stages of their creation, maintenance and uptake. As a remote organisation, video conferencing is integral to our day-to-day operations. After conducting a deeper needs assessment within the team, it became clear that adopting tools that are privacy-respecting and strengthen our organisational security was a priority for us. For this reason, we decided to set up our own instances of BigBlueButton (BBB) and Jitsi Meet. Both tools are encrypted, open source, and incorporate privacy by design.
BigBlueButton is an open source online learning and video conferencing platform.All traffic from the users’ web browsers to the server goes over standard security protocols when audio, video or screens are being shared.
BBB is designed specifically for educational applications, with features like whiteboards, break-out rooms, and polling. It also integrates with various learning management systems (e.g. Canvas, Moodle). Everything happens in users’ web browsers, so there’s no need for any additional software.BigBlueButton users don’t need to create an account to join a call: all they need is the meeting link, which can be opened with a browser. Access to meetings can be limited through a code and joining the room can be dependent on moderator approval.
To use all the functionalities of the tool it is necessary to have a server to install it on. BBB’s website offers the possibility of creating an account to access a “demo” version of the tool. Using this version you can make calls of up to 60 minutes.
Jitsi Meet (also referred to as meet.jit.si) is a free and open source video conference service maintained by parent company 8×8. By default, Jitsi Meet provides transport-layer encryption between the browser and the Jitsi Meet server of your choice; an end-to-end encryption feature is also available.
Jitsi Meet users don’t need to create an account to join a call: all they need is the meeting link, which can be opened with a browser or through Jitsi’s mobile app.
Meetings can also be password-protected.
Jitsi Meet offers the option of self-hosting and there is a public version of the tool for free use.
Some of the factors that we took into account while selecting video conferencing tools are included in the list below (which takes inspiration from many resources, such as this “Guide to Secure Group Chat and Conferencing Tools”):
- Maturity and maintenance: We took into account how mature the platforms are, including the amount of time they’ve been running for and whether or not they are still being actively developed. We also considered the existence of active communities of developers and users for both tools.
- Privacy: A variety of factors went into consideration: whether or not user data is shared or sold to third parties, if the tools provide encryption (and what type of encryption: end-to-end or to-server), if it’s possible to self-host, what data is stored on platforms’ servers and what data platforms’ owners have access to, if users need to install a dedicated app or software and what data this app or software would have access to.
- Reputation: We prioritised tools that are used and respected by social justice organisations and peers we work with, as well as recommended by security experts.
- Ownership: We considered whether tools were open source and if the companies provided the source code openly, as well as the history of development and ownership of the platform and potential security challenges (including how owners and developers reacted to those challenges).
- Features and affordances: We mapped the platforms according to how well their features would respond to our needs: easiness to connect to these platforms, usage of tools for internal and external calls and more.
- Associated costs: We also considered the costs related to each of the tools, including potential subscription fees, learning and implementing, possible IT support needed and hosting costs
A brief overview of our experience so far
Hosting and infrastructure details
– For BigBlueButton, we hired Maadix‘s hosting service, who are maintaining both the tool and the servers where it’s hosted. We use a version customised by Maadix with performance and privacy improvements.
– For Jitsi Meet, we are using the pre-installed stable version that Greenhost – with whom we have been already working – offers to their clients.
After implementation, we asked our team to use BigBlueButton and Jitsi Meet as much as possible. After two months of piloting the tools, we conducted an internal survey and received mostly positive feedback—overall the team appreciated using tools that are aligned with our organisational values. We also identified areas for improvement, which we will work on over the next few months, including user friendliness and video instability.
It’s important to note that while we try to default to using our own internal platforms, there are occasions where we have a need for features that these platforms do not yet have. For example, we often use webinar registration pages and waiting rooms to ensure that our community calls are safe for participants; however, BigBlueButton and Jitsi Meet do not currently possess these features. Additionally, although both platforms aim to be low resource, they often struggle in low bandwidth situations. Lastly, there’s the learning curve of the team for adapting new tools. We often crave for the familiar when it’s not immediately clear how to perform a certain task. We recognize that adapting to the workflow of these tools will take time as is the case with most technological changes.
Here is a summary of some of the benefits and challenges of installing and maintaining these tools on our own servers.
- Authonomy: More control over the tools we use, since we are responsible for the installation and can check all code that runs in the application.
- Values: Tools that are aligned with our values and principles.
- Transparency: Transparency of the open software code—we can inspect every line of code used to build the tools.
- Security: With open source tools, more people are inspecting the code, which enables more issues to be found – and fixed. Vulnerabilities are fixed much faster and updates are more frequent.
- Cost: Open-source software is very often free or cheaper than proprietary software. Therefore, we save on licensing and maintenance fees.
- Open source ecosystem: We are contributing to a community of developers committed to making the internet a fairer place.
- Customisation and Flexibility: Using services customised for our use and having exclusive domains.
- Resources: Self-hosted tools require more maintenance time and investment in servers.
- Tech expertise: Self-hosted tools require knowledge and availability (internal or external) to troubleshoot issues the team or our partners experience.
- Documentation: Using tools that are less widespread or familiar demands an effort to produce technical and user-facing documentation. For example, we developed internal user guides for both platforms containing FAQs, and we also created an external guide that explains our decisions behind specific platform use in community calls.
- Adapting to new tools: Functionality is not always the same between tools and even when it is, the user experience may differ. Adopting new tools can take time (as we wrote in this blog post) and can impact the day-to-day work of the organisation.
- Stability and availability: Ensuring that self-hosted tools are stable and have high availability (or the ability of a system to operate continuously without failing) is a challenge. Constant monitoring, maintenance, and server redundancy (storing information in more than one server) are steps required to make sure information can be restored in case of problems.
This overview represents a snapshot of where we currently are in our journey with these tools: these observations will likely evolve and change over time, as we work on this project and mature our own digital resilience practices.
During this process, we were reminded of how adopting free and open-source software tools (and self-hosting them!) is a process that takes quite some time and planning, but that ultimately contributes greatly to our digital resilience. Over the next months, we will continue to work on our video conferencing tools, including improving on the tools’ overall performance and stability, refining user documentation and addressing connectivity issues.
If your organisation is interested in going through a similar process, we’d be happy to support you (even if your end result is different!). Schedule a call with us!
Image by Chris Montgomery via Unsplash.