Brave Talk: privacy and anonymity

Hi there,

I am trying to dial in on what privacy protections there actually are in Brave Talk.

From 2021 article:

“Brave Talk users can enable multiple layers of encryption on calls, so an eavesdropper cannot listen in on users’ calls, and our servers don’t save metadata, so calls, images, and activities are never recorded or shared without user consent,”…

“Brave Talk does not (yet) have end-to-end encryption rolled out…”

On encryption it says users can enable different layers in the settings. It describes the current strongest level of encryption available in both free and premium versions of Brave Talk as “Video Bridge Encryption”.

“This setting ensures that the video and audio streams are encrypted using keys generated by the participants, which prevents eavesdropping on the Video Bridge Server,” said co-founder and CEO Brendan Eich. “Video Bridge Encryption can be enabled under ‘Security Options’.”

“Because we find the phrase ‘end to end encryption’ to be confusing and overloaded, Brave Talk refers to the setting as “Video Bridge Encryption,” he also told us, adding: “End to end encrypted calls are just one dimension of privacy and security when participating in video calls. Even when using encryption, most of the ‘Big Tech’ video tools actively collect and store data about your call: Who the participants were, when the call took place and for how long, and a host of other information.

“The anonymous credential system employed by Brave Talk ensures that we don’t know who users are and who they are talking to, and we can’t link them across sessions. Brave Talk is a privacy-by-default tool that does not track users.”

Pushed for more clarity on the difference between Video Bridge Encryption (VBE) and E2EE, he also told TechCrunch: “The reason that we refer to it as ‘Video Bridge Encryption’ and not ‘End to End Encryption’ is that, while VBE does ensure that audio and video remain encrypted from Brave, 8×8, and any other passive eavesdroppers, we are still working with 8×8 on a way to make this more robust against active attackers by automatically authenticating meeting participants.

“When that work is complete, we will feel comfortable introducing it as full end to end encryption, and it will provide significant advantages over platforms like Zoom, which require participants to read a security code out loud to confirm end to end encryption is working.”

Source:

Question 1: Where is Brave at with the e2ee?

Question 2: Is Brave Talk still hosted on an 8 x 8 server or has it migrated elsewhere?

Since Brave Talk uses Jitsi software, this would be a place to look for information on the encryption:

Does Jitsi support end-to-end encryption?

The short answer is: Yes, we do!

You can turn on end-to-end encryption (e2ee) as long as you are using Jitsi Meet on a browser with support for insertable streams. Currently this means any browser based on Chromium 83 and above, including Microsoft Edge, Google Chrome, Brave and Opera. You may also use our Electron client, which supports it out of the box.

All you need to do is select the “End-to-end Encryption” option in the overflow menu and then make sure that all participants fill in the same pass word or phrase in the Key field.

Source:

Question 3: Is this e2ee that Jitsi offers the same as the Video Bridge Encryption that Brave offers? Has it been hardened from active attackers?

Questions have arisen about whether or not the Jitsi software that Brave Talk uses has been externally audited…

In any case, we used to list Jitsi but removed it because it has not had an external audit, as far as I can remember.

I did some research and unless I’m missing something, that hasn’t changed at this point, so it is unlikely we can recommend Brave Talk right now, given that it uses Jitsi itself.

Source: discuss.privacyguides(dot)net/t/opinions-about-brave-talk/258/2

Question 4: Has Brave Talk/Jistsi undergone a security audit by a credible 3rd party service?

One year ago someone posted on Reddit:

Why isn’t end-to-end encryption on by default in Brave Talk?

Source:
reddit(dot)com/r/brave_browser/comments/182phk8/why_isnt_endtoend_encryption_on_by_default_in/

…but no response. A good question.

Question 5: Why is Brave Talk not e2ee by default? And the chats too?

In Braves Glossary (brave(dot)com/glossary/encryption/):

Brave Talk supports E2EE in most situations.

Question 6: Which situations?

Question 7: It seems like encryption needs to be implemented manually? Which would preclude most situations, would it not, as most users will not familiarize themselves with all of the settings?

Enable Video Bridge Encryption (VBE): This is currently experimental. If you enable VBE, it will disable server side services such as recording, live streaming, and phone participation. Note that if you enable VBE but other participants do not, they won’t be able to see or hear you.

Source:

As far as logging IPs and other metadata, it does not seem that Brave keeps data after the call, (except when recorded):

We process the minimum information necessary to provide the Brave Talk service. This includes:

Your IP address and the URL of the meeting that will be processed only to enable calls; they are not retained after a call ends.

If you use the chat function, chats will be temporarily cached for the duration of the meeting.

If you record a meeting that you host, the recording will be temporarily stored on the server for 24 hours to allow you to download it. Your name and email address that you choose to display will be processed and available during the meeting.

Source:

So if someone was going to use the service in a no-trust context, they would want to use a VPN to hide their IP address.

I am going to hazard a guess. The stronger encryption setting (Video Bridge Encryption) requires everyone on the call to use that setting and to use one of the following browsers: Microsoft Edge, Google Chrome, Brave or Opera.

Such requirements would make access to the service more limited and complicated. Thus, to keep things more user friendly, the default is less secure.

Question 8: Comments?

Note: the annoying limit of 4 links per post for new users to the forum prevented me from including several hyperlinks. Instead I wrote them like this example:

discuss.privacyguides(dot)net/t/opinions-about-brave-talk/258/2

This will require the reader to manually type in the URL and modify the (dot) to a “.”.

Possibly @clifton - a Brave Developer - will help you. If not available, then @Mattches may know another developer to consult re your concerns.

@robbie.n,
There’s a lot to unpack here — hopefully I can answer at least most of the questions you have here:

All communications between the browser and the Jitsi back-end occur over TLS. This includes both the media stream and signaling messages (chat messages are carried on the the signaling connection). What that means is that these communications are seen by Jitsi’s servers.

The term e2ee (end-to-end encryption) indicates that the media stream is encrypted so that only the intended recipients can decipher it — so the audio/video packets isn’t visible to Jitsi’s servers which are forwarding those messages. There are two parts to this. The first is exchanging key information, the second is using that information to appropriately encrypt/decrypt audio/video packets.

The ideal approach is for the exchange to take place using an out-of-band (OOB) mechanism. Some security experts may argue that this isn’t entirely necessary; other security experts may argue that greater security is achieved using an OOB mechanism.

Jitsi e2ee service, which Brave Talk terms VBE (Video Bridge Encryption), performs both functions. We have not asked a third-party to audit Jitsi’s e2ee code. However, we have reviewed both the Jitsi open source code, the security protocols used for VBE, and had conversation with the folks at Jitsi to make sure we have a good understanding of everything “under the hood”.

For Brave Talk, we believe in using an independent OOB mechanism TO exchange key information, That is why VBE is not enabled by default in Brave Talk.

The ability to do VBE is available on all “modern” browsers that support “Insertable Streams”. This allows a browser to insert a layer of processing between the TLS layer and the A/V layer to encrypt/decrypt the media stream.

Finally, note that regardless of whether VBE is enabled by the user, chat messages are presently carried on the signaling connection, so the servers will always see them.

Hope this helps!

1 Like

Thank you Mattches for the reply.

That helps to clarify and confirm my understandings.
I have a few questions that did not get answered.

  1. SERVERS: Is Brave Talk still using 8 x 8 servers? (8 x 8 is the company that maintains the Jitsi software that Brave Talk uses). I understand that 8 x 8 uses Amazon Web Services (AWS) for their Jitsi servers. Can you please clarify what servers Brave Talk is using and what country (jurisdiction) the servers are in?

  2. ENCRYPTION:

For Brave Talk, we believe in using an independent OOB mechanism TO exchange key information, That is why VBE is not enabled by default in Brave Talk.

Can you give me an example of what an OOB mechanism to exchange key information would look like?

In my mind it would seem preferable to provide an automated default in-band e2ee (Video Bridge Encryption) and then have a notification suggesting an OOB option for a key exchange method to those who want tighter security to their calling.

Unless there would be compatibility or performance issues with just running in-band e2ee as the default.

Regarding server locations: Brave Talk is built on top of 8x8’s JAAS (Jitsi as a Service). The list of IP addresses of their video bridges is at: https://developer.8x8.com/jaas/docs/technical-requirements-whitelists#ip-addresses. That page includes information on third-party services under “Auxiliary Functionality” and “Analytics”. All of the latter services are disabled in Brave Talk. Brave Talk also disables most of the former services, and an update is expected in a week to disable the remaining ones.

Regarding OOB exchanges: One of the first mechanisms that Jitsi used was to allow the user to enter a string that was known only to the people in the call. How everyone got the string was left to you. That proved to have very high friction. So, the VBE mechanism was implemented in which key exchange occured with the help of the video bridges.

Finally: Further privacy-related issues for Brave Talk (or any Brave product or service) can be addressed to our data protection officer at [email protected]

Thank you Mattches for the response.

That would be good to block all of the third-party services under “Auxiliary Functionality” and “Analytics”. Microsoft, Google, etc. are obviously not interested in privacy.

According to Roland Alton of fairkom.eu/en/fairmeeting…

fairmeeting is one of the largest Jitsi instances hosted in Europe on our own kubernetes cluster. It is thus fully GDPR compliant, compared to many others, including the demo service meet.jit.si, which is hosted at AWS by the US company 8x8.”

The site link that you provided did not specify who owns the servers hosting the actual calls. If Roland is correct then the Brave Talk calls are hosted on Amazon servers.

Amazon being one of the big baddies that is building the digital prison.

A few examples off of the top of my head…

Amazon Handed Ring Data to Police Without Warrants

https://www.wired.com/story/amazon-ring-police-videos-security-roundup/

For years, Amazon-owned security camera firm Ring has been building relationships with law enforcement. By the start of 2021, Amazon had struck more than 2,000 partnerships with police and fire departments across the US, building out a huge surveillance network with officials being able to request videos to help with investigations. In the UK, Ring has partnered with police forces to give cameras away to local residents.

This week, Amazon admitted to handing police footage recorded on Ring cameras without their owners’ permission…”

Amazon gave Ring videos to police without owners’ permission

politico(dot)com/news/2022/07/13/amazon-gave-ring-videos-to-police-without-owners-permission-00045513

As my ongoing investigation into Amazon illustrates, it has become increasingly difficult for the public to move, assemble, and converse in public without being tracked and recorded,”

Defense Contracts

https://search.brave.com/search?q=Amazon+dedense+contract&source=web&summary=1&conversation=6ee3e2c917fc1357a74c79

Sidewalk: The Next Frontier Of Amazon’s Surveillance Infrastructure

https://www.aclu.org/news/privacy-technology/sidewalk-the-next-frontier-of-amazons-surveillance-infrastructure

With this initiative, Amazon is once more confirming that its true allegiances do not lie with its customers; instead, the company is moving to expand its already capacious surveillance infrastructure.””

A panopticon-style surveillance system like this is a nightmare for civil rights and civil liberties. We do not want an all-seeing eye in our communities.”

It would be prudent for Brave to find out if their calls are being hosted by a company like Amazon. Especially since your default mode for the calls is not end-to-end-encrypted and the servers can “see” the calls. I am especially concerned with what data those Amazon servers might be collecting especially since: “Amazon is also directly involved in the government surveillance business as a vendor of dangerous surveillance technologies like facial recognition.” How private and anonymous are our calls on Brave Talk if Amazon has the ability to use facial recognition (or speech recognition) to identify users and A.I. analytics to summarize the content of the conversations?

Clarification on this matter would be appreciated.

As you probably know Jitsi Meet/8x8 (meet.jit.si) burnt it’s reputation when they started requiring signing in using a Google, Facebook, or Github (Microsoft) ID.

When did Jitsi get so awful?

reddit(dot)com/r/degoogle/comments/1aby602/when_did_jitsi_get_so_awful/

Jitsi now is a betrayer and what alternative?

reddit(dot)com/r/privacy/comments/167uqcs/jitsi_now_is_a_betrayer_and_what_alternative/

Jitsi or something better?

reddit(dot)com/r/selfhosted/comments/1cc0iit/jitsi_or_something_better/

Alternatives for jitsi?

reddit(dot)com/r/selfhosted/comments/14j9q0r/alternatives_for_jitsi/

If Brave is really for privacy and freedom, then they should provide their own servers that they control. And preferably they can find jurisdictions for those servers that offer better protections from mass surveillance (i.e. not the U.S.) And all communications should be end-to-end-encrypted by default.

Until the Amazon server situation is clear, I will be looking at other public Jitsi instances for calling. (https://github.com/tosterkamp/random-redirect/blob/master/res/jitsi_servers.lst)

I will follow up with 8x8 and your data protection officer regarding who is providing the cloud services for Brave Talk.

My follow up with Jitsi.
Does Amazon Web Services provide the servers for Jitsi Meet?
community(dot)jitsi(dot)org/t/does-amazon-web-services-provide-the-servers-for-jitsi-meet/135879/1

I sent an email to the Brave data protection officer.

1 Like