Video conferences with BigBlueButton
I am using BigBlueButton (short: BBB) for video calls, one-on-one or with groups. It makes it easy to securely see and talk to each other, share presentations or your own screen, take notes together or even make drawings.
What do I need to use BBB?
BigBlueButton runs entirely in your browser, so there’s not program or app you need to install. You can use BBB on any device which can display websites, as long as there’s a microphone and camera connected to it. You don’t need to create a user account, either. Instead, I send a link every participant in a session which opens the session page in your browser. You merely have to type in a name (which does not even have to be your actual name), and you’re in.
- After you’ve clicked on “join”, you may see a message that you have to wait for permission to join. This is because rooms are configured by default so that nobody can join without my permission. This is to make sure that nobody can join once a session is underway.
- There’s an “Echo Test” at the start of each session. This simply tests if your microphone is working and connected, before joining you. Your browser may ask for permission to use the microphone (and to select a microphone if there are several), which you should of course agree to in this case.
- Your video feed is also usually turned off at the beginning. You need to click the little camera icon at the bottom of your screen to allow me to see your picture. Also in this case, most browsers will ask for permission to use your camera.
- Of course, any video conference moves a bit of data around, so it’s often both cheaper and overall more robust to connect from a stable WIFI connection rather than on mobile data, to get the best quality and no hiccups — but mobile data also does work.
- Further info can be found in the video tutorials and FAQ from the developers.
- The first time we have an online session, we can start a few minutes early, to give you time to familiarize yourself with the user interface, and to deal with any difficulties with sound or video that might come up.
Shared documents via mailbox.org
If the BBB features for notes and drawings are not enough, I can collaborate with you online on documents with texts, tables, sketches an graphics, using the online office. As with BBB, I can send you a link which grants you access to the document, and online office runs completely in your browser. This means you don’t need a user account, don’t need to install any software, and it works on any device which can display a web site. At the end of the session, you can download a copy of the document for yourself.
Instant messengers (Signal and Threema)
Both of the messengers I use are available for both iOS and Android devices and easy to use.
Signal is coupled to your phone number, so it does not run e.g. on tablets which have no mobile data connection. On the other hand, there are desktop applications for Signal. However, they need to be authorized from your mobile device before you can use them.
Threema does not have a desktop client but does not require a phone number. This means it will also run on Wifi-only tablets or with a data-only SIM, and you don’t have to tell anyone your phone number. The contact page tells you where to get either of the messengers and how to reach me.
How safe and secure are these tools?
My provider, mailbox.org goes above any beyond the letter of the GDPR and has a particularly thorough security concept. However, e-mail is generally not a very secure medium. Not only can all operators of the e-mail servers involved in an exchange read all messages, but depending on configuration and operator policy, messages may not be protected in transit, either. Many operators of e-mail services are also automatically processing and monetizing information on who is writing to whom, or even contents of messages. That’s why I recommend not using e-mail for any sensitive communication and prefer other means.
Signal and Threema
Both Signal (PDF) and Threema (PDF) have been independently audited and were found secure. All messages are securely protected on their whole way between user devices, and not readable for the operator. The operators do not collect user data and in many ways don’t have the ability to do so. Both messengers allow users to set an additional password to protect the messages stored on the device. Signal also permits users to configure conversations where all messages are automatically deleted after a certain time.
Shared documents via mailbox.org
Online office documents on mailbox.org are securely encrypted, and not accessible to the operator. When accessing them from your browser, the connection to the server is also encrypted. Except for myself, only you can access them (during sessions, when I send you the corresponding link), and after the session I turn off sharing for the document. So even if someone got the sharing link I sent you, they would no longer be able to get to the document.
How safe and secure is BBB?
BigBlueButton always encrypts all data connections with methods generally considered very secure (Details here). The software’s source code is open. This means that anyone who is sufficiently knowledgeable can verify that it actually does what the documentation says, and is correctly implemented. This also means that if any problems are found, they are usually published fairly quickly. There are no serious issues known at the moment if this writing.
In order to prevent uninvited “guests”, nobody can join unless the organizer of a session explicitly permits it. This means that even if someone were to get access to the session link which I sent to you, they wouldn’t be able to just “sneak” into a meeting unnoticed. I’ve set our BBB server up not to keep logs of the sessions, and have disabled recordings, to make sure that what we talk about stays private. Even the server operator cannot see or hear what we are doing during the session.
In addition, BBB is not running on a central server, but there are many independent providers of BBB servers. This means there is no central operator who could try to collect data, and people are free to choose a provider that suits them (or host a server themselves if they want to). In a study by the office for data protection in Berlin (PDF, in German), most of the video conference providers running BBB got very good verdicts, contrary to most other services. I was able to talk to the operator of my server and agree on the most secure settings for my purposes.
TODO: Link auf Kontaktseite zeigt noch auf die englische Version