| ▲ | cornholio 2 days ago | |
This is clearly a major vulnerability and not a feature, it's a permissions/credentials hijack. The user has given permission for audio and videos recording to the jitsi domain during a previous meeting, and the domain is using those permissions to start an unsolicited meeting initiated by a 3rd party, who is given access to the video and audio of the victim. | ||
| ▲ | graemep 2 days ago | parent [-] | |
Its also much less likely to be an issue if you self host Jitsi. its only really a worry for large public servers. | ||