ffs, they're OAuth providers. It's not like they're passing the video streams over to Google and Facebook so they can mine them for PII. All they'll learn is that a user with an identity on their platform is using Jitsi. So what?

Meanwhile, the vast majority of users around here will have a GitHub or Google account, and probably Facebook as well. This is hardly much of an inconvenience.

And if the complaint is that now Jitsi can tie back activity to a durable identity: yeah, that's the entire point. They're fighting abuse. At some level, to prevent that abuse, they need some form of trustworthy authentication. That, by definition, means to some extent piercing the veil of anonymity.

It's also why running their own auth doesn't fundamentally solve the problem, as anonymous users creating their own accounts on their platform is a minor speed bump to folks who would use the service for nefarious activity. For that auth to be worth anything, they'd have to engage in their own forms of user verification, and that'd be no more privacy protective, and frankly probably less so since you'd have to trust their security posture.

The fact is they simply cannot run the service in a way that's both perfectly anonymous to Jitsi themselves and simultaneously resistant to abuse (thereby protecting them from potential liability).

Look, I get it, I'm not a fan of the big tech providers, either. But the claim that this somehow crosses the privacy rubicon is a massive overreaction. And the software itself remains as Free and Open Source as it ever was.