It would be great to have a more precise control over the path peers connect while making a call or sharing a file.
A few use cases and ideas:
-
I was really surprised, that two peers were able to find out that they are on the same LAN while negotiating for a call. But to understand that I needed to actually run Wireshark. It would be great to have something like an icon in call UI indicating, whether the connection is made through TURN, STUN, LAN, or whether the other side have an accessible IP on the clearnet, or maybe its you who have an accessible from outside IP address, or both. It would also be great to actually see the address of the other side and of the TURN/STUN server in UI. It may be usable for troubleshooting, and not showing it to user just gives a fake sense of full privacy.
-
It would be great to be able to manually allow/disallow your Jami application to connect through certain connection paths. Different people may have different security models.
-
Currently, UI allows only one TURN server in its configuration. It would be great to be able to add several of them. For example, a user may want to self-host a TURN server for personal usage, so that his/her communication would not be disrupted in moments when there is too many connections through the default one. And his/her ISP provides perfectly stable connection… until a tree falls and breaks an optical fiber. So, it would be great to have the default TURN server persist in the application’s config as a fallback.
-
Currently, there is only one way of authentication on a TURN server - with user/password. Maybe, there are other ways of authentication implemented in existing TURN server software? Maybe, keypair-based, or one-time-password, or something. Because, there is no way that someone guesses a password, when there is no password.
-
We always need to make a trade-off be between reliability and privacy/security. It may be useful for those who needs a paranoid level of security to be able to use the TOR network instead of a TURN server so that their IP remains hidden. Don’t know if this really makes any sense, but it is worth a discussion.
And a side note. According to this page, a connection is made before a recipient accepts a call. So, in STUN mode the recipient’s IP is revealed even if he/she does not accept a call. It would be great to have an explanation of this caveat somewhere near the “Allow incoming calls from unknown contacts” option in settings.