greenlight icon indicating copy to clipboard operation
greenlight copied to clipboard

Published 20 hours ago verified publisher icon bigbluebutton

Added support for protected recordings ( #2907) severely restricts functionality

Open scheff opened this issue 3 years ago • 3 comments

Hi all,

with the protection of recordings introduced with Scalelite 1.2, it was also possible to protect recordings of events that were attended anonymously, i.e. without registration. Restricting participation by a PIN or limiting it to logged-in users also affected recordings.

It was not possible to disable recordings protection for individual rooms in Greenlight. This was made possible by commit #2907.

However, the commit automatically associates the "protected" status with a login. Protected recordings are not displayed to users who are not logged in.

This means that it is no longer possible to protect recordings of rooms that do not require a login.

Proposed solution:

The 'protected' status should only determine if a recording is protected by a security token.

This would make the terms 'public' and 'protected' used equally in Greenlight and Scalelite.

The other room settings (PIN, login required) should determine whether the recordings are displayed at all, as before.

But I would like to raise a fundamental question:

Should this setting be exposed to users at all?

Protection of recordings is usually required by law and therefore must be enforced by BBB server administrators. It should be rare that room owners are allowed to decide on this themselves.

From a user perspective, a choice between published and protected is also confusing. At least all users I asked were. Users should only have to decide whether a recording should be published or not. The security settings they choose for the room should also apply to the recordings.

Best regards

Thomas

scheff avatar Oct 05 '21 12:10 scheff

It should be possible to have a combination of visibility and protection. In scalelite these fields are separate. It would be good to have public recordings secured with the protected token. Making the recording public in greenlight should not remove the protected token. At least this should be configurable.

christmart avatar Oct 06 '21 10:10 christmart

Just to make sure I'm understanding your request clearly - you'd like all recordings to be protected by default without the ability for room owners to unprotect?

farhatahmad avatar Oct 07 '21 18:10 farhatahmad

Hi,

yes, the protection is mandatory because unprotected recordings can be accessed even if they have not been published.

(It is enough to know the meeting-id and the approximate starting time of a conference to access a recording).

In this way, the decision of an organizer to not publish a recording could be circumvented.

This is the reason why the additional protection was introduced.

Additionally commit #2907 combines the protection provided by the additional token with an authentication. As a result, it makes it impossible to protect recordings of events that are deliberately intended to be accessed without logging in.

scheff avatar Oct 07 '21 18:10 scheff

Please note: Greenlight v3 has been released. With this new version, many of the issues and bugs that were present in v2 have been resolved.

As a result, we will no longer be providing updates or support for v2 (except for major security issues), and we will be closing any outstanding bug reports / feature requests related to v2. While we understand that some of you may still be using v2, we highly encourage you to upgrade to v3 to take advantage of the improved features and stability. If your request/bug still applies to v3, please open a new issue for it

farhatahmad avatar Feb 17 '23 15:02 farhatahmad