Ir al contenido principal

Software Analysis: a glance on Jami

Intro

We all love FLOSS, community effort bringing the tools to create a better world, more fair telecommunications and often, more privacy-aware solutions.

Yet, as FLOSS environment is often lacking human diversity, it seldom acknowledges its so called "biases", its intrinsic preferences that replicate the dominant values. Just as with critical revision of discourse, we believe that it is also necessary to interrogate the "taken for granted" of software. What are the implicit assumptions? What are the affordances? What are the most likely consequences for the user, community and the planet of using a given software?

Jami logo

With a couple of friends we checked Jami out, and this is our account of it. Jami is yet another FLOSS communicator, but where it claims to make the difference is through being based on a true peer to peer network topology. There are other software that do similar claims: friend-to-friend Retroshare, peer-to-peer Tox, and gossip-sneakernet online/offline hybrids like Scuttlebutt and Briar, each of them with its strengths and shortcomings. We are not stepping into a comparison with them today, we just note them as a reference to situate Jami in a richer ecosystem.

We will not discuss in depth here the elements that did not end up working as intended. We understand that there are many possible failure points, not only the software development, but particular OS packaging and so on can be the one to blame and we did not put the sufficient effort to debug.

Instead, we would like to focus much more on the political decisions of the design, that often pass unseen. We understand that most likely those decisions were made in accordance with what the "modern society wants", but this is exactly where we place our critique. So even thought we discuss Jami features particularly, in fact we criticize the underlying, general culture. We do appreciate all the hard work done by the developers! So please, read this article as a question: "Do we want this model of society"?

We believe that critical voices must be expressed. The premise of "if you don't like it, fork it" is true only for a bunch of highly privileged beings. For most, daily survival or care work is taking most of the life-time. This is why we, the lucky ones that can dedicate our spare time to code, write, read and think, need to fully acknowledge that our own perspectives are not universal. We need to broaden our own situatedness with historical and social perspectives that bring critical light on our silent, invisible norms.

We believe that by interacting with a program, we rehearse and reproduce the values inscribed within its interfaces. Digital practice influences our subjectivity, making it even more important to attend and analyse what kind of habits are engendered. Our lenses are vaguely that of communitarian anarchists or ecofeminists. We call for a deeper revision from an anticolonial stance, that due to our own privileges we are not best suited for it.

First, we will share our personal experiences, and than, review some technical aspects of Jami.

frankie's tour

I took a "naive" ethnographer approach, coming directly to interact with the software, without previously informing myself about how it was built. I imagine that this is what most of (vulnerable) users would do. What I have heard previous to the installation, was that Jami is cool, new, p2p, and promoted by FSF. Yummi Jami!

Install and register

I could easily install Jami with the default package manager of my OS, desktop client version: af55ee4a4dd8b0b5525528f366701d127cbdc340.

I open Jami and the first screen welcomes me with an invitation to register the nickname. There is no information what-so-ever on where will it be registered, no terms and conditions, warning, disclaimer. If I think that Jami is all p2p, there should be no central server and I logically infer that it is a local registration. If the account is registered externally, I would expect some kind of warning, so a user can decide whether to create an account or not. At no moment I would expect that creating an account results in a blockchain transaction, that for many people bring ethical concerns.

Idenitity

When I proceed to create the account, the interface invites me in the first place to take a photo with the PC camera or, in the second place, to load some image from my PC. This is a strongly political move in favour of "real name" policy. Let's remember that the internet from before the capitalist invasion was fostering anonymity and pseudonymity and only when data collection became the praxis, CSM (corporate social media) started forcing users into a discourse that equals their digital identity to their flesh identity. Nowadays, you don't need to put your name to be identified, with a photo it is enough to discover your identity. So Jami: what kind of privacy are you promoting? I find it more dangerous as Jami comes with a strong "security" discourse, and as such it may easily mislead users into trusting that there is no risk in uploading their photo.

Once registered, I found no information on what happens when I delete the account. I find it particularly important, as most of users are not familiar with blockchain technologies and shall not be expected to understand it without any information. What about respecting users' autonomy of their own data? I found no way to get the information on what data exactly is registered and whether my IP is included or not within this data. All this opacity discourages users from learning what happens with their data, a very common practice on CSM that in order to hide their unethical business, need to maintain their users ignorant and infrastructures opaque. If I understand well the precepts of free software movement, it was about bringing back the power to the users.

In the same vein, instead of an ID string or something like that (I guess that my ID is from now on and forever my nickname) there is an image of a QR code. This shows a strong predilection of using some devices over others. As for me, it seems that they assume that the default device will be a smartphone, for the facility of taking a pic of the QR, scanning it and so on. I feel marginalised, as I mostly use plaintext. Your QR for me is useless. The interface offers no way to display the data behind the QR. What does it hold?

Alerts and cameras - attention economy

Adding a friend was quite "intuitive" for me, just pasting the ID and that's it. From one hand I am familiar with "long string of digits" as an identity from other software. Also, the interface guidance was clear enough. But just as I added my friend, I immediately realised that by default sound and visual notifications are on. Let's pause here for a moment and see what happens. Why does Jami set by default such invasive alerts? I imagine that it comes, again, from the fact that Jami interface was cloned on the "modern" communication applications developed under Digital Capitalism and, most likely, it attempts to compete with them.

CSM interfaces are designed to fight for the scarce resource of human capacity to pay attention that can be commodified and sold to advertisement companies. Visually and audibly aggressive attention struggle is a child of attention economy. It impacts negatively users psychology: attention exhaustion leads to anxiety, loss of capacity to concentrate, loss of long term memory, fear-of-missing-out, physiological dependence on the new notifications and so on. The use of dopamine circuits to make the interfaces addictive has been deeply studied and carefully implemented in CSM. By cloning the interface uncritically, we clone its effects on human physiology. Even though we release the code under free licence and no one makes profit on users, it stays psychologically harmful.

Feminist perspective on the exposure-culture

Another unpleasant surprise is that I can't deactivate the camera during the call. We tried a conference call, and after I joined I wished to switch off the camera (what is the purpose of sending video packets showing invariably the interior of a sticker hiding my camera?). I found no way to achieve it. All seems to invite us to share our bodies and intimacies. As a feminist, I strongly believe that we do need a safe space for meaningful communication. Uncritically strengthening the Norm of videocalls does not respect my intimate space and gives no space for consent. My body, my image. My feeling is that the assumption that anyone at any time can access my body image comes from the commodification of (especially female) bodies. It strengthens our roles as objects that have no right to keep our bodies to ourselves.

Of course, the videoconf transfers similarly male and female (and all the other) bodies, yet what makes the difference is that culturally the deep burden is put on female ones. These are images of our bodies that sustain numerous visual industries (advertisement, porn, music...). The impact of a male body image (for example nude) being stolen is far lesser than if this happens on female one. All of this cultural background makes that the visualist imperative is mostly beneficial to dominant males, being a tool of patriarchy.

Jami offers a possibility to share only audio, yet the interface, as fadelkon points out later below, offers no way to differentiate incoming connection and then to switch from one mode to another. I am not offered a way to control my camera behaviour, for example if I want to disable it. As an ecofeminist, I do not want to send video data if not absolutely necessary. Nowadays, the growth of video Internet culture floods the network with packets jeopardizing the IT-derived pollution. I do not want to be a part of it and Jami does not even let me opt-out (while the discouraging opt-in would be the bestly best).

From this perspective also I find it unethical to make users become a part of blockchain, without asking for our consent.

fadelkon's impression as a user

I split my comment in two parts: one regarding the design and the experience I had as a user, and another as an incomplete feature review.

Comment on the user interface

Even though I like the overall design following GNOME3 guidelines, I got confused a bit too many times. However, what bothered me the most: * Video call was announced with a telephone icon. I got caught by the camera by surprise. * Also, doesn't ask for permission to take the camera. It's a good habit of web browsers that desktop apps should take voluntarily. * It got configured to auto-start automatically, without asking. I share the importance of keeping p2p apps running, but this was too much for me. What about showing an equally preferred default as a checkbox, that gives you the opportunity to uncheck it? Even the classical Windows wizard installers had this. * I distrusted the nickname registration intuitively, but most people have not gained this intuition and may register permanently a name without knowing about consequences or all that blockchain name system. Bad. * Coloring had too low contrast for me. I don't usually need visual aid, and therefore I'm sure that people that does, will have a hard time trying to tell apart different panes colored by the same grey, separated by a slightly darker grey. Color contrast is an important accessibility design criteria. I wonder if desktops with light themes display better color contrast. As a proposal: make the text box the darkest/lightest in both dark and light themes. Suddenly menu bars will become more obvious. Also main menu bar make it the lightest/darkest.

Comment on the tech features

Jami works for some use cases, and works well. Two people willing to communicate without need of file sharing, they can chat with no issues and do calls with just audio or video, even sharing screen. The comments below describe some issues we found during testing, and by we don't pretend to assert how accidental or structural are of the tool.

Here is a list of things that didn't work as expected: * Could not make to work the sending of files/audio messages. It hangs waiting * Sound call and videocall works flawlessly between 2 people. * Videocall with more than 2 people gets dark, we experienced: - losing audio of one peer - video freezes - normal working restored when the 3d peer disconnects * It lacks group chat. Sorry, this is essential. Way more important that fancy video calls! It looks like Savoire Faire Linux is thinking of it. Meanwhile, the current and mid-future lack of group chat means that: - Jami is only useful for some personal, individual relationships, it can't help organizing society in affinity groups or neighborhoods, or families, whatever form of community you envision. - One could argue that with voice or audio group calls, this is already covered, but as frankie explains, video features are not gender-neutral; also voice is identifiable. Both call options are synchronous and ephemeral communication means. And finally, they take much more resources than plain text messaging.

Some notes on network architecture

Similar to Tox, it is based on a Kademlia DHT. However, the team behind Jami, "Savoire Faire Linux", developed their own Kademlia implementation, with some extensions, mainly to get notifications from the network and avoid constant polling, and to sign and encrypt messages. More info here. This architecture has some tradeoffs: - Nodes consume more CPU resources than dumb client-server applications, at least, they have a higher minimum resource need "just to work". The common case though is that "network-dumb" client apps, are usually "addiction-smart" and "surveillance-smart", in the sense that resource intensive. - In terms of privacy, the public IP address of your home router is exposed to the network. I'm not sure if publishing your ID, say, in your blog, means making public your IP address while you use Jami. They have some explanations on IP exposure, but not that I could find of, on how it is linked to one's Jami ID. - DHT based tools are more resilient to global shutdowns, censorship, and make a lot more expensive global surveillance, compared to peeking into a few central servers. - Also DHT's empower us users and let us the responsibility for taking care of uptime, content ethics and quality, etc. - A main drawback of DHT networks is that they struggle to work in smaller networks disconnected from the Internet. One needs to configure the bootstrap list to work, at least. Still, Jami claims to be offline-networks-friendly by saying "Users who are on the same local network can communicate with Jami even if they are disconnected from the internet". However, we couldn't find an explanation on how it's achieved nor with which limitations.

Regarding the "nick registration" feature, it comes with a price, due to the Zooko's triangle problem, that asserts that a naming system that fulfils these 3 properties is not possible: 1. Secure. In the sense of being unique and not possible to be impersonated. 2. Decentralized. There is no central authority to rely on. 3. Human meaningful. It's easy to remember like domain names or common nicknames.

There are several blockchain solutions to that triangle, like Jami's, but are arguably decentralized. There still exists a logical central authority that everyone must agree with, and doesn't scale over time and over finite planets...

Jami's solution consists on registering nicknames in their own blockchain, that currently consists in a "private Ethereum network", which is accessed by jami users through a central proxy, or a net of them. All this bears some consequences: - Blockchains in general are ever-growing, non-modifiable, non-deletable. This follows a linear-progressist headway that goes against ecologist principles, and other more cyclic, renewable, birth-death facing, values. Life without death destructs itself. - Jami creators are currently using "proof of authority" to sign the blockchain transactions, that is opposite to the decentralisation they pursue. Of course, "proof of work" would be worse, as an ecological catastrophe and a security risk of being attacked by groups with too much computational power. - Because of add-only nature of blockchains, names will get more and more scarce artificially, even if people die or abandon the app - Also, personal processes of that data detox, identity change, etc. are not possible. - The blockchain database relate nicknames to the decentralized, secure, but not human-friendly Jami ID. This is public. However, if having a Jami ID one can guess the IP address of a connected friend, therefore, an attacker that doesn't have the trust of a person (therefore lacks their ID), but knows their nickname (more public thing), could possibly get their IP address. Please correct us if you have more info about this! - The purpose of decentralization by a blockchain gets defeated by the central proxy. Do they plan to add blockchain code at Jami clients to get rid of the proxy?

Regarding other technical decisions: - From a first glance, it looks like they did a good work on cryptography, using standard TLS implementations (gnu-tls), with standard X.509 certificates, and adding cryptography methods to otherwise privacy-optimistic DHT's.

Conclusion

Overall, we like the idea behind Jami of fostering true peer to peer communications, without losing confidentiality and with a tradeoff on network metadata anonymity. However, we can't justify some choices as the blockchain one, and we strongly believe that the user interface should get a critical rework with a main focus on Ethical Design, facing the issues with accessibility, harmful defaults, picture/video camera abuse, and in general, the rather uncritical style cloning from corporate addictive, surveillance, consumerist tools.

We encourage all the tech project to shift away from the developers realms before doing the coding, and getting to know realities lived by other, unprivileged groups and to engage in a profound discussion before implementing features, only because they are technologically possible. Maybe certain users, if offered a space to discuss, would prefer a more intimacy-friendly design, instead of solving techno-elitist dilemmas. Elsewise, maybe it would be important that highly privileged developers acknowledge from which standing and for what publics they have built their software for. As a white-male-western businessman may have different needs than a black-trans human rights activist from global south. Let's not assume that the former is the universal and invisible measure of all the things in the world.