Looks interesting, but it'snot clear on how they protect metadata from the STUN/TURN part of webrtc. Potentially its use of the Multi-Party Relay that insulates peers from those services knowing anything about the peer. Some interesting points were from the article:<p>- Booth leverages the same INVISV Multi-Party Relay (MPR) architecture that we also use to provide Internet privacy for Relay users. Using an MPR, users’ network identities (IP addresses) are masked from the cloud server that they connect to. <a href="https://invisv.com/articles/relay" rel="nofollow">https://invisv.com/articles/relay</a><p>- Booth is designed to use meeting “booths”, where the booth link is randomized for each meeting. Likewise, Booth users don’t need to reveal their names to the server. ... (Note that Booth relies on browser support for Insertable Streams/Encoded Transform, which is limited to Chrome-based browsers at this time.) In addition to this end-to-end encryption, Booth also employs additional outer layers of encryption as described in the MPR architecture.
Looks great! If they want to compete with zoom, the should make the free tier a bit better for individual use.<p>Maybe add a 240 minutes for up to 3 people option? That covers the “get a beer on zoom” use case, which is good for word of mouth.
>Default End-to-end Encryption<p>So, the first question to ask here is:<p>How can a user be sure they are actually talking to who they think they are talking to? How can they be sure that they are not instead connected to a server somewhere that is simply forwarding the data between users while recording it? Who do you have to trust?<p>An example of the sort of thing I mean:<p>Signal Messenger verifies your phone number through the phone system for default identity verification. So you trust:<p>* The people that run the Signal servers<p>* Twilio (the ones that provide the SMS verification)<p>* The phone company<p>Signal also has the option to do direct verification by comparing key fingerprints (they call them Safety Numbers). Then you are truly end to end and only have to trust your correspondent (and yourself I suppose).