The Next Generation Audio- and Video Conferencing Technology
Veeting Rooms is a browser based web meeting service aimed at businesses. It runs natively in most current web browsers. Internet Explorer users currently need to install a plugin to enjoy Veetings. How come?
We have chosen a new technology called WebRTC for all audio and video conversation to be at the heart of our service. The big advantage of this is that we can provide encrypted peer-to-peer conversation directly in the web browser without the need for any third party software installations such as Flash or Java. This technology is still at an early stage and at the moment a draft of the specification is being written by the World Wide Web Consortium (W3C), the very same standard body that has also defined the standards for HTML, including the now widely used HTML 5 technology.
Unfortunately Microsoft has only recently joined the W3C efforts to create a world wide standard for browser based real-time communication.
Initially, Microsoft worked on their own standard called CU-RTP but were not able to successfully convince the other members of that consortium to adopt it as a standard. This is the reason why Microsoft is lagging behind the other major web browser producers namely Google, Mozilla and Opera. It is suspected though that Microsoft will support WebRTC or a form of it one day and when it does we will be ready.
At the same time we fully understand that many businesses continue to use Internet Explorer as their default web browser and that their internal security policies prevent individuals from installing additional web browsers. We therefore support the plugin from Temasys that brings the WebRTC technology to the Internet Explorer until Microsoft supports this new technology natively.
Besides WebRTC we heavily rely on HTML 5 technologies such as Canvas elements for the annotation feature of our online presentation tool as well as Web Sockets over TLS, a technology that allows permanent connections between the web browser and the server so that we can instantly send messages from and to the server. These technologies, by the way, are well supported by recent Internet Explorer versions.
Read more about why we have chosen WebRTC in our blog.
Fully Encrypted Conversations
All communication from and to the Veeting servers as well as between the meeting participants is encrypted.
We use a 256 bit TLS encryption layer for the communication between your web browser and our servers. This is the very same encryption technology that also secures your e-banking or your purchases with Amazon or eBay.
TLS uses so called certificates to encrypt the data and verify the legitimacy of our servers. These certificates consist of a private and a public part which are both used to properly and strongly encrypt the communication between the browser and the server. In order for your browser to trust our certificates we had to acquire them from a trusted Certification Authority which has both checked and validated our company to make sure that we are who we claim we are. This extensive check and proof of business is reflected by the extra green area around our company name “Veeting AG” in your browsers address bar when you are on our site.
To provide an extra level of security we use expensive certificates issued be the Swiss Certification Authority “Swiss Sign”, a subsidiary of the Swiss Post, which is itself owned by the Swiss Confederation. This way we can be sure that foreign entities have not had legal access to our private keys because they were issued to us by a Certification Authority within the Swiss jurisdiction.
Real time audio and video conversations are also strongly encrypted, but slightly differently. Because the participants of a meeting usually don't have their own set of trusted public and private keys and because audio and video by its very nature is a different kind of data stream, a different algorithm is used. This algorithm is called DTLS-SRTP and was made mandatory for all media exchange in the WebRTC context. DTLS-SRTP allows full end-to-end encryption of the communication between the web browsers that even we as a service provider can't read or listen to. Furthermore, WebRTC tries to establish peer-to-peer media connections between the browsers so that in most cases the encrypted media streams don't even pass through our servers.
Bypass the Servers Altogether
We often hear about peer-to-peer communication between web browsers and how is it generally regarded as a superior protocol. But why is peer-to-peer superior while limiting the number of participants in a meeting?
Let's say two parties in different offices in Hong Kong conduct a Veeting. If we were using a classical video conferencing setup all video and audio packages would need to travel from one office in Hong Kong all the way to our servers in Switzerland and from there back to the other office in Hong Kong. This would clearly be a waste of resources and the cause of a major decrease in video quality and thus user experience. Because we use peer-to-peer technology the two Hong Kong offices talk whenever possible directly to each other. The media packages will use the quickest way possible to reach the other party leading to a much better data connection and consequently to better audio and video quality.
The world is not perfect, the peer-to-peer system also comes with two drawbacks. The first is the reason why we cannot offer video conferences with more than 5 participants (respectively 10 audio conference participants). Every participant in a conference has to connect with every other participant and send and receive a separate media stream from each of them. In a conference with 4 participants every end-point sends and receives three media streams, that is six media streams in total. This results in an increased bandwidth as well as processor usage. Both the bandwidth and processor power commonly available today do not allow for a large number of peer-to-peer end-points.
The second drawback is that under some circumstances it is not possible to establish a peer-to-peer connection at all. According to statistics by Google this happens in roughly 15% of cases and is mostly due to restrictive business firewalls.
In these cases the media streams have to run through a centralized server. Veeting Rooms hosts its own servers in Switzerland for these cases. Important to note is that even if the audio and video streams are routed through our Swiss based servers they are not decrypted and re-encrypted on the server. The strong encryption remains in place between the end-points, i.e. only strongly encrypted media streams are relayed through our servers ensuring that your conversation cannot be eavesdropped on by anybody including us.