[Privacy Issue] RAW recordings are created and stored, even if the meeting isn't recorded #9202
Comments
|
To clarify: I understand that there might be a reason to do this temporarily; However, if there is no recording-press during a session, the RAW data should be deleted when the session ends. |
ichdasich
changed the title
|
This is not a bug, but instead this is a documented feature and design decision. See https://docs.bigbluebutton.org/dev/recording.html |
|
Related to bigbluebutton/greenlight#1163 (comment) |
|
You can drop a script in the post_archive dir to check if there are recording marks. If none, delete the recording. /usr/local/bigbluebutton/core/scripts/post_archive Here is how to check. |
|
This is still on purpose (although not a good default in my opinion). |
|
Btw, closing this as duplicate of bigbluebutton/greenlight#1163 |
|
@ichdasich : Please consider reopening this issue. IMHO this issue relates to the UX of bbb's HTML5 client. Typically, recoding user content (e.g. webcams) requires consent in many situations, whereby users has to be informed about recordings going on. However, the current UX of the HTML5 client suggests, that no recording is done if the record button is grey / white. Based on the old red recording light in a TV studio, users expect a recording to be present, when the button is red, whereas a grey / white button suggests, that no recording is taking place. But: In the background, recording takes place nevertheless, as long as I'd suggest to change the UI of the HTML5 client.
|
|
Hey @yanosz, |
|
Reopened. UX for GL considered in bigbluebutton/greenlight#1395 For BBB, it might be nice to change the meaning of the recording button: User stories: |
|
I want to second this strongly, since the GDPR (DSGVO in german) requires everyone to specifically consent for userdependent data to be saved. Saving the videostream even temporarily, when the UI suggests that nothing(!) is being actively recorded, could (and IMHO should) be interpreted as an active lie. |
|
@marcarneg regarding consent for video recording, please see bigbluebutton/greenlight#1163 - if you use some other frontend, the consent-text/check has to be done in that specific frontend before the user joins the session. |
|
Actually bigbluebutton/greenlight#1163 bigbluebutton/greenlight#1395 has been closed as a duplicate of that. |
|
@basisbit This is still impossible to sell to people, when security of personal data is important to them. Yes, recordings of session should be possible (and therefore greenlight should correctly point that out before the session starts), but if the moderator promises (and the html5 frontend signals), that the session is not being recorded, it's very important to make sure, thats totally true. In our case, we even don't want participants to create a greenlight-account on our server (they're joining via url+pin)- a saved video on the harddisk without a direct consent or at least notification to the users could send a complicated (and destructive) message. |
|
@marcarneg As a hot fix in your situation: If you do not need recordings, globally disabling should be relatively straight forward (which then also prevents the recording of the temp-files.) This then only might (didn't check) leave temp files in, e.g., freeswitch. In general, I fully agree with your comment. My todo currently has implementing a consent switch on the room-join form (for my own fork of GL; Not really prod-level code.), also detailing this. |
|
If you don't need recording, set |
@marcarneg They don't have to create a greenlight account. The session-join-link shows a "join this session" page. Exactly this page of your frontend should be extended to ask the participant to accept the recording legal information if record=true is set for this session. |
|
A naïve question: I get that BBB records everything temporarily because it makes recording easier. But why does it hang on to these temporary files for 14 days? I think a way saner, and more defendable default, would be to allow recordings, using the same infrastructure as now, but immediately cleanse the temporary files after the postprocessing after the end of a meeting is finished. |
|
I actually configured my installation like that, and put all temporary directories/the recording directories on TMPFS. (very nasty solution adding sudo access to bbb-record for the bbb-user and calling a record-delete if there were no recording markers.):
and I suppose (but don't know) that this feature comes from an environment where people occassionally forget to hit record, and then panic-y write to the IT that they forgot things... and demand it to be restored. ;-) |
|
I've created |
I've been using BigBlueButton since 0.81 and one of the most common requests I get is "I forgot to click (or misclicked) on the recording icon, can you still retrieve it?". Usually followed by a "It is a really important meeting". |
|
I agree that having the ability to record post-meeting is a nice option – but it should be that, an option, in my humble opinion. |
|
And it has to be implemented so that it actually is easily legal usable in most of the world: that requires asking for permission before the user joins the meeting. Thus, asking just before webcam is activated is not a suitable solution. |
Indeed, asking before joining makes way more sense. |
|
I do not understand ichdasich's suggestion to add the mentioned lines to archive.rb after line 242. My line 242 is else and that else relates to line 226 if not archive_has_recording_marks?(meeting_id, raw_archive_dir, break_timestamp) So, should the suggested lines not be inserted BEFORE line 242? |
|
Please update the documetation, so that the european customers can make changes in their Thank you :) |
|
Are you still facing this issue? Nearly been a year, Please let me know. We might ship the fixed version (Releasing version 3.4 by 1st October 2021) of the BigBlueButton which has been re-branded and is still under process... On our Fork, we have seemed to fixed this issue. In case, you need help , I am happily willing to contribute my code. |
|
@vagbox ??? I suggest reading the last couple of messages instead of randomly mentioning a seemingly non-existing fork from a github account with close to zero participation in anything BigBlueButton related. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This should really be handled as a critical security issue (partly to you, bot!). |
|
@rugk see discussion above. This issue was already handled quite a while ago and is not critical any more at all. The current implementation is just not yet as good as desired, thus it is kept open until a bigger rewrite of it is done. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
Describe the bug
Raw recordings are stored even if no recording button is pressed.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Sessions during which the recording button is not pressed are not stored.
Actual behavior
Sessions during which the recording button is not pressed are stored
Additional context
I am not sure if I am holding it wrong, but i migrated to a new BBB setup, and moved recordings. There, I found that reencoding all recordings would make recordings of non-recorded meetings show up in my users' accounts. This obviously caused unrest and is an (unintended) privacy violation on my side.
This should:
The text was updated successfully, but these errors were encountered: