Jami differs from central-server conference platforms: its main controls are identity verification, endpoint hardening, and encrypted transport defaults.
| Attribute | Details |
|---|---|
| License | GPLv3+ |
| Technical Stack | C++, Python (clients) |
| Architecture | Peer-to-peer |
| Encryption | End-to-end (DTLS-SRTP) |
Jami uses cryptographic identities. Always verify:
If using Jami with SIP accounts:
Settings → Account → Advanced
Apply least-privilege mobile permissions:
| Permission | When to Grant |
|---|---|
| Camera | During calls only |
| Microphone | During calls only |
| Storage | For file transfers |
| Contacts | Optional (for integration) |
# Linux: Check permissions
ls -ld ~/.local/share/jami ~/.config/jami
# Should be readable only by your user
chmod 700 ~/.local/share/jami
chmod 700 ~/.config/jami
If deploying Jami in an organization:
If running a TURN server:
# /etc/turnserver.conf
listening-port=3478
tls-listening-port=5349
realm=turn.example.com
lt-cred-mech
user=jami:strong-password
# Security settings
no-loopback-peers
no-multicast-peers
fingerprint
# Allow Jami traffic
sudo ufw allow 42222/udp # DHT
sudo ufw allow 42222/tcp # DHT fallback
sudo ufw allow 50000:51000/udp # Media
# Linux desktop
jami-gnome --version 2>/dev/null || jami --version 2>/dev/null
# Check for TLS/SRTP settings in config
grep -R "srtp\|tls" ~/.config/jami 2>/dev/null | head
# Check directory permissions
ls -ld ~/.local/share/jami ~/.config/jami 2>/dev/null
# View recent security events
grep -i 'auth\|fail\|error' ~/.local/share/jami/logs/*.log 2>/dev/null | tail -20
| Resource | URL |
|---|---|
| Jami Documentation | docs.jami.net |
| Architecture Overview | docs.jami.net/en_US/developer/architecture.html |
| FAQ (Security Topics) | docs.jami.net/en_US/user/faq.html |
| Project Site | jami.net |
Any questions?
Feel free to contact us. Find all contact information on our contact page.