We’re working hard to make Talky great for you.
If you have any feedback, let us know below!
Talky is a truly simple video chat service provided by &yet, a small, independent software and design team based in Richland, WA. We love to help people communicate and we love to learn about new technologies, which is why we offer Talky for free. We’re not here to sell ads based on your conversations, resell information about you, or keep track of what you do online. We respect your privacy and the security of your communications. This page describes how we put those values into practice.
Talky is based on a fairly new technology called WebRTC. In essence, WebRTC gives your web browser or mobile device access to the microphone and camera on your computer along with the ability to exchange audio, video, and other data with someone else’s computer. This innovation makes it much easier for web developers like us to create realtime communication applications like Talky. It's a beautiful thing!
To make Talky go, we use a whole alphabet’s soup of advanced technologies for realtime communication (STUN, TURN, SRTP, DTLS, UDP, XMPP, and so on). The basic idea is this:
The short story is that for one-to-one conversations your audio and video data are encrypted between your computer and your friend’s computer, so that your conversations can’t be unscrambled by eavesdroppers. We also encrypt all the set up, call control, and tear down information that your computer sends to our servers (which can reveal private information such as the “IP address” of your computer).
If another person connects to an active Talky session, then the other sessions in that room will receive an event that the room is changing to a many-to-many session and the client will start connect to the Jitsi Videobridge that we run. We use a media bridge in the multi-party case so your browser doesn’t need to encode video streams to every other participant (which uses a lot of bandwidth and processing power, and therefore doesn’t scale up very well - in fact it might work for 3 or maybe 4 people but beyond that it falls over).
Each browser or mobile device connects to the media bridge using a secure connection. In order to do its job, the bridge needs to decrypt the voice and video data sent to it. However, the encryption keys are not persisted to disk and are only available in memory. We also do not log or store any session data on the media bridge server — the voice and video data is decrypted only in memory.
However, we do need to gather one piece of personally identifying information in order for you to use Talky in the first place: your computer needs to tell us its “IP address” so that we can connect you with your friend’s computer (which needs to tell us its “IP address” too). Although we do not track this information or keep a long-term record of it, we do log it for brief periods of time so that we can perform diagnostics that help us improve the service (these logs are erased after 7 days).
We collect anonymous usage data (with no personally identifying information attached) to improve the Talky service and WebRTC technologies in general. Examples of usage data include the percentage of audio/video connections that go peer-to-peer vs. through a media relay, the percentage of sessions that include screen sharing, how often certain features are used (e.g., muting and unmuting audio), occurrence of connectivity failures, etc. At times we provide some of this data to the Google Chrome and Mozilla Firefox teams so that they can prioritize and fix bugs in their code.
Some Talky users provide generic input via our feedback form after Talky sessions. This information is anonymous and includes no personally identifying information. We aggregate this feedback and publish it at iswebrtcreadyyet.com so that more people can understand the state of WebRTC support and usage in modern web browsers.
All security bugs in Talky.io are taken seriously. Bugs or vulnerabilities should be reported by email to firstname.lastname@example.org . Your email will be acknowledged within 24 hours.
You will receive a more detailed response within 48 hours, which will also indicate the next steps we will take in handling your report. After our initial reply, the security team will keep you informed of the progress being made toward a fix. As we move toward a formal announcement of the report and resolution, we may contact you for additional information surrounding the reported issue.
This section provides information about security bugs that have been found so far.