In 2025 it's hard to untangle our relationship with technology and our relationship with tech companies. Tech products are shaped by trying to get us to buy things, collecting our data to sell, and keeping us engaged so there's more opportunities to do those things.
For many of our digital experiences, there's limited choice other than relying on a tech company. But this means that your experience can become worse at any time and your activity is being logged for further monitization. There are some exceptions to this: maybe you use a Mastadon instance operated by some local friends instead of Facebook, or you borrow DVDs from the library instead of using a streaming service. But there are limits to this too, either technical, the amount of time involved, or just convienence. Are you going to run your own email server? Are you going to stop using a smartphone?
But sometimes it's easier than you think! When I heard Skype was shutting down soon I knew a small group of friends would be looking for a replacement. I had been meaning to play with WebRTC and thought I would see what it would take to run my own small-scale end-to-end encrypted video conferencing service.
My requirements were:
- There can be central servers for peer discovery and NAT traversal, but after bootstrapping all data should be sent encrypted and directly peer-to-peer
- It should have the basic features you'd expect: things like muting audio and video, input selection, and noise cancellation
- It should let you share files! Why is it so hard to send someone a file?
- It should work on a variety of devices: computers, tablets, and smarthphones
So I wrote a small app called sidebar to do these things. WebRTC does a lot of the heavy lifting: video and audio acquisition, NAT traversal, SDP generation. The server just serves out the client page, exchanges bootstrapping messages between clients in the same "room" (using the same password), and after that clients talk to each other directly.
This is definitely intended for small groups of people. At some point clients will get bogged down sending a copy of their audio and video to every other client, but it works just fine with 5 clients, and should scale a bit beyond that. You probably shouldn't use this to host a 100 person webinar.
Of course, the bootstrapping server needs to be reachable by all the clients, preferably on the public internet. For awhile I was self-hosting on a home server, exposed to the internet via Tailscale Funnel. Approved passwords are set via an environmental variable, so not just anyone can join any call and I can give out a password for my friends and another for my parents. The server uses very few resources as it's just keeping track of connected clients, not exchanging any streaming data.
The hardest part of this project was probably figuring out how to do the CSS layout as a variable number of people joined the call. But using the powerful WebRTC tools built in to most browsers, it wasn't much work to make a small-scale video conferencing system that's end-to-end encrypted where none of the streaming data goes through the bootstrapping server.