常见问题

This is a list of frequently asked questions (FAQ), including some technical questions.

Questions from the Forum are also added here.

基本知识 

Jami 有何含义？

The choice of the name Jami was inspired by the Swahili word jamii which means community as a noun and together as an adverb. It was chosen as it reflects the vision for the project:

a free/libre program available to all that helps bring communities together,
is community supported, and
respects the freedom and privacy of the users.

Jami 与其他通信平台有什么区别？

由于它是#分布式#,

«Image: Centralized, decentralized, and distributed network topologies»

Some of the consequences may seem surprising. For instance, since accounts are stored on the user’s device, passwords are optional. However, the most significant practical differences are that the user has more freedom and privacy.

What do the green/orange/red status circles next to profile pictures mean?

On a user’s account, 🔴 (a red circle) displayed means that the device is not connected to the DHT or is offline. A detailed error should be displayed explaining the issue. Checking the network/Internet connection or restarting the app may resolve the issue.

For contacts:

no circle displayed means that no device is detected on the DHT. The contact is unreachable.
🟠 (an orange circle) displayed means that at least a device is announced on the DHT, so the contact SEEMS to be reachable. The device does not have a direct connection towards this peer yet. But they should be able to receive connection requests. Because the device is not directly connected to anything, the device status is unable to be determine for sure. So this can be translated to “Seems to be reachable”, but connection may fail (firewall, deadlock, NAT, etc). The presence generally have a TTL of:
- 10 minutes over the DHT, and
- several hours if push notifications are enabled.
🟢 (a green circle) displayed means that the device is connected to a device of this peer.

为什么我的客户端上缺少某项功能？

Not every client implements all features. Check the All features by client list to see if the client is missing the feature. Feature requests can be made at https://git.jami.net.

Does Jami support read receipts? Can I turn them on or off?

Yes. Read receipts can be enabled or disabled in the settings on Jami for Desktop, Android, Android TV and iOS.

Does Jami support typing indicators? Can I turn them on or off?

Yes. Typing indicators can be enabled or disabled in the settings on Jami for Desktop, Android, and iOS.

我可以做一个小组会议吗?

Yes. Jami contacts can be added to (audio or video) calls by clicking the “Add participant” button.

Does Jami support group chats?

Yes.

为什么我的发送信息都没有显示在所有连接设备上?

Before the implementation of Swarm Technology, an account’s devices would only receive the same messages from contacts if the device was online at the time of the message being sent. However, sent messages would not show up on devices other than the one sending the message.

With the implementation of Swarm Technology, conversation histories of new conversations (including one-on-one conversations) are fully synchronized between all of an account’s linked devices. Please upgrade all old versions of Jami to the latest version that includes Swarm Technology. The latest version of Jami is always available from the Download page of the Jami website, at https://jami.net/download/.

To learn more about Swarm Technology, visit the blog post Synchronizing conversation history with Swarm and visit the Developer manual.

我可以打电话给线下联系人吗?

With Swarm Technology conversations, every device stores a copy of all of the messages in that conversation. If a user’s, or another participant’s, device is unreachable when a message is sent, when it becomes reachable, it will try to fetch any new messages from other reachable devices and synchronize message history. This can be done whenever at least one other device that has a copy of the new messages is also reachable.

参见

To read more about how conversations using Swarm Technology are synchronized, visit the blog post Synchronizing conversation history with Swarm.

If the participants in a conversation are often not online at the same time (for instance, due to different timezones), one of them might choose to set up Jami on an often-online device. The often-online device would receive the messages from each participant and relay it to the other(s) whenever they come online. Thus, acting similarly to a “server”, all the while Jami remains distributed by nature.

配置文件位于哪里?

根据平台,Jami将其配置 (帐户,证书,历史) 存储在不同位置.

GNU/Linux: global configuration is under ~/.config/jami/dring.yml, and account-specific files are under ~/.local/share/jami/. Finally, there is a cache directory at ~/.cache/jami/.
macOS: the full configuration is under ~/Library/Application Support/Jami/ if installed via https://jami.net. The app store version uses ~/Library/Containers/com.savoirfairelinux.ring.macos/Data/Library/Application Support/jami/.
Android: the full configuration is under /data/data/cx.ring/ (may require root privileges to view or change from outside Jami).
Windows: global configuration is under %AppData%/Local/jami/dring.yml, and account-specific files are under %AppData%/Local/jami/. Finally, there is a cache directory at %USERPROFILE%/.cache/jami/.

备注

Audio and video messages are recorded in the local-data in the folder: sent_data

For files, if a file is saved (right-click on the file, then Save), it will be added to the directory configured in the application settings.

How much bandwidth is required for calls?

For audio calls, Jami uses about 100 Kbps. For a video call, about 2 Mbit/s is required for medium quality. If the connection is slower, the bitrate will be automatically reduced.

If a device is hosting a video conference, approximately an additional 2 Mbps per participant is required. So, for example, for a conference with 10 participants, each participant requires 2 Mbps up and down, and the host requires 20 Mbps up and down.

根据链接的质量,贾米还使用算法改变消耗.因此,位速率可以至少达到200Kbit/s,最高达到6Mbit/s.

How can Savoir-Faire Linux Inc. (SFL) afford to give Jami away for free? How does SFL make money with Jami?

Savoir-Faire Linux Inc. (SFL) is a consulting company with some R&D projects. Jami is a GPLv3+ project and this will not change. SFL already sells services for several fields of expertise (hosting, developing websites and applications, embedded software, etc).

Jami is financed several ways:

Donations
Customization contracts
Services for other projects
Visibility
R&D
https://jami.biz

Jami recurring expenses:

As a distributed system, Jami incurs very low costs by design
Opt-in collection of anonymized statistics might be added in the future to better understand Jami usage; however, no personal data will be collected.

账户管理 

什么是Jami账户？

A Jami account is an asymmetric encryption key. The Jami account is identified by a Jami ID, which is a fingerprint of the public key.

What information is required to be provided to create a Jami account?

When a new Jami account is created, private information like an email address, address, or phone number is not required.

The following information can be provided:

A profile picture (optional).
A display name (optional), which is the name that clients will display for your contact. It can contain special characters.
A username (optional), which is a unique identifier that is directly associated with your Jami ID. This username→Jami ID mapping is stored on a server (ns.jami.net by default, but you can host your own).
A password (optional). This password is used to protect the account archive in the device.

参见

More information about Jami accounts is available in the Account management section of the Developer manual.

我的 Jami ID 在哪里？

Jami ID 显示在 Jami 应用的主页上。Jami ID 是一个 40 个字符的字母和数字组合字符串；例如：f2c815f5554bcc22689ce84d45aefdda1bce9146。

为什么我不必使用密码？

On a centralized system, a password is required to authenticate with a public server where accounts are stored. Any third-party who knows a person’s password could steal the person’s identity.

With Jami, the account is stored in a folder on the device. There is no public server where Jami accounts are stored. Hence, an account password is not required with Jami. The password is only used to encrypt a Jami account in order to protect the Jami account from someone who has physical access to the device.

A password may not be wanted or required if the device is encrypted. Recent versions of Jami do not ask for an account encryption password by default when creating new accounts.

备注

更改密码只会改变当前设备上的密码，并且它不会同步（因为没有服务器，其他设备也可以离线）。

为什么我不用注册用户名？

最永久、最安全的标识符是 Jami ID。不过，对一些人来说，这个用起来比较困难，还有注册用户名的选项。注册用户名需要一个名称服务器，例如 Jami 默认的 ns.jami.net。

如果您没有注册用户名,您仍然可以随时选择后续注册用户名.

如果您在 example.com 托管自己的名称服务器，则可以通过搜索 username@example.com 来查找在那里注册的用户名。

我可以更改我的用户名吗?

无法在默认名称服务器（ns.jami.net）上更改用户名。

用户名与显示名之间的区别是什么?

The username can be used as an identifier. The username points to the Jami ID, which is the permanent, secure identifier. Usernames are unique on the name server.

A display name allows you to choose another name that identifies a Jami account to contacts. Display names can be edited or changed at any time and only trusted peers can see them.

怎样备份账户?

There are two ways to back up an account:

Link another device to the account so the account will be on two devices. This option is available in the Account settings page.
Back up the account archive. More information about Jami accounts is available in the Account management section of the Developer manual. Some clients allow exporting the Jami account archive from Account settings.

我可以没有钥匙获取我的用户名吗?

If the default name server at ns.jami.net stores a username, the username cannot be retrieved without the key. There is no way to prove a username without the key.

If a different name server was used to store a username, there may be a way to move the username to a new Jami ID at the discretion of the administrator of the name server.

参见

More information about name servers is available in the Name Server protocol section of the Developer manual.

如果我忘记密码,我能恢复我的账户吗?

No. There is no traditional account recovery process; the user is the only person with access to the user’s data.

提示

Use a password manager if there is a concern about forgetting the Jami account password.

删除自己的账号会发生什么?

The Jami account is only stored on devices which have the Jami account.

The Jami account is gone and is unable to be restored if:

there is no backup of the Jami account, and
the Jami account is deleted from all devices.

Furthermore, nobody else can use the Jami account.

The contacts will still have the messages which were sent to them, but all public record of the account on the DHT will eventually disappear due to absence and lack of activity.

警告

The default ns.jami.net name server does not delete any registered usernames – other name servers might (not recommended), at their administrator’s discretion. So, if an account has a registered username on the default name server and the account is deleted or lost (without a backup), nobody (including the user) will be able to register a new account with that username again; thus, nobody can reach the user at that username anymore.

To avoid losing an account please back it up!

如果我连接一个新设备,会发生什么?

When a device is linked to an account, the Jami account archive is put on the Jami network for a few minutes. The Jami account is protected with a password Jami provides.

The new device receives the full account certificate with the master RSA keys, and it generates a new device key for signing/encrypting messages.

高级 

贾米使用哪个协议进行端到端加密?

We use TLS 1.3 with a perfect forward secrecy requirement for the negotiated ciphers for calls and file transfers. Messages are encrypted with an RSA key.

我参与 Jami网络时,我的机器会通过哪些数据?

所有这些数据都加密.

ICE descriptors of other Jami users (ICE is a protocol that helps establishing communication between two computers)
certain text messages
如上述解释,目前与新设备相关联的账户.

Audio/video streams and some text messages pass through the VoIP protocol. Text messages can be sent either via VoIP or DHT (the distributed network), depending on whether a VoIP communication channel is already open or not.

我为什么能与自己沟通呢?

许多用户使用Jami将数据从一个机器转移到另一个机器.

我应该启用推迟通知吗?

Push notifications allow Jami to operate in a way more adapted to the context of mobility (energy consumption, data, …). However, for the moment, notifications go through Google’s servers, via the Firebase service. Only one identifier is transferred and it is unusable for anyone who does not have access to the account.

什么是启动服务器?

A bootstrap server is the entry point of the distributed network. To enter in a network, Jami must know one other node. This is the role of the bootstrap. It can be any node in the network, but, bootstrap nodes are generally always up and available. The default one in Jami is bootstrap.jami.net.

What is a TURN server? What is STUN?

A TURN server is a relay, and is generally used when two peers are unable to contact to each other due to some firewall restriction, have NAT without any opened port, and no IPv6.

A STUN server is only used for SIP accounts, and is generally used to obtain the device public IP address. For Jami accounts, the DHT already provides the device public IP address.

什么是DHT代理?

The DHT proxy is a server that registers on the DHT on behalf of the device and relays information to and from the device. Thus, it is the server that will be active on the DHT and will participate in the network, and no longer the target device. Multiple devices can register on the same DHT proxy.

一般来说,在两个同龄人之间传输数据,有3步:

Exchange candidates (IP addresses) via the DHT
Negotiate the best P2P channel between the peers
在这个插座上传输数据.

只有在第一步使用DHT.

如果我禁用了DHT代理在Android上,

基本上有3种方法来使用Android应用程序:

With push notifications (DHT proxy must be enabled). This mode supports notifications for Android (via Google/Firebase, and soon UnifiedPush or Apple/APN). This decreases battery usage by removing the sync required with the DHT and without any socket always alive.
Without push notifications but with DHT proxy enabled. This avoids the application synchronizing with other nodes, but “Run in the background” MUST be enabled to avoid the operating system killing the application.
Without DHT proxy. In this case, “Run in the background” MUST be enabled to avoid the operating system killing the application. The application will synchronize with the other DHT nodes.

我仍然有问题与安卓应用程序即使电池优化是禁用的 

Please read https://dontkillmyapp.com for more details. If it does not solve the issues, please open a bug report (ideally with a scenario to help reproduce and/or logs).

用户名注册服务是如何工作的?

With the default name server (ns.jami.net), the usernames are registered on an Ethereum blockchain. It is possible to develop a name server with any underlying data storage technology. For example, an SQL database could be used instead of a blockchain for the data storage technology.

With the default name server, look up usernames with https://ns.jami.net/name/test, where test is a username for which we are looking for a matching Infohash.

Once registered, the name server does not provide any way to remove the mapping.

More information about name servers is available in the Name Server protocol section of the Developer manual.

我怎么能改变一个电话的时间?

In the dring.yml file (see 配置文件位于哪里?), the ringingTimeout value, measured in seconds, can be changed.

如何备份和重新导入对话和账户 

备注

This is only applicable for Desktop clients. Desktop clients run on GNU/Linux, macOS, and Windows operating systems.

Export each accounts. (For GNU/Linux: Open settings → Account → Manage account → Backup account).
Copy and save the database (in ~/.local/share/jami/ for example).
On the new device, to import the settings and contacts with empty conversations:
- if Jami is opened for the first time, import the archive backup. I already have an account → Import from an archive backup.
- if Jami already has an account, import each archive backup. Add another account → I already have an account → Import from an archive backup.
Close Jami and replace the database with the database previously saved.

你有多安全?

TLS/SRTP is used to secure connection and communications over the network.

SRTP over SIP is implemented using recommendations described in the following two RFCs:

Typically 2 kinds of sockets are negotiated. One for the control socket, the other for the media sockets.

Typical control session will use the following cipher suite:

(TLS1.3)-(ECDHE-SECP384R1)-(RSA-PSS-RSAE-SHA384)-(AES-256-GCM)
(TLS_ECDHE_RSA_AES_256_GCM_SHA384)

DTLS (fallback) supported:

"SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-VERS-TLS-ALL:+VERS-DTLS-ALL:-RSA:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"

TLS:

"SECURE192:-KX-ALL:+ANON-ECDH:+ANON-DH:+SECURE192:-RSA:-GROUP-FFDHE4096:-GROUP-FFDHE6144:-GROUP-FFDHE8192:+GROUP-X25519:%SERVER_PRECEDENCE:%SAFE_RENEGOTIATION"

支持媒体会议的加密套件是:

AES_CM_128_HMAC_SHA1_80 / SRTP_AES128_CM_HMAC_SHA1_80
AES_CM_128_HMAC_SHA1_32 / SRTP_AES128_CM_HMAC_SHA1_32

When do public IP addresses get exposed?

We can consider three main connectivity scenarios: (1) a classic configuration, (2) behind a VPN, and (3) via Tor.

As Jami is a P2P application, the reader would probably know that (2) or (3) is mandatory to avoid IP address leaking.

Moreover, even if it’s my answer, you can choose to not trust my answer and check the code, or use Wireshark or other tools. Generally, Jami developers use the first scenario (sometimes the second one). It is impossible to test all the possible networks configurations, so if you discover a bug, please open an issue.

For all three scenarios, there are three main actions:

发送消息 (这将使用DHT);
sending a file (TCP ICE connection as described in the File transfer section of the Developer manual; and
placing a call (TCP + UDP ICE connection as described in the Calls section of the Developer manual.

(1) A classic configuration 

发送消息

The Jami application is running a DHT (https://opendht.net) node on your device. So every operations on the DHT will use your IP address. This is why Jami has the option to use a DHTProxy (e.g., http://dhtproxy.jami.net/); this will avoid using your node and instead will use another node on the network (which will see your IP address). Note that your message is not sent directly to the other device. In fact your message is sent on some nodes of the DHT and your contact will retrieve the message on this node. So, your contact don’t see your IP address at this step, but the node who get the message will (or they will see the IP address of the proxy).

发送文件

As described in the docs, you will send a message with all the IP address you know that your peer can contact in an encrypted packet. So, if your peer send you a file or you send a file, your addresses will appear in the ICE message.

呼叫

Same as above, the IP address is present in the ICE.

(2) Behind a VPN 

发送消息

The IP address of your VPN will be used by the DHT node. If you want a proof, you can compile dhtnode and run the la command to get your public detected address. This is what I got:

./tools/dhtnode -b bootstrap.jami.net
Bootstrap: bootstrap.jami.net:4222
OpenDHT node be58fdc9f782269bfc0bbfc21a60bca5f02cb881 running on port 54299
(type 'h' or 'help' for a list of possible commands)

>> la
Reported public addresses:
IP ADDRESSES OF MY VPN

So, if you don’t use a proxy, your VPN addresses will be used for using the DHT. If you use a DHTProxy, the DHTProxy will see your VPN addresses.

发送文件

Same as above, the ICE contains:

addresses from your LAN
public address of your VPN
TURN address if TURN is enabled

给我一个电话

Same as above, your public address is replaced by your VPN address. You can see it in the logs from daemon. See 记载.

(3) Tor 

发送消息

托尔基本上不支持UDP.这意味着你不能本地使用DHT节点,你必须使用DHTProxy.该代理将看到出口节点.

发送文件

我更喜欢一个证明,而不是任何描述.所以,我用Jami + TOR进行了文件转移.这是我看到的遥控器日志:

[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 33293 typ host tcptype passive
[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a8c801 1 TCP 2130706431 192.168.200.1 9 typ host tcptype active
[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 33293 typ host tcptype passive
[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Hc0a80103 1 TCP 2130706431 192.168.1.3 9 typ host tcptype active
[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: R33fe279d 1 TCP 16777215 51.254.39.157 27427 typ relay tcptype passive
[1574218330.556|10688|p2p.cpp           :241  ] [Account:93a03f519f394143] add remote ICE candidate: Sc0a8c801 1 TCP 1694498815 185.220.101.24 33293 typ srflx tcptype passive

首先是192.168.x.x,所以我们不在乎. 51.254.39.157是法国的TURN地址 (我的设备在加拿大). 185.220.101.24是Tor的出口节点:

inetnum:        185.220.101.0 - 185.220.101.127
netname:        MK-TOR-EXIT

给我一个电话

这将不会工作 (实际上,你可以创建SIP控制连接,因为它是TCP连接),

贾米使用哪些端口?

贾米作为服务器工作,并为每个连接获得新的端口 (随机绑定).

:UDP [4000, 8888]
音频:UDP [16384-32766]
视频:UDP [49152-65534]
控制SIP:UDP/TCP随机绑定

备注

If UDP is blocked, a DHTProxy can be used to use TCP instead. However, media will not work because it only supports UDP.

So for UFW (Uncomplicated Firewall), it is recommended to open the Terminal and enter the command:

sudo ufw default allow outgoing

Currently, it is not possible to define the range of configured ports to be used by Jami. The inbound traffic can be controlled without issue; Jami should work and can use a TURN server if required.

If you run your own proxy or name server:

DHTProxy, name server: TCP [80-100], 443

如果您运行自己的TURN服务器:

转换/STUN:TCP+UDP 3478, 5349

Can I use Jami in a local network (LAN) without Internet access?

Yes! Thanks to Jami’s architecture, Jami users on a local/private network can communicate among themselves using Jami, without requiring any outside connectivity such as the Internet.

To do so, from Jami’s Account settings open Advanced account settings. There, enable the Enable local peer discovery setting. Additionally, you may want to manually set the bootstrap node’s address (default: bootstrap.jami.net) to the IP address of another device on your network that also runs Jami and/or an OpenDHT node.

备注

If you will use this Jami account for communicating only with only with other devices on the same local/private network, you can disable TURN if you wish. If you do so, and later you decide to use this account also for communicating with other Jami devices outside your network, don’t forget to enable TURN again, as it helps Jami work around issues with some overly restrictive firewalls.

我怎么能更好地配置这些编码器呢?

Codecs can be configured via a file. In the configurations files, you can create a file called encoder.json like this:

{
    "libx264": {
        "profile": 100,
        "level": 42,
        "crf": 20,
        "preset": "ultrafast"
    },
    "h264_vaapi": {
        "low_power": 1
    },
    "libopus": {
        "application": "voip"
    }
}

或:

{
    "libopus": {
        "bit_rate": 128000
    }
}

This file is located in the same directory as dring.yml.

To check which options are supported, use the command ffmpeg -h encoder=[encoder_name], where encoder_name can be any of libx264, libvpx, mpeg4, h263, libopus, libspeex, g722, pcm_alaw, or pcm_mulaw (the FFmpeg names for all of Jami’s supported encoders).

如何配置音频处理器?

An audio processor allows Jami to clean up and process your microphone’s audio. It can remove echo, reduce noise, and equalize your microphone’s volume. Additionally, it can detect when you’re speaking and send this information to participants in your call. The audio processor settings can be set in your dring.yml file. See this section to find where this file is located.