Summary: the BBB service is now hosted at https://bbb.torproject.net, perform a password reset to get access. Rooms must be recreated, small changes to account policy. Stop using tor.meet.coop entirely.

• Background
• Proposal
  • Goals
    • Must have
    • Nice to have
    • Non-Goals
  • Tasks
  • Costs estimates
  • Timeline
  • Affected users
    • Visitors
    • Regular BBB users who are core contributors
    • Regular BBB users without LDAP accounts
    • Core contributors who were not granted access to the old BBB
    • Old admins
    • TPA
• Alternatives considered
  • Providers evaluation
  • Other communication platforms
  • Copying the current user list
• References

Background

We've been using Big Blue Button since around 2021, when we started using meet.coop for that service. This has served us relatively well for a couple of years, but in recent times, service has degraded to a point where it's sometimes difficult to use BBB at all.

We've also found out that BBB has some serious security issues with recordings which likely affect our current provider but, more seriously, our current server has been severely unmaintained for years.

Since 2023, meet.coop has effectively shutdown. The original plan was to migrate services away to another coop. Services were supposed to be adopted by webtv.coop, but they have declined to offer support for the service on 2025-10-15 as they were not involved in the project anymore. In July 2025, there's been an attempt to revive things. The last assessment identified serious security issues with the servers that "have not been maintained for years".

It seems the BBB servers run Ubuntu 18.04, which has been out of support from Canonical for more than two years, for example. A new person has started working to resolve the problem, but it will take weeks to resolve those issues, so we've migrated to another provider.

Proposal

Migrate our existing BBB server to Maadix. After evaluating half a dozen providers, they were the most responsive and were the ones that brought the security issues with recordings in the first place.

The new server is available at:

https://bbb.torproject.net/

All core contributors with an LDAP account have an account on the new server and should be able to reset their password using the password reset form.

The BBB account policy is changed: only core contributors have an account by default. Guest users are still possible, but are discouraged and have not been migrated. TPA members and the upstream provider (currently Maadix) are now the only administrators of the server.

Feedback and comments on the proposal are welcome by email or in the discussion issue, but beware that most of the changes described here have already been implemented. We are hoping this deployment will be in place for at least a couple of months to a year, during which time a broader conversation can be held in the organization regarding communication tools, see also the Other communication platforms section below.

Goals

Those are the requirements that were set in the conference documentation as of 2025-10-15, and the basis for evaluating the providers.

Must have

• video/audio communication for groups about 80 people
• specifically, work session for teams internal to TPI
• also, training sessions for people outside of TPI
• host partner organizations in a private area in our infrastructure
• a way for one person to mute themselves
• long term maintenance costs covered
• good tech support available
• minimal mobile support (e.g. web app works on mobile)

Nice to have

• Reliable video support. Video chat is nice, but most video chat systems usually require all participants to have video off otherwise the communication is sensibly lagged.
• allow people to call in by regular phone
• usable to host a Tor meeting, which means more load (because possibly > 100 people) and more tools (like slide sharing or whiteboarding)
• multi-party lightning talks, with ways to "pass the mic" across different users (currently done with Streamyard and Youtube)
• respecting our privacy, peer to peer encryption or at least encrypted with keys we control
• free and open source software
• tor support
• have a mobile app
• inline chat
• custom domain name
• Single-sign on integration (SAML/OIDC)

Non-Goals

• replace BBB with some other service: time is too short to evaluate other software alternatives or provide training and transition

Tasks

As it turns out, the BBB server is shared among multiple clients so we can't perform a clean migration.

A partial migration involved the following tasks:

• new server provisioning (Maadix)
• users creation (Maadix, based on a LDAP database dump from TPA)
• manual room creation (everyone)

In other words:

• rooms are not migrated automatically
• recordings are not be migrated automatically

If you want to copy over your room configuration and recordings, you need to do so as soon as possible.

Costs estimates

The chosen provider charges us 110EUR per month, with a one-time 220EUR setup fee. Major upgrades will be charged 70 euros.

Timeline

Normally, such a proposal would be carefully considered and providers carefully weighted and evaluated. Unfortunately, there is an emergency, and a more executive approach was necessary.

Accounting has already approved the expense range, and TPA has collectively agreed Maadix is the right approach, so this is considered already approved as of 2025-10-21.

As of 2025-10-23, a new server was setup at Maadix and was confirmed as ready on 2025-10-24.

At some unknown time in the future, the old tor.meet.coop will be retired, or at least our data will be wiped from it. We're hoping the DNS record be removed within a week or so.

Affected users

All BBB users are affected by this, including users without accounts. The personas below explain the various differences.

Visitors

Visitors, that is, users without BBB accounts that were joining rooms without authenticating are the least impacted. The only difference they will notice is the URL change from tor.meet.coop to bbb.torproject.net.

They might also feel a little safer knowing proper controls are implemented over the recorded sessions.

Regular BBB users who are core contributors

Existing users which are also core contributors are similar to visitors, mostly unchanged, although their account will be password reset.

Users need to use the password reset form to set a new password for the service.

Rooms configurations have to be recreated by the users.

Rooms recording should be downloaded from the old server as soon as possible for archival, or be deleted.

Regular BBB users without LDAP accounts

Those users were not migrated to the new server, to clean up the user database.

People who do need an account to create new rooms may ask for an account by contacting TPA for support, although it is preferable to ask an existing core contributor to create a dedicated room instead.

Note that this is a slight adjustment of previous BBB account policy which was more open to non-core contributors.

Core contributors who were not granted access to the old BBB

As part of the audit of the user database, we noticed a significant number of core contributors (~50) who had valid accounts in our authentication server (LDAP) but did not have a BBB account.

Those users were granted access to the server, as part of an effort of harmonizing our user databases.

Old admins

All existing BBB admins accounts were revoked or downgraded to regular users. Administrator access is now restricted to TPA, which will grant accesses as part of normal onboarding procedures, or upon request.

TPA

TPA will have a slightly improved control over the service, by having a domain name (bbb.torproject.net) that can be redirected or disabled to control access to the server.

TPA now has a more formal relationship with the upstream, as a normal supplier. Previously, the relationship with meet.coop was a little fuzzier, as anarcat participated to the coop's organisation by sitting on the board.

Alternatives considered

Providers evaluation

For confidentiality reasons, the detailed provider evaluation is not shared publicly in this wiki. The details are available in GitLab internal notes, starting from this comment.

Other communication platforms

In the discussion issue, many different approaches were discussed, in particular Matrix calls and Jitsi.

But at this point, we have a more urgent and immediate issue: our service quality is bad, and we have security issues to resolve. We're worried that the server is out of date and poorly managed, and we need to fix this urgently.

We're hoping to look again at alternative platforms in the future: this proposal does not set in stone BBB as the sole videoconferencing platform forever. But we hope the current configuration will stay in place for a couple of months if not a year, and give us time to think about alternatives. See issue tpo/team#223 for previous discussions and followup on this broader topic.

Copying the current user list

We could have copied the current user list, but we did not trust it. It had three accounts named "admin", over a dozen accounts with the admin roles, users that were improperly retired and, in general, lots of users inconsistent with our current user base.

We also considered granting more people administrator access to the server, but in practice, it seems like TPA is actually responsible for this service now. TPA is the team that handled the emergency and ultimately handles authentication systems at Tor, along with onboarding on technical tools. It is only logical that it is TPA that is administering the new instance.

References

• discussion issue
• BBB account policy