Subscribe to bloggeek feed bloggeek
The leading authority on WebRTC
Updated: 1 hour 51 min ago

Nocode/Lowcode in CPaaS

Mon, 07/18/2022 - 12:30

Lowcode and nocode or old/new concepts that are now finding their way to Communication APIs. Here’s the latest developments.

Lowcode and nocode has fascinated me. Around 15 years ago (or more), I was tasked with bringing the video calling software SDKs we’ve developed at RADVISION to the cloud.

At the time, the solutions we had were geared towards developers and were essentially SDKs that were used as the video communication engines of applications our customers developed. Migrating to the cloud when all you are doing is the SDKs is a challenge. How do you offer your developer customers with the means to control the edge devices via the cloud, and doing so while allowing the application to control the look and feel, embedding the solution wherever they want.

The cloud we’ve developed used Python (Node.js wasn’t popular yet), and we dabbled and experimented with Awesomium – a web browser framework for applications – the predecessor of today’s more popular Electron. We built REST APIs to control the calling logic and handle the client apps remotely via the cloud.

I spent much of my time trying to come to grips with how exactly you would fit remote controlling an app to the fact that you don’t really own or… control. A conundrum.

Fast forward to today, where cloud and WebRTC are everywhere, and you ask yourself – how do you remote control communications – and how do you build such interactions with ease.

The answer to that is usually by way of nocode and lowcode. Mechanisms that reduce the amount of code developers need to write to use certain technologies – in our case Communication APIs (CPaaS).

I had a bit of spare time recently, so I decided to spend it on capturing today’s nocode & lowcode status and progress within the CPaaS domain.

This has been especially important if you consider the recent announcements in the market – including the one coming from Zoom about their Jumpstart program:

“With Jumpstart, you can quickly create easy-to-integrate and easy-to-customize Zoom video solutions into your apps at lower costs.”

So without much ado, if this space interest you, you should check out my new free eBook: Lowcode & Nocode in Communication APIs

This eBook details and explains the various approaches in which lowcode and nocode manifest themselves in the Communication APIs domain. It looks into the advantages and challenges of developers who adopt such techniques within their applications.

I’d like to thank Daily for sponsoring this ebook and helping me make it happen. If you don’t know them by now then you should. Daily offers WebRTC video and audio for every developer – they are a CPaaS vendor with a great lowcode/nocode solution called Daily Prebuilt

If you are in the process of developing applications that use 3rd party Communication APIs, you will find the insights in this eBook important to follow.


The post Nocode/Lowcode in CPaaS appeared first on

In group video calls, effectively managing bandwidth is 90% of the battle

Mon, 07/11/2022 - 11:30

The biggest challenge you will have when implementing WebRTC group calling is estimating optimizing bandwidth use.

[In this list of short articles, I’ll be going over some WebRTC related quotes and try to explain them]

Video is a resource hog. Some say that WebRTC is a great solution for 1:1 calls, but is lacking when it comes to group calling. To them I’d say that WebRTC is a technology and not a solution. In this case, it simply means that you need to invest some effort in getting group video calling to work well.

What does that mean exactly? That you need to think about bandwidth management first and foremost.


Let’s assume a 25 participants video call. And we’re modest – we just want each to encode his video at 500kbps – reasonable if we plan on having everyone at a mere VGA resolution (640×480 pixels).

Want to do the math together?

We end up with 12.5Mbps. That’s only for the video, without the overhead of headers or  audio. Since we only need to receive media from 24 participants, we can “round” this down to 12Mbps.

I am sure you have a downlink higher than 12Mbps, but let me tell you a few things you might not be aware of:

  • A downlink of 100Mbps doesn’t mean you can really get sustainable 12Mbps for a long period of time
  • It also doesn’t mean you can get 12Mbps of incoming UDP traffic (and you prefer UDP since it is better for sending real-time media)
  • Most likely, your device won’t be able to decode 12Mbps of video content at reasonable CPU use
  • And if you have hardware acceleration for video decoding, it usually is limited to 3 or 4 media streams, so handling 24 such streams means software decoding – again running against the CPU processing limit
  • The larger the group the more diverse the devices and network connections. So you’ll be having people joining on old devices and smartphones, or with poor network connections. For them, 12Mbps will be science fiction at best
  • As a rule of thumb, I’d look at any service that uses over 3-4Mbps of downlink video traffic for video group calls as something that wasn’t properly optimized

You can get better at it, trying to figure out lower bitrates, limit how much you send and receive and do so individually per participant in the video group meeting. You can take into consideration the display layout, the dominant speaker and contributing participants, etc.

That’s exactly what 90% of your battle here is going to be – effectively managing bandwidth.

Going for a group video calling route? Be sure to save considerable time and resources for optimization work on bandwidth estimation and management. Oh – and you are going to need to do that continuously. Because WebRTC is a marathon not a sprint

Scaling WebRTC is no simple task. There are a lot of best practices, tips and tricks that you should be aware of. My WebRTC Scaling eBooks Bundle can assist you in figuring out what more you can do to improve the quality and stability of your group video calling service.

The post In group video calls, effectively managing bandwidth is 90% of the battle appeared first on

WebRTC is a technology not a solution

Mon, 06/27/2022 - 12:30

WebRTC is a building block to be used when developing solutions. Comparing it to solutions is the wrong approach.

[In this list of short articles, I’ll be going over some WebRTC related quotes and try to explain them]

How does WebRTC compare to Zoom?

What about Skype? Or FaceTime?

I’d say this is an to questions – you’re not comparing things that are comparable.

WebRTC is a piece of technology. A set of building blocks that you can use, like lego bricks.

In essence, you can view WebRTC in two ways:

  1. A standard specification – what goes on the network. In this mindset, the actual infrastructure pieces are yours to build (=the application/solution), and WebRTC just specifies what goes “in the wire”
  2. Open source implementation of the specification – this one is the libwebrtc library maintained by Google and embedded in Chrome. And then it is again just a piece that gets embedded inside different components, usually client-side only. And again, the solution is up to you to build with additional infrastructure pieces

Got an application you’re developing? Need communications sprinkled into it? Some voice. Maybe video. All in real time. And with browser components maybe. If that is the case, then WebRTC is the technology you’re likely to be using for it. But piecing all of that together into your application? That’s up to you. And that’s your solution.

We can then compare the solution you built to some other solution out there.

Next time people tell you “WebRTC isn’t good because it can’t do group calls” – just laugh at their faces. Because as a technology WebRTC can certainly handle group calls and large broadcasts – you’ll need to bring media servers to do that, and sweat to build your solution. The pieces of your puzzle there will include WebRTC as a technology.


WebRTC is a technology not a solution. What you end up doing with it is what matters

Looking to learn more on how to use WebRTC technology to build your solution? We’ve got WebRTC training courses just for that!

The post WebRTC is a technology not a solution appeared first on

WebRTC is a marathon not a sprint

Tue, 06/14/2022 - 12:30

WebRTC requires an ongoing investment that doesn’t lend itself to a one-off outsourced project. You need to plan and work with it longtime.

[In this list of short articles, I’ll be going over some WebRTC related quotes and try to explain them]

WebRTC simplified development and reduced the barrier of entry to many in the market. This brought with it the ability to quickly build, showcase and experiment with demos, proof of concepts and even MVPs. Getting that far is now much easier thanks to WebRTC, but not planning ahead will ruin you.

There are a few reasons why you can’t treat WebRTC as merely a sprint:

  1. WebRTC as a technology is changing
    • The standard and what browsers implement isn’t aligned just yet. There are discrepancies, and while they are getting resolved, this takes time, meaning we’re in a long transition period
    • Browsers are investing in WebRTC (or at least the Chrome team is), so browser behaviors wrt WebRTC changes between one Chrome release to another
  2. Communications vendors have woken up
    • Since the pandemic, communication vendors are investing heavily in innovation
    • This leads to an arms race in feature sets and capabilities. Things you’ll need to keep up with as well
  3. WebRTC is a resource hog
    • It uses microphones and cameras, it eats up CPU and memory
    • New devices (and old devices seen for the first time) may well cause hiccups in your application’s behavior. You’ll be fine tuning, tweaking and troubleshooting your WebRTC code for years to come – assuming your service becomes popular
  4. Networks are flaky
    • WebRTC needs to work on unmanaged networks at all times
    • Often enough, users will fail to connect. Or have quality issues. You’ll need to help them out. A lot more than with “simple” web sites

I like using this slide in my courses and presentations:

These are the actors in a WebRTC application. While the application is within your control and ownership – everything else isn’t…

  • Users are finicky and they use their own weird devices to connect. They also come with different levels of technical understanding and savviness
  • Networks are unmanaged, and you can never know in advance where the user is, if his network is good or bad, and what kind of firewalls and other nasty devices along the route are going to hinder communications
  • Browsers don’t adhere to your development schedule. They have their own pace, which is breakneck speeds of around 4 weeks between one release to another

Planning on using WebRTC? Great!

Now prepare for it as you would for a long marathon – it isn’t going to be a sprint.

Things to in your preparation for the WebRTC marathon include:

  • Getting skilled teams; most likely growing them inhouse and training them with WebRTC
  • Tool up. Take care of long term needs of testing and monitoring (you definitely should check testRTC)
  • Use a third party CPaaS to own most of the WebRTC infrastructure headaches if you don’t have the skillset to do it (and yes, I have a report for that)

The post WebRTC is a marathon not a sprint appeared first on

What is the WebRTC leak test and should you be worried about it?

Mon, 06/06/2022 - 12:00

Hearing FUD around WebRTC IP leaks and testing them? The stories behind them are true, but only partially.

WebRTC IP leak tests were popular at some point, and somehow they still are today. Some of it is related to pure FUD while another part of it is important to consider and review. In this article, I’ll try to cover this as much as I can. Without leaking my own private IP address ( at the moment if you must know) or my public IP address (, while tethered to my phone at the coffee shop), lets dig into this topic together

Table of contents Premier to IP addresses

IP addresses are what got you here to read this article in the first place. It is used by machines to reach out to each other and communicate. There are different types of IP addresses, and one such grouping is done between private and public addresses.

Private and public IP addresses

Once upon a time, the internet was built on top of IPv4 (and it still mostly is). IPv4 meant that each device had an IP address constructed out of 4 octets – a total of around 4 billion potential addresses. Less than the people on earth today and certainly less than the number of devices that now exist and connect to the internet.

This got solved by splitting the address ranges to private and public ones. A private IP address range is a range that can be reused by different organizations. For example, that private IP address I shared above? It might also be the private IP address you are using as well.

A private IP address is used to communicate between devices that are hosted inside the same local network (LAN). When a device is on a different network, then the local device reaches out to it via the remote device’s public IP address. Where did that public IP address come from?

The public IP address is what a NAT device associates with the private IP address. This is a “box” sitting on the edge of the local network, connecting it to the public internet. It essentially acts as the translator of public IP addresses to private ones.

IP addresses and privacy

So we have IP addresses, which are like… home addresses. They indicate how a device can be reached. If I know your IP address then I know something about you:

  • Private IP address is a small window towards that local network. Enough such addresses and someone can get a good understanding of the architecture of that network (or so I am being told)
  • Public IP addresses can tell you where that user is. To some extent:

A quick look at that public IP address of mine from above, gives you the following information on


  • My ISP is HOT Mobile
  • But… this is a cellular hotspot tethered from my smartphone
  • And I am definitely not located in Ashdod, although I did grew up there as a kid
  • Suffice to say, this isn’t a Static IP address either
  • A thing to consider here – a seemingly innocent website knows my public IP address. There’s no real “privacy” in public IP addresses

It is somewhat accurate, but in this specific case, not much. In other cases it can be pretty damn accurate. Which means it is quite private to me.

One thing these nasty IP addresses can be used for? Fingerprinting. This is a process of understanding who I am based on the makeup and behavior of my machine and me. An IP address is one of many characteristics that can be used for fingerprinting.

If you’re not certain if IP addresses are a privacy concern or not, then there’s the notion that most probably IP addresses are considered privately identifiable information – PII (based on ruling of US courts as far as I can glean). This means that an IP address can be used to identify you as a person. How does that affect us? I’d say it depends on the use case and the mode of communications – but what do I know? I am not a lawyer.

Who knows your IP address(es)?

IP addresses are important for communications. They contain some private information in them due to their nature. Who knows my IP addresses anyway?

The obvious answer is your ISP – the vendor providing you access to the internet. It allocated the public IP address you are using to you and it knows which private IP address you are coming from (in many cases, it even assigned that to you through the ADSL or other access device it installed in your home).

Unless you’re trying to hide, all websites you access know your public IP address. When you connected to my blog to read this article, in order to send this piece of content back to you, my server needed to know where to reply to, which means it has your public IP address. Am I storing it and using it elsewhere? Not that I am directly aware of, but my marketing services such as Google Analytics might and probably does make use of your public IP address.

That private IP address of yours though, most websites and cloud services aren’t directly aware of it and usually don’t need it either.

WebRTC and IP addresses

WebRTC does two things differently than most other browser based protocols out there:

  1. It enables peer-to-peer communications, directly between two devices. This diverges from the classic client-server approach where a server mediates each and every message between clients
  2. WebRTC uses dynamic ports generated per session when needed. This again is something you won’t see elsewhere in web browsers where ports 80 and 443 are so common

Because WebRTC diverges from the client-server approach AND uses dynamic ephemeral ports, there’s a need for NAT traversal mechanisms to be able to.., well… pass through these NATs and firewalls. And while at it, try not to waste too much network resources. This is why a normal peer connection in WebRTC will have 4+ types of “local” addresses as its candidates for such communications:

  1. The local address (usually, the private IP address of the device)
  2. Server reflexive address (the public IP address received via a STUN request)
  3. Host address (a public IP address received via a TURN request). This one comes in 3 different “flavors”: UDP, TCP and TLS

Lots and lots of addresses that need to be communicated from one peer to another. And then negotiated and checked for connectivity using ICE.

Then there’s this minor extra “inconvenience” that all these IP addresses are conveyed in SDP which is given to the application on top of WebRTC for it to send over the network. This is akin to me sending a letter, letting the post office read it just before it closes the envelope.

IP addresses are necessary for WebRTC (and VoIP) to be able to negotiate and communicate properly.

This one is important, so I’ll write it again: IP addresses are necessary for WebRTC (and VoIP) to be able to negotiate and communicate properly.

It means that this isn’t a bug or a security breach on behalf of WebRTC, but rather its normal behavior which lets you communicate in the first place. No IP addresses? No communications.

One last thing: You can hide a user’s local IP address and even public IP address. Doing that though means the communication goes through an intermediary TURN server.

Past WebRTC “exploits” of IP addresses

WebRTC is a great avenue for hackers:

  1. It is a new piece of technology, so the understanding of it is limited
  2. WebRTC is complex, with a lot of different network protocols and attack surfaces via its extensive APIs
  3. IP addresses are needed to be exchanged, giving access to… well… IP addresses

The main exploits around IP addresses in browsers affecting the user’s privacy were conducted so far for fingerprinting.

Fingerprinting is the act of figuring out who a user is based on the digital fingerprint he leaves on the web. You can glean quite a lot about who a user is based on the behavior of their web browser. Fingerprinting makes users identifiable and trackable when they browse the web, which is quite useful for advertisers.

The leading story here? NY Times used WebRTC for fingerprinting

There’s a flip side to it – WebRTC is/was a useful way of knowing if someone is a real person or a bot running on browser automation as indicated in the comments. A lot of the high scale browser automations simply couldn’t quite cope with WebRTC APIs in the browser, so it made sense to use it as part of the techniques to ferret out real traffic from bots.

Since then, WebRTC made some changes to the exposure of IP addresses:

  • It doesn’t expose local IP addresses to the application if the user haven’t allowed access to the camera or microphone
  • If it still needs local addresses, it uses mDNS instead
Who knows your local IP address in WebRTC?

There are different entities in a WebRTC session that need to have your local IP address in a WebRTC session:

  1. Your browser. Its “innards” which runs the WebRTC stack needs to know your local IP address. And it does. So does your browser for that matter
  2. The other peer. This can be another web browser or a media server. They need that IP address to reach back to you if they’re on the same network as you are. And they can only know that if they try reaching out to you
  3. The web application. Since WebRTC has no signaling, the application is the one that sends the local IP address to the other peer
  4. Browser extensions. These may have access to this information simply because they have JavaScript coding access to the web page conducting the communications. Since the web application has a clear view of the IP addresses in the SDP messages, so does any browser extensions that have access to that web page and web application
  5. TURN servers. Not yours, but your peer’s TURN server. Since that TURN server may act as a mediator for the traffic. It needs your local IP address to try (and mostly fail) to connect to it

The other peer, the web application and the TURN server don’t really need that access if you don’t care about the local network connectivity use case. If connecting a WebRTC session on the local network (inside a company office, home, etc) isn’t what you’re focused on, then you should be fine with not sharing the local IP address.

Also, if you are concerned about your privacy to the point of not wanting people to know your local IP address – or public IP address – then you wouldn’t want these IP addresses exposed either.

But how can the browser or the application know about that?

VPNs stopping WebRTC IP leaks

When using a VPN, what you are practically doing is making sure all traffic gets funneled through the VPN. There are many reasons for using a VPN and they all revolve around privacy and security – either of the user or the corporate whose VPN is being used.

The VPN client intercepts all outgoing traffic from a device and routes it through the VPN server. VPNs also configure proxy servers for that purpose so that web traffic in general would go through that proxy and not directly to the destination – all that in order to hide the user itself or to monitor the user’s browsing history (do you see how all these technologies can be used either for anonymity or for the exact opposite of it?).

WebRTC poses a challenge for VPNs as well:

  • It uses multiple addresses and ports. Dynamically. So it is a bit harder to track and reroute
  • IP addresses are found inside the body of HTTP and WebSocket messages themselves and not only in the protocol headers. They can be quite hard to find in order to delete/replace
  • WebRTC uses UDP, which typically doesn’t get a special treatment by web proxies (which tend to focus on HTTP and WebSocket traffic)
  • Did I mention it is rather new? And VPN vendors know little about it

To make all this go away, browsers have privacy policies built into them. And VPNs can modify these policies to accommodate for their needs – things like not allowing non-proxied UDP traffic to occur.

How much should you care about WebRTC IP leaks?

That’s for you to decide.

As a user, I don’t care much about who knows my IP address. But I am not an example – I am also using Chrome and Google services. Along with a subscription to Office 365 and a Facebook account. Most of my life has already been given away to corporate America.

Here are a few rules of thumb I’d use if I were to decide if I care:

  • If you’re blocking JavaScript in your browser then you probably have nothing to worry about – WebRTC won’t work without it anyway
  • Assuming you’re not using Skype, Facebook Messenger, Whatsapp and others because you don’t want them to know or track you, then you should think twice about using WebRTC as well. And if you use it, make sure to “plug” that “IP leak” in WebRTC
  • Using a VPN? Then it means you don’t want your IP addresses publicly known. Make sure your VPN handles WebRTC properly as well
  • You replaced Google Search with DuckDuckGo in your browser? Or other search engines because they were said to be more privacy conscious? Then you might want to consider the WebRTC angle of it as well

In all other cases, just do nothing and feel free to continue using WebRTC “as is”. The majority of web users are doing just that as well.

Do you want privacy or privacy?

This one is tricky

You want to communicate with someone online. Without them knowing your private or public IP address directly. Because… well… dating. And anonymity. And harassment. And whatever.

To that end, you want the communication to be masked by a server. All of the traffic – signaling and media – gets routed through the intermediary server/service. So that you are masked from the other peer. But guess what – that means your private and public IP addresses are going to be known to the intermediary server/service.

You want to communicate with someone online. Without people, companies or governments eavesdropping on the conversation.

To that end, you want the communication to be peer-to-peer. No TURN servers or media servers as intermediaries. Which is great, but guess what – that means your private and public IP addresses are going to be known to the peer you are communicating with.

At some point, someone needs to know your IP addresses if you want and need to communicate. Which is exactly where we started from.

Oh, and complicated schemes a-la TOR networking is nice, but doesn’t work that well with real time communications where latency and bitrates are critical for media quality.

The developer’s angle of WebRTC IP leaks

We’ve seen the issue, the reasons for it and we’ve discussed the user’s angle here. But what about developers? What should they do about this?

WebRTC application developers

If you are a WebRTC application developer, then you should take into account that some of your users will be privacy conscious. That may include the way they think about their IP addresses.

Here are a few things for you to think about here:

  • Does your service offer P2P communications? (you probably need local IP addresses for that in the messages)
  • If your traffic flows solely via media servers, consider removing host candidates from the device side. They will be mostly useless anyway
  • You’re probably passing the IP addresses in SDP messages in your network. Are you storing them or logging them anywhere? For how long? In what format?
  • Test your service in various privacy-challenging environments:
    • Web proxies
    • Strict firewalls
    • VPNs of various types
VPN developers

If you are a VPN developer, you should know more about WebRTC, and put some effort into handling it.

Blocking WebRTC altogether won’t solve the problem – it will just aggravate users who need access to WebRTC-based applications (=almost all meeting apps).

Instead, you should make sure that part of your VPN client application takes care of the browser configurations to place them in a policy that fits your rules:

  • Make sure you route WebRTC traffic via the VPN. That includes both signaling (easy) and media (harder). I’d also check the data channel routing while at it if I were you
  • Handle UDP routing. Don’t just go for the simple TCP/TLS-only approach, as this will ruin the quality of experience for your users
  • Test against multiple different types of WebRTC applications out there. Don’t only look at Google Meet – there are plenty of others people are using
WebRTC leak test: The FAQ version What is a WebRTC leak test?

A WebRTC leak test is a simple web application that tries to find your local IP address. This is used to check and prove that an innocent-looking web application with no special permissions from a user can gain access to such data.

Does WebRTC still leak IP?

Yes and no.
It really depends where you’re looking at this issue.
WebRTC needs IP addresses to communicate properly. So there’s no real leak. Applications written poorly may leak such IP addresses unintentionally. A VPN application may be implemented poorly so as to not plug this “leak” for the privacy conscious users who use them.

Can I block WebRTC leaks in Chrome?

Yes. By changing the privacy policy in Chrome. This is something that VPNs can do as well (and should do).

How severe is the WebRTC leak?

The WebRTC leak of IP addresses gives web applications the ability to know your private IP address. This has been a privacy issue in the past. Today, to gain access to that information, web applications must first ask the user for consent to access his microphone or camera, so this is less of an issue.

What is a good VPN to plug the WebRTC leak?

I can’t really recommend a good VPN to plug WebRTC leaks. This isn’t what I do, and frankly, I don’t believe in such tools plugging these leaks.
One rule of thumb I can give here is that don’t go for a free VPN. If it is free, then you are the product, which means they sell your data – the exact privacy you are trying to protect.

The post What is the WebRTC leak test and should you be worried about it? appeared first on

WebRTC reduced barriers and increased innovation in communications

Mon, 05/23/2022 - 13:00

What WebRTC did to VoIP was reduce the barrier of entry to new vendors and increased the level and domains of innovation.

[In this list of short articles, I’ll be going over some WebRTC related quotes and try to explain them]

WebRTC was an aha moment in the history of communications.

It did two simple things that were never before possible for “us” VoIP developers:

  1. Offered a built-in implementation in the browser (you mostly no longer needed to implement the low level media processing aspect of the client device)
  2. Provided in single, standardized API layer (up until then the standardized layer was the network protocol itself)

This in turn, brought with it the two aspects of WebRTC illustrated above:

  1. Reduced barrier of entry
    • You no longer needed to know in detail how the network protocols worked in order to develop something – there’s a standardized API that you can use that takes care of handling all that networking “stuff” somewhere (or at least needed to know a lot less to get started and to launch something)
    • The client side was mostly solved on the low level. You could focus on building your application and user experience a lot earlier in the game
  2. Increased innovation
    • Now that you’re not expected to focus so much on the low level, you can work more on the user experience, which means more time to innovate
    • And since you don’t need to know all of that networking stuff so intimately, you no longer need to be “indoctrinated” as a VoIP developer. Which means developers came from all software domains, with their own ideas on how communications should work, forcing greater innovate than ever before

For many years I’ve been using this slide to explain why WebRTC is so vastly different than what came before it:

  • It is free since the code is open source and the implementation is already embedded in all modern browsers. This means everyone can make use of it → reduced barrier of entry
  • The focus of it is web developers and not VoIP developers. There are more web developers than VoIP ones, and they come with different worldviews → increased innovation

That said, truly innovating, productizing and scaling WebRTC applications require a bit more of an investment and a lot more in understanding and truly grokking WebRTC. Especially since WebRTC is… well… it is web and VoIP while at the same time it isn’t exactly web and it isn’t exactly VoIP:

This means that you need to understand and be proficient with both VoIP development (to some extent) and with web development (to some extent).

Looking to learn WebRTC? Here are some guidelines of how to get started with learning WebRTC.

The post WebRTC reduced barriers and increased innovation in communications appeared first on

FIDO Alliance and the end of 2FA revenue to CPaaS vendors

Mon, 05/16/2022 - 13:00

With FIDO coming to replace passwords in applications, CPaaS vendors are likely to decline in 2FA revenues.

2FA revenue has always lived on the premise that passwords are broken. I’ve written about this back in 2017:

Companies are using SMS for three types of services these days:

1. Security — either through two-factor authentication (2FA), for signing in to services; or one-time password (OTP), which replaces the need to remember a password for various apps

2. Notifications for services — these would be notifications that you care about or that offer you information, like that request for feedback or maybe that birthday coupon

3. Pure spam — businesses just send you their unsolicited crap trying to get you to sign up for their services

Spam is spam. Notifications are moving towards conversations on social networks. And the security SMS messages are going to be replaced by FIDO. Here’s where we’re headed.

Let’s take this step by step.

Table of contents Passwords and the FIDO Alliance

Passwords are the bane of our modern existence. A necessary evil.

To do anything meaningful online (besides reading this superb article), you need to login or identify yourself against the service. Usually, this is done by a username (email or an identity number most likely) and a password. That password part is a challenge:

  • It needs to be something you remember (=know)
  • But you can’t use it on more than one site. If you do, and that site is hacked, then your data on other sites is going to be exposed
  • And that password needs to be non-simple. So it can’t be easily guessed
  • So 8 characters or more. Upper and lower case. A digit or two or three please. Maybe a special character to boot
  • Oh – and please change it every 3 or 6 months because… security

I use a password manager to handle my online life. My wife uses the “forgot my password” link all the time to get the same results.

It seems that whatever was tried in the passwords industry has failed in one way or another. Getting people house trained on good password practices is just too damn hard and bound to failure (just like trying to explain to people not to throw facial tissue down the toilet).

Experts have since pushing for a security model that authenticates a user with multiple “things”:

  1. Something you know (=password)
  2. Something you own (=smartphone or security key)
  3. Something you are (=biometrics)

Smartphones today are something you own and they offer something you are by having fingerprint ID and face ID solutions baked into them. That last piece is the password.

Enter FIDO.

FIDO stands for Fast IDentity Online.

Here’s the main marketing spiel of the FIDO Alliance:

The FIDO Alliance seems to have more members than it has views on that YouTube video (seriously).

By their own words:

The FIDO Alliance is working to change the nature of authentication with open standards that are more secure than passwords and SMS OTPs, simpler for consumers to use, and easier for service providers to deploy and manage.


  • Open standards
  • More secure than passwords and SMS OTPs
  • Simpler for consumers to use
  • Easier to deploy and manage

What more can you ask for?

Well… for this standard to succeed.

And here is what brought me to write this article. The recent announcement from earlier this month – Apple, Google and Microsoft all committing to the FIDO standard. They are already part of FIDO, but now it is about offering easier mechanisms to remove the need for a password altogether.

If you are reading this, then you are doing that in front of an Apple device (iPhone, iPad or MacOS), a Google one (Android or Chrome OS) or a Microsoft one (Windows). There are stragglers using Linux or others, but these are tech-savvy enough to use passwords anyways.

These devices are more and more active as both something you own and something you are. My two recent laptops offer fingerprint biometric identification and most (all?) smartphones today offer the same or better approaches as well.

I long waited for Google and Apple to open up their authentication mechanisms in Android and iOS to let developers use it the same way end users use it to access Google and Apple services – when I login to any Google connected site anywhere, my smartphone asks me if that was me.

And now it seems to be here. From the press release itself:

Today’s announcement extends these platform implementations to give users two new capabilities for more seamless and secure passwordless sign-ins: 

1. Allow users to automatically access their FIDO sign-in credentials (referred to by some as a “passkey”) on many of their devices, even new ones, without having to re-enroll every account. 

2. Enable users to use FIDO authentication on their mobile device to sign in to an app or website on a nearby device, regardless of the OS platform or browser they are running.

So… no need for passwords. And no need for 2FA. Or OTP.

FIDO is going to end the farce of using 2FA and OTP technologies.

2FA: a CPaaS milking cow

2FA stands for Two Factor Authentication while OTP stands for One Time Password.

With 2FA, you enter your credentials and then receive an SMS or email (or more recently Whatsapp message) with a number. You have to paste that number on the web page or app to login. This adds the something you own part to the security mechanism.

OTP is used to remove the password altogether. Tell us your email and we will send you a one time password over SMS (or email), usually a few digits, and you use that to login for just this once.

2FA, OTP… the ugly truth is that it is nagging as hell to everyone. Not only users but also application developers. The devil is always in the details with these things:

  • How do you send an SMS message?
  • What happens if the SMS or email isn’t received? Is there a retry mechanism?
  • Can the user complain if it doesn’t work to get things resolved?
  • Who takes care of internationalization of these messages?

The list goes on. So CPaaS vendors have gone ahead and incorporated 2FA specific solutions into their bag of services. Twilio even acquired Authy in 2015, a customer, just to have that in their offerings at the time.

The great thing about 2FA (for CPaaS vendors), is that the more people engage with the digital world, the more they will end up with a 2FA or OTP SMS message. And each such message is a minor goldmine: A single SMS on Twilio in the US costs $0.0075 to send. A 2FA transaction will cost an additional $0.09 on top of it.

Yes. 2FA services bring great value. And they are tricky to implement and maintain properly at scale. So the price can be explained. But… what if we didn’t really need 2FA at all?

The death of 2FA

Putting one and one together:

Apple, Google and Microsoft committing to FIDO and banishing passwords by making their devices take care of something you know, something you own AND something you are means that users will not need to identify themselves in front of services using passwords AND they won’t be needing OTP or 2FA either.

The solution ends up being simpler for the user AND simpler for the service provider.

Win Win.

Unless you are a CPaaS vendor who makes revenue from 2FA. Then it is pure loss.

What alternatives can CPaaS vendors offer?

At first step, the “migration” from “legacy” 2FA and OTP towards Apple/Google’s new and upcoming FIDO solution. Maybe a unified API on top of Apple and Google, but that’s a stretch. I can’t see such APIs costing $0.09 per authentication. Especially if Apple and Google do a good job at the developer tooling level for this.

* I removed Microsoft closer to the end here because they are less important for this to succeed. They are significant if this does succeed in making it even simpler on laptops so one won’t have to reach for his phone to login when on a laptop.

The future of CPaaS

5 years ago, back in that 2017 article, I ended it with these words:

Goodbye SMS, It’s Time for Us to Move On

Don’t be fooled by the growth of 2FA and application-to-person (A2P) type messages over SMS. This will have a short lifespan of a few years. But five to 10 years from now? It will just be a service sitting next to my imaginary fax machine.

We’re 5 years in and the replacements of SMS are here already.

  • Social truly is starting to replace SMS notifications with long lived conversations, augmented with the surge of chatbots everywhere
  • 2FA and OTP are now threatened by FIDO to be replaced simply by the fact that you own a smartphone

All that revenue coming to CPaaS from SMS is going to go elsewhere. Social omnichannel introduced by CPaaS vendors will replace that first chunk of revenue, but what will replace the 2FA and OTP? Can CPaaS vendors rely on FIDO and build their own business logic on top and around it for their customers?

It seems to me revenue will need to be found elsewhere.

Interested in learning more about the future of CPaaS? Check out my ebook on the topic (relevant today as it was at the time of writing it).

Download my CPaaS in 2020 ebook

The post FIDO Alliance and the end of 2FA revenue to CPaaS vendors appeared first on

WebRTC video calling table stakes

Mon, 04/04/2022 - 12:30

What was nice to have is now becoming mandatory in WebRTC video calling applications. This includes background blurring, but also a lot of other features as well.

Do you remember that time not long ago that 16 participants on a call was the highest number that product managers asked for? Well… we’re not there anymore. In many cases, the number has grown. First to 49. Then to a lot more, with nuances on what exactly does it mean to have larger calls. We now see anywhere between 100 to 10,000 to be considered a “meeting”.

I’ve been talking and mentioning table stakes for quite some time – during my workshops, on my messages on LinkedIn, in WebRTC Insights. It was time I sat down to write it on my blog

Table of contents WebRTC table stakes

This isn’t really about WebRTC, but rather what users now expect from WebRTC applications. These expectations are in many cases table stakes – features that are almost mandatory in order to be even considered as a relevant vendor in the selection process.

What you’ll see here is almost the new shopping list. Since users are different, markets are different, scenarios are different and requirements vary – you may not need all of them in your application. That said, I suggest you take a good look at them, decide which ones you need tomorrow, which you don’t need and which you have to get done yesterday.

Background blurring/replacement

Obvious. I have a background replacement. I never use it in my own calls. Because… well… I like my background. Or more accurately – I like showing my environment to people. It gives context and I think makes me more human.

This isn’t to say people shouldn’t use background replacement or that I’ll hate them for doing that – just that for me, and my background – I like keeping the original.

Others, though, want to replace their background. Sometimes because they don’t have a proper place where the background isn’t cluttered or “noisy”. Or because they just want to have fun with it.

Whatever the reason is, background blurring and replacement are now table stakes – if your app doesn’t have it, then the app that does in your market will be more interesting and relevant to the buyers.

Here’s how I see the development of the requirements here:

  • Figure out where a user is. Here, you can even implement an auto zoom capability (many skip this, though this can be quite useful as well)
  • Then focus on background blurring. It is the most tolerant of the alternatives
  • Move on to background replacement. Replace the background with a static image
  • Go for video backgrounds, where the user can replace the background with something moving
  • Think of “teleporting” the user after you’ve cut him away from his background to place him directly on a slide deck or in a virtual environment
Video lighting

If I recall correctly, Google Meet started with this feature, and since then it started cropping into other meeting solutions. We all use webcams, but none of us has good lighting. It might be a window behind (or in my case to the side), the weather out the window, the hour in the day, or just poor lighting in the room.

While this can be fixed, it isn’t. Much like the cluttered room, the understanding is that humans are lazy or just not up to the task of understanding what to do to improve video lighting on their own. And just like background removal, we can employ machine learning to improve lighting on a video stream.

Noise suppression/cancellation

I started using this stock image when I started doing virtual workshops. It is how I like to think of my nice neighbor (truth be told – he really is nice). It just seems that every time I sit down for an important meeting, he’d be on one of his renovation sprees.

The environment in which we’re conducting our calls is “polluted” with sounds. My mornings are full with lawn mower noises from the park below my apartment building. The rest of my days from the other family members in my apartment and by my friendly neighbor. For others, it is the classic dog barking and traffic noises.

Same as with video, since we’re now doing these sessions from everywhere at any time, it is becoming more important than ever to have this capability built into the service used.

Some services today offer the ability to suppress and cancel different types of noises. You don’t have the control over what to suppress, but rather get an on/off switch.

Four important things here:

  1. What noises are suppressed isn’t obvious. Each vendor picks and chooses what seems fit to his use case
  2. This can be implemented either on the sender side or on the receiver side or both
  3. It can be implemented on the device or in the cloud. Google Meet for example does that in the cloud while many others do it on the device
  4. Unlike the video features we’ve seen before, here as the sender, you can’t really hear what’s being suppressed of your end of the call…

And last but not least, this is a kind of a feature that can also be implemented directly by the microphone, CPU or operating system. Apple tried that recently in iOS and then reverted back.

Speech to text

Up until now, we’ve discussed capabilities that necessitated media processing and machine learning. Speech to text is different.

For several years now we’ve been hammered around speech to text and text to speech. The discussion was usually around the accuracy of the algorithms for speech to text and the speed at which they did their work.

It now seems that many services are starting to offer speech to text and its derivatives baked directly into their user experience. There are several benefits of investing in this direction:

  • Switching to text enables us to process the meeting for its meaning. Usually in the form of extracting meeting minutes and action items
  • Speech to text means we can get a transcript of a meeting, making it searchable
  • Accessibility – doing so in real-time, means we can transcribe the meeting to the participants, assisting them with noisy environments of other participants or simply with understanding accents – my company, testRTC, was acquired by Spearline, an Irish vendor – I am just getting used to understanding their accent
  • This is a step necessary for translation

The challenges with speech to text is first on how to pass the media stream to the speech to text algorithm – not a trivial task in many cases; and later, picking a service that would yield the desired results. 

WebRTC meeting size

It used to be 9 tiles. Then when the pandemic hit, everyone scrambled to do 49 gallery view. I think that requirement has become less of an issue, while at the same time we see a push towards a greater number of participants in sessions.

How does that work exactly?

  • The assumption that everyone is seen, needs to be seen or wants to be seen is not realistic in many scenarios
  • Meetings are mostly asymmetric in nature. Not everyone has the same level of participation, and oftentimes, we aren’t aware of this in advance
  • Quarantines and later remote work got us to the point where a lot more media streams join a meeting:

If in the past we had a few meeting rooms joining in to a meeting, with a few people seated in each room, now most of the time, we will have these people join in remotely from different locations. The number of people stayed the same, yet the number of media streams grew.

We’re also looking to get into more complex scenarios, such as large scale virtual events and webinars. And we want to make these more interactive. This pushes the boundary of a meeting size from hundreds of participants to thousands of participants.

This requirement means we need to put more effort into implementing optimizations in our WebRTC architecture and to employ capabilities that offer greater flexibility from our media servers and client code.

Getting there requires WebAssembly and constant optimization

These new requirements and capabilities are becoming table stakes. Implementing them has its set of nuances, and each of these features is also eating up on our CPU and memory budget.

It used to be that we had to focus on the new shiny toys. Adding new cool features and making them available on the latest and greatest devices. Now it seems that we’re in need of pushing these capabilities into ever lower performing devices:

  • Older PCs and laptops, to deal with the majority of the population and not only early adopters and tech savvy users
  • Plethora of peripherals – headsets, mics, speakers and webcams – all with their own quirks and proprietary features (echo canceling, latency inducing bluetooth headsets anyone?)

So we now have less capable devices who need more features to work well, requiring us to reduce our CPU requirements to serve them. And did I mention most of these new table stakes need machine learning?

The tool available to us for all this is WebAssembly on the browser side. This enables us to run code faster in the browser and implement algorithms that would be impossible to achieve using Javascript.

It also means we need to constantly optimize the implementation, improving performance to make room for more of these algorithms to run.

10 years into WebRTC and 2 years into the pandemic, we’re only just scratching the surface of what is needed. How are you planning to deal with these new table stakes?

The post WebRTC video calling table stakes appeared first on

3 advantages of Anycast in WebRTC you didn’t know about

Mon, 03/14/2022 - 12:30

Anycast enables WebRTC services to better manage and optimize global deployments at scale.

In 2021 we’ve started seeing a new technology finding its way more and more into WebRTC applications: Anycast. Unlike other shiny new toys, Anycast isn’t shiny and it isn’t new. In fact, it has been defined in the previous millenia, before the era of the smartphone.

I’ve been “doing” VoIP for over 20 years now, but wasn’t really aware of Anycast. I dug a bit around, and ended up sitting with William King, CTO & Co-founder of Subspace, to learn more about AnyCast and its use with WebRTC.

Here’s what I learned about how WebRTC developers can and are using Anycast – and how it can assist them in their own deployments.

Table of contents What is Anycast anyway?

For someone sitting in the clouds today, the lowest level of networking you can think of is the IP level (I am told there are lower levels, but for me IP is low enough).

At that level, if one machine wants to reach another, it needs to use its IP address as the destination. In most cases, and at least in 99% of all of the things I’ve implemented myself as a developer, you do this using what is known as Unicast:

With Unicast, each device on the network has its own unique IP address that I can use to reach it directly (and yes, I am ignoring here the distinction between local networks and public networks and how they handle it). The key thing here is that an IP address is associated with one device only, so as the illustration above shows, when the red device wants to send a message to the green device, it can send it to him via Unicast simply by stating the green device’s IP address as the destination.

Anycast is different. With Anycast, multiple devices on the network can have the same IP address associated with them. The end result is more akin to this:

In the illustration above we have 3 different green devices with the same IP address. When the red device wants to send a message to their IP address, it doesn’t really know which one will be receiving his message – just that it is somehow going to be routed to one of them. Which one? The “closest” one usually, whatever that means.

What does that mean exactly?

Here’s how Wikipedia explains it (the illustrations above are rough sketches I did based on the ones I found on their page explaining Anycast):

Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices (generally servers) in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and DNS hosts, to bring their content closer to end users.

Lets emphasize this with colors, so we focus on the important bits –

  1. We get a single IP address that can be shared between multiple devices in different locations
  2. When we send a message to that IP address, it will get routed to the nearest device
  3. The decision is done lower in the network layers
  4. It is popular with CDNs and DNS hosts

Anycast is something that is being widely used today, just not in VoIP or WebRTC.

The main purpose of Anycast at the end of the day is to provide high availability for stateless services.

  • Why high availability? Because we have multiple devices with the same IP address. If one goes down, messages get routed to other servers. Magically.
  • For stateless services? Since we don’t know and can’t guarantee which device each message is going to be routed to, it is simpler to use it for stateless services.
Challenges of using Anycast in WebRTC

The best thing you can do with Anycast is to deal with single request-response pairs – stateless.

Why? You send out your request (for example to translate a DNS name to an IP address; or for that next chunk of a Netflix episode you’re watching), and the server (device) you reach on the network sends you that response.

Looking for the next chunk in the Netflix episode or need another DNS name translation? Easy – send another request, and the same or another server with the same Anycast IP address will respond.

Enter WebRTC.

A world where everything and anything is stateful.

There’s signaling. With its connection state machine, ICE negotiation state machine (see? State Machine hints of this not being stateless) and application logic on top.

Then there are TURN servers and media servers. All of them need to understand the state and manage incoming media flow that is both stateful and real time.

This makes utilizing Anycast in WebRTC quite a challenge.

While we’d like to enjoy Anycast’s obvious advantage of high availability (and a few other advantages it gives), in order to do so, we need to overcome the statefulness challenge first.

The simplest link in WebRTC is the TURN server. While stateful, its job is rather simple – routing data between peers without much thought. This makes TURN servers the best candidate for infrastructure optimizations using Anycast.

Lets see what advantages Anycast TURN infrastructure can give WebRTC applications.

3 advantages of Anycast for WebRTC

Once you get down to it, deploying TURN servers and maybe even media servers using Anycast can give some interesting benefits to your infrastructure.

Here are the main advantages – ones that are going to define how WebRTC infrastructure will be designed and deployed in the coming years.

#1 – Better geolocation

When a user connects your WebRTC application, your best bet is to make sure the user is as close to your infrastructure as possible. The fastest you put him on a TURN or a media server, the better media quality you can expect.

Why? Simple. Because from that server the user connected to – you control and own the media flow of the server. And if you control and own it you can make it better. But that part of the journey the media does from the user to your first server? That’s something you don’t control and own so your ability to improve quality there is lower.

This is why whenever a user joins, you are likely to start doing some geolocation, trying to figure out where the user is coming from in order to allocate for him your “closest” TURN or media server.

That process is done usually by looking at the origin IP address and then using a third party service to indicate the location of that IP address – or by DNS geolocation – letting a DNS server do that for us somehow. When we leave it to the DNS, then we are at the mercy of the DNS service hosting. It works, but not always. And it is also somewhat slow to update.

Remember that time you changed the DNS configuration of your WordPress server? Were you told it can take a few hours to “propagate”? Well… that’s exactly the problem you might be facing in getting routes updated when using DNS geolocation.

With Anycast, geolocation takes place at the BGP level. Don’t ask me what that is exactly, but it means two things for us:

  1. Changes and updates propagate faster. I was told by Subspace that their network fully updates within 30 seconds of a change taking place
  2. You (our the one providing you WebRTC servers with Anycast) are in control and ownership of these routes and their optimization.

That second point is a big difference. DNS servers have different “job to be done” than WebRTC Anycast services. The latter focuses on real time delivery and on better and more optimized geolocation as an extension of it. So you can expect better results overall, especially on a global scale.

#2 – Higher resiliency (and security)

To operate an Anycast service requires solving the statelessness challenge it when it comes to WebRTC. Once that is solved, we gain the benefit of having our data routed through the closest server over the IP layer.

If the physical server we’re working in front of goes down, then Anycast will reroute future traffic through other servers with the same IP address. And that gives us a natural resiliency.

Furthermore, assume I am an “adversary” that wants to take down your service or disrupt it.

I can check the IP addresses you are using and map your servers. I can then commence with a DDoS attack to flood one or more of your servers via these IP addresses.

If that IP address belongs to a specific server, it will require a relatively small amount of traffic to bring that server down to its knees. But if that IP address belongs to multiple servers via Anycast, then flooding that IP address means trying to flood the whole network and not a specific server – a much harder task to achieve.

Resiliency comes built-in with Anycast.

#3 – Ease of configuration

The ease of configuration is something you get from the first two advantages.

Once we’re using Anycast, then there are a few things that make our lives easier:

  • The whole GeoDNS operations we’re doing is done on a lower level for us via Anycast, and the higher application layers can remain uninvolved
  • If a routing change is needed, then the change takes effect a lot faster, giving us better feedback loops of the changes we’re making
  • With a single IP address we can have less addresses given to customers who need to configure their firewalls accordingly – our list of IPs are simpler and shorter
  • Since we are more resilient by design, then decommissioning servers, upgrading them, replacing them or whatever – is easier to deal with, since existing traffic is less affected
Is Anycast in the future of WebRTC?

Anycast is where much of the future of WebRTC services lies.

We are shifting our focus on how to optimize and maintain WebRTC infrastructure at scale. Last year it was all about getting to that 49-grid gallery view. This year it is a lot more nuanced. It is mostly about scale, performance and global reach as far as I can tell.

Anycast can play a vital role in that area and in how services can improve their performance and perceived quality for their users.

The post 3 advantages of Anycast in WebRTC you didn’t know about appeared first on

RTC@Scale summary and insights

Mon, 03/07/2022 - 12:30

RTC@Scale was Facebook’s virtual WebRTC event, covering current and future topics. Here’s the summary so you can pick and choose the relevant ones for you.

WebRTC Insights is a subscription service I have been running with Philipp Hancke for over a year now. The purpose of it is to make it easier for developers to get a grip of WebRTC and all of the changes happening in the code and browsers – to keep you up to date so you can focus on what you need to do best – build awesome applications.

We got into a kind of a flow:

  • Once every two weeks we finalize and publish a newsletter issue
  • Once a month we record a video summarizing libwebrtc release notes

It is fun to do and the feedback we’re getting is positive.

That said, being us, means that we can’t really sit still… or in this case – Philipp…

We published this on Monday the week after the event took place to our WebRTC Insights clients, and now, we’re opening it up for everyone as well.

Table of contents Why an RTC@Scale summary?

Philipp decided it would make sense to summarize the recent RTC@Scale “recruiting event” that Facebook did – the RSVP was explicitly asking for consent to be contacted. The technical depth of the talks was amazing so we’ve added an “out of order” issue for you, just for this

The intent is for you to *not* spend 5 hours but rather to focus on the select sessions that are relevant for you.

The event setup was simple:


Real-time Communication for Today and Future Experiences / Maher Saba @ Meta

  • Product-focused, make your product managers watch
  • Now this is a good recruiting pitch with all the fancy things you could work on!
  • One wonders if you will get interviewed on a VR whiteboard when applying…

Panel: RTC in the Metaverse / Sriram Srinivasan, Mike Arcuri, Paul Boustead, and Cullen Jennings

  • Product-oriented, a lot of talking. Watch with a glass of wine
  • 40 minutes felt too long
  • The question everyone avoids is “what is Fortnite doing?”

These sessions focus on roadmap and far future views. We’d rather have a bit more on the here and now and the immediate future requirements than what would happen in 3, 5 or 10 years time, but hey – they are recruiting

Holographic Video Calling / Nitin Garg @ Meta

  • What will the technology stack for holographic video calling look like?
  • This is 5+ years into the future?
    • Encoding a single frame takes 30s currently (on i7 laptop)
    • It needs to be ~3ms to be really interesting
  • Comments on BWE, delay, rate control and FEC are relevant today
    • “Typical” behavior of BWE @ 2930s looks far too unstable
  • Holographic video calling is a nice topic, but niche at the moment. There are a lot more pressing aspects of scale that needs to be dealt with first

Spatial Communications at Scale in Virtual Environments / Paul Boustead @ Dolby

  • Spatial audio in virtual worlds
    • Experience of rotating your head is important
    • Render loudest 3 streams is what WebRTC does by default
  • P2P vs forward vs mixing
    • Server side mixing with HRTF (Head Related Transfer Function) vs multichannel spatial codec
    • The bigger the group, the more sense it would make to switch  to spatial mixing of audio (assuming you’re into spatial audio)
  • Audio chain considerations
    • Watch this part for generally useful considerations

RTC3 / Justin Uberti @ Clubhouse

  • Great separation into phases, make product manager(s) watch
    • Interesting that he classifies 2010-2019 as mobile-driven and 2020+ as meeting-driven. “meetings usage eclipses call usage”
  • Reliability may be the expectation but who is working on that?
  • There is a lot to be desired on audio, where WebRTC has (is?) been neglected
  • WebRTC for music – Who remembers his 2013 Google IO session?
  • Speech to text is becoming a table stakes feature
  • We need a better mute button
    • But we taught people to mute when not speaking for a decade now…
  • Group communication and SFUs
    • Building a good SFU is still hard, value in e2e stack. Who owns that stack? For the client side that is still Google
    • Justin mentions Agora and Twilio in PaaS and large group calls. Twilio is limited at 50 users; there are others with better group calling solutions (Look at Vonage and Daily for example)
    • The WebRTC WATCHLISTS file is a really dumb metric to gauge vendors
  • Unifying RTC and HTTP/QUIC worlds
    • How the RTC congestion controller gets along with the QUIC one is unsolved
    • Also read here for more thoughts on QUIC and RTC
  • Unrelated to the content itself – smart cameras with auto zoom can be super annoying
  • Most of this session was focused on the history of WebRTC and the requirements of Clubhouse (audio-only). While we believe audio is important, video can’t be neglected either

Live QA

  • Watch if you found the sessions worthwhile
  • Justin Uberti does not wear the same clothes as in the recorded talk, breaking immersion!

Audio ML is quite interesting. Large vendors are at it, and when (if?) the results will trickle into vanilla WebRTC is yet to be seen. Key takeaway: ML-based noise suppression is more important than echo cancellation these days.

Developing Machine Learning Based Speech Enhancement Models for Teams and Skype / Ross Cutler @ Microsoft

  • Watch if you care about audio quality but very technical (and scientific)
  • Specific “what could have been better” questions can turn the common (and somewhat useless) five star rating” into something that is actually actionable
  • Audio capture pipeline enhancements for noise suppression
    • Lots of almost-scientific evaluation
    • CPU perf evaluation followed by A/B testing in the fields
  • Audio capture pipeline enhancements for combined AEC/NS
    • No A/B testing results sadly
  • Packet loss concealment

Can AI Disrupt Speech Compression? / Jan Skoglund @ Google

  • Watch if you want to learn more about audio codecs
  • Use-case is 2G/3G connections and limited data plans
  • WaveNet sounds drunk with background noise or music
  • Lyra and SoundStream
    • Realtime performance on a smartphone CPU
  • Lots of listening comparisons
  • Combine denoiser and codec
  • Guess what kind of music he plays

Live QA

  • Watch if you found the sessions worthwhile

AV1 is coming. It will take time to be here. To get a grip over it and see what companies are doing, we got Google and Visionular.

Google is what goes inside WebRTC. Visionular is what you can buy commercially on the market for server or proprietary implementations.

Your focus should probably be in low bitrates and slide sharing scenarios.

AV1 Encoder for RTC / Marco Paniconi @ Google

  • Watch many times if you are a video expert. Otherwise just read this summary
  • RTC requirements differ from “encode a video”. Encoding screen share? We got you!
  • There is a “webrtc team” they are working with?
    • Ah, the one that maintains apprtc… which is down. Yes there is a deployment guide but… can you click the link? No…. (we’re still frustrated like many at taking down with no public explanation and so surprisingly)
    • AV1X” is gone as of M96. See PSA. Missing from the release notes of course!
  • Unsurprisingly Duo and Meet are the use-cases driving this
    • Make sure to review the BW reqs on that slide
  • AV1 is being tested in Meet for screen share? We will monitor!
    • AV1 has a special mode for screen sharing
  • SVC is there but the WebRTC-SVC API to enable it is not making much progress

AV1 for RTC: Current and Future / Zoe Liu  @ Visionular

  • Easier to follow than Marco due to being a more sales-y deck
  • Watch if you are considering licensing what Visionular oes
  • A bit long for a sales deck
  • Lots of numbers, great if you understand those
  • apprtcmobile is … well, the state of that is unclear

Live QA

  • Watch if you found the sessions worthwhile
  • AV1 in Duo was low-bitrates, low resolutions. Tsahi predicted this would be the roll-out pattern
  • No, SVC is not there yet (as an API). Unless it is enabled by SDP munging too…?

We found this part to be most applicable to current problems. This is where you should be spending your time and focus right now

Making Meta RTC Audio More Resilient / Andy Yang @ Meta

  • Highly applicable to WebRTC today. A primer on audio resilience, watch!
  • The presentation style is a very welcome change, giving a roadmap!
    • As developers explaining the impact of your work is important
  • Excellent of common audio problems resulting from packet loss and jitter
  • Great comparison between NACK, opus FEC and RED
    • …and how the mechanisms work in detail
    • NACK for audio is a nonstandard feature. See here
    • Note that opus in-band FEC has reduced quality and that “no additional bitrate overhead for FEC” is not a good idea while video is active.
      • Good explanation of the downside of in-band FEC for the SFU (removing FEC is possible but nontrivial)
      • The other main problem with in-band FEC is the lack of a control surface
    • Duplication adapting to bursty loss is theoretically interesting
    • SFUs adaptation of RED was brought up by Jitsi’s Boris on WebRTCHacks
    • Bandwidth adaptation of RED in libwebrtc/chrome is not solved yet
  • Resiliency recap
    • This is a great slide but WebRTC support for “duplication” is wrong, it was there and is available in Chrome as of M96
    • Overprotection is a problem, RED+fec makes no sense
    • Here’s how we’d summarize these techniques:
  • Resiliency vs delay
    • Classic E-model diagram
    • Great latency analysis of the stack with breakdown of the budget
    • A rare NetEQ and jitter buffer explanation. NetEQ remains relevant a decade after the GIPS acquisition
    • Note that there is no RTX for audio so the packet may be treated as “just” late (a plain resend). This is a major issue for video where rtx is used most of  the time to avoid this problem. Do we need RTX for audio? Maybe…
    • NACK and retransmissions will increase the jitter buffer delay otherwise?
    • WebRTC in the browser does offer a very limited control surface for this kind of experimentation… but it is clearly necessary
  • Technical metrics vs actual user perception
    • Measuring technical metrics (see e.g. RED post on hacks) is easy
    • Actual perception is hard
    • A very open problem indeed!
  • Summary – rewind, watch!
    • We want to know your story, tell our recruiter. Great pitch!

Private Calling at WhatsApp / Xi Deng @ Meta

  • Again, giving a roadmap and mission statement is great!
  • 15 billion minutes talking on whatsapp each day…
    • Remember the 2018 “3 billion monthly” for Chrome?
    • One wonders how they compare to the largest telcos in the world
  • Great definition of “privacy” when it comes to calling. Metadata? Such a pun!
  • Interesting threat scenario
    • “no trust to faceless corporations” (how meta can Meta be?)
    • Do not leak location (or IP) to strangers. Zoom auto accept anyone?
    • Multi-device messaging and calling is a hard problem
  • Conflict for using data to improve service
    • What metrics are sensitive and which ones can you use to improve?
  • Private 1:1 calls
    • Pass-through servers seem like a relic of Whatsapp starting with XMPP as a protocol back in the day
    • Multi-device diverges from modern XMPP though
    • See also later slide on challenges of client-centric multi device
  • Decoupled relay server
    • The Whatsapp stack seems still different from the Messenger one and not using “standard” terminology even
    • Electing a common relay server seems wrong. ICE does not require that
    • Whatsapp seems to use a relay-first approach with opportunistic P2P4121
    • Disabling P2P for “strangers” is a very good practice
  • E2EE for media content
    • SRTP RFC 3711 does not provide E2EE. “master secret” is a very specific SRTP term. This is equivalent to SDES (boo) but is protected by E2EE (using the Signal protocol) which makes it ok-ish…
    • Having to generate different master secrets for different devices seems bad compared to DTLS-SRTP
    • It is concerning that Whatsapp continues to use SDES effectively and does not consider DTLS-SRTP (with its small setup latency) to be a solution
    • Identity is already a problem for chat messages. One wonders what percentage of sessions have a verified identity
  • Audio-video switch
    • A classic example of signaling glare
    • Unclear why a distributed consent algorithm is needed
    • The use-case for “oh my phone is an actual phone and can not do video” is shrinking
  • Multiparty
    • In XMPP terms the “group call storage” would be a MUC room
    • Selecting the best SFU makes more sense here than for relay servers
    • Warp protocol might be a frame header in the RTP payload before the actual codec payload
    • Unclear why the “master secret” which is a SRTP term (and hence on the leg between client and SFU) needs to change when participants join or leave
  • Recruiting pitch at the end too!

Group Call End-to-End Encryption and the Challenges of Encrypting Large Calls / Abo-Talib Mahfoodh @ Meta

  • Highly relevant if you are looking at E2EE for WebRTC
  • And another session with a mission and roadmap!
  • Recap of the SFU architecture and what it means for encryption
  • Where does frame encryption happen in the client pipeline
    • libwebrtc provides the FrameEncryptorInterface and FrameDecryptorInterface since 2018 but no implementations. Insertable Streams could not reuse those sync interfaces
  • Key negotiation
    • Sender key vs session key approaches
    • Session key is weaker than E2EE and only protects from the SFU which is still relevant in some use-cases
    • Note that the sender key is symmetric and all receivers must know it to decrypt, but they could encrypt with it. This is not a problem since the receivers can not send media with the SSRCs of the sender so impersonation is not possible
    • Joining the call requires a ratchet operation (which is cheap)
    • Someone leaving the call requires a rekey which is O(n^2) so expensive
  • Scaling group call E2EE
    • How large do you need to scale at? A meeting with 100 participants is not “private” so session keys might be more appropriate
    • Prioritizing key exchange based on whether you are planning to send becomes important
    • Rekey is expensive and larger calls have a higher participant churn making this a hard problem. A small time window to batch this operation helps
    • Failure to deliver rekey messages is odd, signaling has to be reliable or something is wrong with your overall system
  • No recruiting pitch?!

Live QA

Want to try out WebRTC Insights?

What you are seeing here isn’t the run of the mill issue of a WebRTC insights newsletter. It wasn’t even intended. But it does show the effort and focus we put on everything WebRTC for our clients. Watching a five hour event twice and producing actionable notes is not an easy task. It changed our weekend plans but we ended up being very satisfied with the results if only for our own notes.

If your company is relying heavily on WebRTC, then you should at the very least try this out. Reach out to me via the form at the end of the WebRTC Insights landing page and I’ll send you a sample issue.

The post RTC@Scale summary and insights appeared first on

WebRTC,, 2022 & 10 years of blogging

Mon, 02/21/2022 - 13:00

How time flies when you’re having fun… For me the definition of fun was starting, deciding to write about WebRTC for the first time and having 10 years fly by.

I had a few updates to write with no specific theme to them. Mostly about things just completed and a few upcoming projects and events. Then it dawned on me that I’ve been at it for a bit over 10 years now (!)

On January 5, 2012 I published the first post on this blog. I just left RADVISION for Amdocs, and wanted to have a place of my own out there that won’t be controlled by any vendor. So I started I didn’t know what I was going to write about, but I did know it will include some 3-4 posts about WebRTC before I move on to other technical issues.

That first WebRTC post? Got published on March 8, 2012. It was about what’s WebRTC. Fast forward 10 years later, and more people today know than know me as Tsahi. And in many ways, is synonymous with WebRTC articles. Not what I had in mind when I started, but I am definitely happy with where it led me.

Anyways, here are a few updates on my ongoing projects, as well as where to find me.

Free eBook: WebRTC for Business People

Earlier this month, I updated my WebRTC for Business People ebook.

Its last update took place in 2019, before the pandemic, so it really needed to get up to speed with where we are now. I worked on this update in the last couple of months, updating much of the content and replacing many of the showcased vendors.

I’d like to thank Daily for picking up the sponsorship for this work. They’re one of the fascinating CPaaS vendors out there innovating in the domain of UX/UI.

Download the WebRTC for Business People ebook for free

WebRTC Trends for 2022

I just finished my WebRTC Trends for 2022 workshop. Did it twice in parallel to accommodate different time zones and had a goodly sized audience joining live to the 6 hours in total.

During the workshop we went through many topics. I tried covering everything I think is relevant for 2022 when it comes to WebRTC, so that you can prepare properly.

  • If you missed this, you can now enroll to it as a course and access the recorded content
  • If you want this as a private session in your company, contact me
WebRTC Training Courses

The Advanced WebRTC Architecture course is due for another update.

The above image indicates the numbers for the course at the moment.

Around 15-20 lessons are going to be updated and recorded again – to make sure content is relevant and fresh.

One of the lessons will be dropped with 2-3 new lessons being added.

Until I finish all that work, I am announcing a 10% discount on all courses, ebooks and workshops on my website. Just use the coupon code 10YEARS.

If you enroll in the courses now, you’ll have a 1-year access to them which will include all of the upcoming updates.

WebRTC Insights

Philipp Hancke is running the WebRTC Insights with me. This is fun to do, especially with a good friend and partner. We’ve grown the offering in the last few months, adding video release notes interpretation for WebRTC, color coding for issues, etc.

This weekend we worked on getting our subscribers a detailed summary of Facebook’s RTC@Scale event – so they can focus on what they find relevant in the 5-hour event.

We’ve celebrated a year of WebRTC Insights recently – if you’d like to join our service for the coming year and be updated on everything technical (and non-technical) about WebRTC just let us know.

Enterprise Connect 2022: Here I come!

After two years at home, it is time to pack a bag for the first time and see a plane from the inside.

I will be at Enterprise Connect 2022, taking place in March in Orlando. This will also be my first opportunity to see in real life (!) the people from Spearline who acquired my company, testRTC. I’ll be going there to represent Spearline and showcase testRTC to whoever wants to listen.

If you are there – let me know – I’ll be happy to meet you as well.

Kranky Geek Virtual 2022 Spring

We’re going to have another Kranky Geek event. We plan to have it in April 2022.

At the moment, we’re working on the sponsors and speakers list. If you’re one of those – let me know (we keep a tight ship, so I can’t promise anything).

Here’s for the next 10 years

The last 10 years have been fun. I am actively thinking of what will happen with WebRTC and communications in the coming years. There are some trends that are just around the corner while others are more long term in their nature (web3 anyone?).

Here’s to seeing you in virtual and in person during 2022 and beyond

The post WebRTC,, 2022 & 10 years of blogging appeared first on

WebRTC Trends for 2022: Proprietary & differentiation are back

Mon, 12/13/2021 - 12:30

A look at WebRTC trends and what is in store in 2022, especially now, as the market is heating up and differentiation and proprietary are again.

We started this year with my WebRTC trends for 2021, so it is time to conclude the year (stating that I was generally spot on), and look at what 2022 is bringing us. In many ways, 2022 is a continuation of what we had in 2021 with some interesting nuances.

My main worry is that a war is brewing. On one hand, Google is leading WebRTC, but probably not seeing enough value out of it as a big corporation. On the other hand, much of the rest of the industry is frustrated at what is taking place with the main WebRTC library – libwebrtc – that is maintained, controlled and owned by Google. This is leading to many different forks along with discussions and attempts to find a better structural solution to this big initiative called WebRTC.

A lot of this is trickled throughout the year as part of the WebRTC Insights service that I am running along with Philipp Hancke.

I can ramble on in this overview, but it is best to just… start running with it.

Table of contents WebRTC’s differentiation era

Two years ago we shifted gears, moving from the Growth era in WebRTC to the WebRTC Differentiation era. I discussed that at length earlier this year, when I explained how WebRTC differentiation manifests itself.

It started with Google splitting up their WebRTC development efforts, making decisions on what to place in libwebrtc, their open source implementation of WebRTC, and what to implement outside of it. The verdict came in a way that any machine learning algorithm that can be kept outside of WebRTC – will be.

Other large vendors understandably followed suit.

Peak WebRTC

Have we reached peak WebRTC?

Philipp made me aware of the Chrome Platform Status website and the many statistics you can find there. It makes it possible to track how many page loads include certain API calls, with many of these relating to WebRTC. The one I selected for the diagram above is that of GetUserMediaPromise, showing how often do web pages that are loaded in Chrome ask permission to access a camera or a microphone – leading more often than not to a WebRTC session.

We’ve seen a huge increase in use of WebRTC throughout the pandemic, and now things seem to be settling down for the last half year on ~x4 times what they were prior to the pandemic. Will this last or not is a good question. Clubhouse seems to have plateaued since its strong debut for example.

No one really knows what the next 12 months are going to look like, and if Omicron or yet another strain of the virus will push us back to the safety of our homes and quarantine – or what things will look like when we find ourselves on the other end of this pandemic.

Google and libwebrtc

Google has a stranglehold on WebRTC – for better and for worse.

ALL web browsers today that support WebRTC do so via libwebrtc, which is Google’s implementation of WebRTC:

  • Google Chrome, obviously makes use of libwebrtc
  • Microsoft Edge, essentially a skin on top of Chromium (=Chrome) which… uses libwebrtc
  • Apple Safari, that takes libwebrtc and then backports it into WebKit
  • Mozilla Firefox, who have libwebrtc embedded into Firefox and need to upgrade it from time to time (just did a big upgrade recently)

Google seems to have shifted to a kind of a maintenance mode with WebRTC. They have also changed their mindset and are focusing with libwebrtc on what’s good for Google. It all makes sense. For them…

After 10+ years of holding up the mantle for the whole industry, it is becoming tiresome, especially when there’s not enough to show for it internally. The shift was inevitable.

Google is doing what is good for Google with WebRTC

That means that if your use case falls within the realm of what Google does and needs, then you’re in good shape and good luck. And if you aren’t… well…

In the meantime, the industry around WebRTC has good meaning people. Those who want to see WebRTC grow, flourish and thrive. They are trying to help, but helping is HARD:

  • Getting a fix/update/new feature into libwebrtc as a Google outsider isn’t simple
  • libwebrtc sits in 1-2 billion devices, so Google won’t be taking contributions blindly
  • There’s the liability angle of it, which Google takes up upon itself for anything that gets crammed into Chrome – and libwebrtc; they even pay for security bugs others find
  • And then someone need to test it all, which takes resources, so Google needs to justify that effort
  • On the contributor’s end, it isn’t just fire and forget – you can’t send a few lines of code and expect it to be integrated into libwebrtc and Chrome
  • You actually need to put an effort and sweat it out – explain why this contribution is needed – why it “belongs” to you – how it will help everyone
  • And let’s face it – we love writing code but not comment, explain or sell it to others
  • Oh, and the companies? They want to be involved but don’t want to put the manpower and money where their mouth is

A deadlock.

Breakout open source WebRTC technologies

There has been a lot of open source built around WebRTC and in the recent two years that has accelerated as well – the pandemic and all.

What we’ve seen in these 10 years are a few distinct open source projects that have broken out from the pack, making themselves more popular than others. I know the list here is lacking and others are used as well – but assume that these are the ones I see the most in the market when it comes to open source (I am intentionally ignoring the VoIP/SIP open source projects such as FreeSwitch and Asterisk here).

The illustration above shows my current thinking about the trends surrounding these top open source WebRTC technologies:

  • Kurento has been on an ongoing downward spiral. This started some 5 years ago with Twilio’s acquisition of the Kurento assets. They took all the knowledge and left Kurento practically an empty shell. Since then, the project never bounced back. So much so that the team maintaining it who later built OpenVidu started the migration from Kurento to mediasoup themselves
  • Janus has been going strong over the years. Today, I see less of it in new projects though. Something has slowed down there. It might be due to the other rising projects or due to the shift in focus of the meetecho teams towards NDI, OBS and streaming – a niche in the WebRTC ecosystem
  • Jitsi is great. 8×8 has taken the mantle from Atlassian and leaned in, investing further into the open source project (kudos to Emil Ivov – this isn’t an obvious decision to make). Jitsi is feature rich, but suitable for video conferencing use cases. Things outside that scope are probably a better fit to one of the other alternatives
  • mediasoup is another excellent choice. In recent years, the number of users adopting it in their projects has grown considerably. Most of the feedback I hear about it is positive
  • Pion is interesting. It started off as a kind of a Go lang implementation of WebRTC and now it does everything from a client side solution to an SFU, with multiple other open source projects built on top of it. For some tasks, this is the best solution out there today
Electron’s double-edged sword for WebRTC

Then there’s Electron. A PC application framework built on top of the Chromium browser engine – Electron is popular with WebRTC apps as well.

Electron is a great starting point: you write your web app. Wrap it with Electron. And you’re done.

But in many ways, that’s just the beginning of your journey. Arnaud Budkiewicz of RingCentral spoke at the recent Kranky Geek about their journey:

Using Electron means surrendering to the Chromium+libwebrtc release cadence that Electron has opted for – or digging deeper and owning that technology stack as well.

WebRTC in CPaaS is… complicated

Using CPaaS WebRTC solutions was never easy, and in 2022 it is going to be even more complicated. Why? Because the landscape is unclear.


Twilio is chasing CEP butterflies. I am all for it – though sadly it has nothing to do with WebRTC.

They have been slow to respond to the market changes when it comes to WebRTC, and it still feels like WebRTC is an afterthought to them.


Agora’s stock has been acting out after their successful IPO.

While their performance and traffic is going strong, there are market uncertainties there – peak WebRTC is one, and the huge spike is Clubhouse (using Agora). The Chinese government regulation is another. I am singling out Agora here because they are the only CPaaS vendor focused on RTC that is a public company.


On the positive side, we’ve seen the investment in Daily – $40M in series B.

The company is growing, focused on their WebRTC implementation for developers.


Vonage just got acquired by Ericsson. That leads us to this acquisitions chain when it comes to their WebRTC CPaaS capabilities:

TokBox → Telefonica → Vonage → Nexmo → Ericsson

We will see where this takes the Vonage API platform.

New players

We still have newcomers to this market. Big and small. We’ve seen Microsoft and Amazon jump into CPaaS – and especially to where WebRTC is being used in CPaaS. Zoom is dabbling with an API for CPaaS lately as well.

But also newer players such as 100ms with an interesting concept to their APIs, enabling developers to offer hints of their use case, or doing more in the background for the developers than the “classic” vendor solutions.

Widgets, Embeddables, Prebuilt

The market is also growing and maturing in CPaaS. We’re starting to see higher level abstractions, offering the UI/UX along with the APIs themselves. These come in different shapes, sizes and names, but they are all geared towards making the lives of developers easier.

Which one should you be using?

Will the one you choose be there next year?

Is he going to shift focus and bail on you?

Are the APIs and capabilities he is offering actually going to work?

Lots of questions. No easy answers.

WebRTC Trends in 2022 – more of the same?

After this long preamble, it is time to talk about the WebRTC trends in 2022.

The 5 biggest trends for WebRTC in 2022 are taking slightly different routes than we’ve seen before. Some focus on scale while others on new requirements and others still on new markets.

#1 – Scale & performance

There’s a saying/quote in Hebrew – “you start as fast as you can, and then you continue to accelerate slowly”. This is where we’re at with WebRTC.

This is obvious, and a continuation to 2021. Scale still matters. A lot. This is going to stay strong as an initiative well into 2022.

In our Kranky Geek event of November 2021, Google shared the work they’ve done in the past year. Below is the slide presented around performance optimizations. As you can see, this is an ongoing effort with multiple tasks. A lot of this has been achieved, but more is being done.

These improvements are aiming towards better scalability of a single session for multiple participants. The many bugs we now track in the recent couple of months around hardware encoding and decoding as part of the WebRTC Insights shows that this will continue well into 2022.

At the same time, we are seeing investments being made by many on the infrastructure level to scale their services.

What was the case in 2021 will be in 2022 as well.

#2 – #newtech

There are a swath of new technologies that are just now starting to mature. They are enabling vendors to do more with WebRTC. At Kranky Geek, for example, we’ve spent considerable time with these technologies and seeing how various vendors are making initial use of them.


Probably the crown jewel of enablers in the web today.

WebAssembly speeds up performance of web code AND enables cross language compilation. For WebRTC, the main benefit here is the use of WebAssembly for machine learning tasks used for media manipulation. From noise suppression, through background replacement and funny hats, to video lighting. All these are enabled with WebAssembly today.

Expect more vendors to use this and expect more features to be enabled by this.

WebTransport & WebCodecs

Not happy with WebRTC? There’s WebTransport & WebCodecs.

Together, they theoretically enable you to encode and decode media and send or receive it from a server.

The devil here is in the details, and while not favorable yet to replacing WebRTC, they do look promising. We’ve had Dolby and Intel share some of their insights on these at Kranky Geek.

What we are going to see is more vendors experimenting with these technologies as well as using them alongside and with WebRTC where it makes sense. I’ve pointed to this approach over a year ago, as part of the WebRTC unbundling process taking place.

With Google’s own enthusiasm about these, one wonders if they will lose interest in WebRTC a few years down the road.


Then there are new codecs.

AV1 has been around since 2018. Not exactly… obviously… some people have been pushing it as a solution for WebRTC since 2018. The truth of it is that at the end of 2021, AV1 is yet to be seen anywhere significant when it comes to WebRTC. Not because it isn’t good, but because it takes time to release a new codec to market – especially a video one.

Well, the wait is somewhat over. AV1 is coming to WebRTC and we will see use of it in 2022. It will still be limited, but it will finally be interesting and relevant.

A new ML-based voice codec (think Lyra) will take a wee bit longer. There’s no consensus yet as to which voice codec it should be. AV1 didn’t have that problem – we already knew AV1 would be next in line.

#3 – WebRTC infrastructure, hyperscaling and SD-WAN

How you design and deploy WebRTC is changing. The usual mesh/mix/route alternatives are still there. Many go for hybrid approaches. Focus and discussions lately went to the hardware itself, and where it is located, and how packets are routed exactly.

Agora were probably the first to do this openly and at scale, marketing it as a better approach. In 2021 we’ve seen the likes of Subspace and Cloudflare announce managed TURN services with regional distributions of 100 or more data centers.

I’ve marked infrastructure as one of the challenges in my workshop in 2021. In 2022 this is going to become an even more interesting topic. Anycast is going to join the frey as a technology used by vendors.

What we still won’t have as a definitive answer in 2022 is which one is preferable? Is there a real value differentiator and observable improvement in quality when using more than 10 regions globally. Would it be worth the effort, especially with the large cloud vendors popping out new data centers every month or so?

#4 – Live Streaming

Moving away from features and technologies to use cases.

Live streaming is here and WebRTC is how you do it.

There are other technologies, but none that works as fast as WebRTC and works in browsers.

People are getting more and more comfortable with video. Due to the pandemic, a lot of new ways of communicating at scale are here, done remotely. And people want to interact. Live. and in real time.

2 seconds latency might be nice, but sub-second is nicer.

What we will be seeing is more vendors turning towards WebRTC for that sub-second experience. There’s room for higher latencies – for many use cases. But when it comes to instantaneous, expect to see a lot more WebRTC. At least until WebTransport & WebCodecs mature enough

#5 – 2D to Metaverse

Zoom fatigue? Boring gallery view and tiles?

Everyone is trying to rethink the communications of the future, and they don’t look like the talking heads we’ve grown up on in the last 20+ years.

The two extremes I am seeing?

  • Placing video calls inside 2D and 3D synthetic environments where the user’s “avatar” can roam free
  • Talking about full metaverses with Facebook and Microsoft leading the way (at least for now)

We will see more of this in 2022. At the moment, there are so many different experiences being published that the most interesting thing to see will be which ones will stick and which will fade away.

WebRTC market forces

As we head into 2022, it is also important to understand who are the main players and the main market forces. These are going to shape WebRTC moving forward.

Big Tech: FAAMG and WebRTC

The biggest tech vendors are the ones setting the pace and calling the shots with WebRTC. Each with his own angle to it.

  • Google – well… Google. They are the biggest user of WebRTC in the browser, they own libwebrtc, Chrome, Google Meet, Stadia and many other tools that make use of WebRTC. Mostly, what Google wants with WebRTC happens
  • Microsoft – Microsoft has Skype, Azure Communication Services and Teams. All using WebRTC, at least on the web browser. They are also pushing their own initiatives around WebRTC itself, though these are mostly limited to optimizing certain areas for the Windows operating system and their Office offering
  • Apple – Apple seems to be behind when it comes to WebRTC. It feels like they are pulled into it without really wanting to. FaceTime Web is probably the most public thing they’ve done with WebRTC. Apple consumes libwebrtc and contributes nothing back. That said, practically everyone is held hostage by Safari’s poor implementation of WebRTC – and only Apple can improve that
  • Amazon – Quietly and diligently, Amazon has its own growing number of services and products that make use of WebRTC. It includes Kinesis, Chime SDK, Amazon Connect, Alexa and others. They don’t seem to care much about the specification itself or a specific browser implementation of it and are happy with what they get
  • Facebook – owner of Messenger, Instagram and Whatsapp is probably one of the biggest vendors when it comes to WebRTC traffic

You can add to this list Intel, who are now pushing the envelope on hardware encoding for WebRTC, something that was usually ignored by hardware vendors.

In 2022, these will be the shapers of WebRTC as we know it. They will decide if they listen to external feedback and pour it into their own product roadmaps or not – and that will end up affecting us all in the WebRTC ecosystem.

Twilio’s disinterest in WebRTC

As I stated earlier, Twilio doesn’t really care about WebRTC. Not much anyway. WebRTC isn’t big money for Twilio, so they are focusing elsewhere. We do make use of Twilio’s video-js repo as a good source of bug reports (Twilio and Vonage are still ahead of most everyone else in that).

As the dominant CPaaS vendor that is a proxy for other vendors:

  • They can either doubledown on WebRTC and video
  • Or they can try to compete with Twilio head to head, shifting their focus away from WebRTC as well

This isn’t the best of environments for those who want to use CPaaS, and to some extent, this isn’t productive for those who want CPaaS either.

It also dilutes the power that CPaaS vendors have (or want to have?) over the direction WebRTC is headed. It would have been great to have these vendors’ voices heard more, as they aggregate behind them thousands of companies, use cases and requirements. Part of it is why I think UCaaS is outpacing CPaaS in innovation.

The Zoom elephant Is Zoom the exception to prove the rule?

Zoom doesn’t really use WebRTC, but it does affect everything there is around WebRTC:

  • Vendors using WebRTC oftentimes end up competing with Zoom in the market
    • This is true for many verticals and market niches
    • Zoom has the advantage of being widely known and used already, due to its status as the pandemic’s poster child
  • Capabilities in WebRTC are compared to Zoom’s capabilities
  • Zoom is betting on WebCodecs+WebTransport+WebAssembly as a WebRTC replacement and a way to differentiate it from the crowds
    • Would others be taking this same route?
    • Would Google at some point take it as well, and lose interest in WebRTC?
    • Time will tell

Without being a part of the WebRTC ecosystem, Zoom is a big shaper of the WebRTC market.

Coopetition in WebRTC

Coopetition exists everywhere. The notion of competitors cooperating together is something we see a lot, especially in standardization organizations, where vendors are chugging it down, trying to get to an agreeable, better place for everyone (=lowest common denominator). We’ve seen it with the decision on mandatory to implement video codecs in WebRTC for example.

What we’re now seeing more is collaboration between companies directly – ones that compete in some ways and cooperate in others.

Microsoft improving screen sharing in Google’s libwebrtc (after deciding to adopt Chromium for Edge), Intel helping with hardware encoding of AV1, RingCentral and 8×8 pushing to get RED for Opus into libwebrtc, …, the list goes on.

We’ve come to a point where it is acknowledged that we can’t just sit and wait for things to “happen” on their own with WebRTC on the implementation side and there needs to be more proactivity and cooperation. Vendors need to start investing more and publicly in the baseline open source implementation and not only in their proprietary code.

This is wishful thinking most of the time, but I think we’re at an inflection point where this will need to happen more for the WebRTC community and ecosystem to take the next step in its evolution.

Upcoming WebRTC Trends 2022 workshop

In January I’ll be conducting a workshop that covers these topics. The trends and what to do with them. It will offer actionable advice on what you should do in 2022 and it will be interactive in nature.

My WebRTC trends in 2021 workshop was well attended. Here is what Stefan Karapetkov of Twilio had to say about it:

I was looking for an update on the WebRTC market and technology trends, and the workshop provided exactly that.

The information was specific, very well organized, and delivered in an engaging and entertaining way.

The workshop was split into three sessions and gave me enough time to think about the material, do additional research, and prepare questions for the next session.

I left the workshop with a solid understanding of the WebRTC technology, even more importantly, of the many technology tradeoffs that the WebRTC community made along the way.

I use this knowledge in my everyday interactions with colleagues and customers, and think that the workshop would beneficial for anyone in a Video Product Management or Architecture role, even for Solution Engineers who specialize in Video.

The 2022 workshop is going to be just as structured and useful, with ample interactivity that will give you the opportunity to interrupt and ask questions relevant to you and your business.

This new workshop, WebRTC trends for 2022, will take place during January-February, in 3 consecutive sessions of 2 hours each.

Space is limited, so if you are interested, register sooner rather than later.

See you at the workshop.

Register to WebRTC trends for 2022 workshop

The post WebRTC Trends for 2022: Proprietary & differentiation are back appeared first on

Spearline acquiring testRTC – this is rocket surgery

Thu, 12/02/2021 - 12:30

Spearline acquired testRTC and now supports WebRTC testing and monitoring. This will change what I do, but in good ways.

This week the announcement became public. The company I co-founded with a few friends, testRTC, got acquired by Spearline. It is the end of a chapter and an opening of the next one.

For starters – I am still going to do what I did so far – have fun and help companies with their WebRTC and CPaaS challenges.

I tried to keep testRTC at an arm’s length from and what I do here just because… well… not sure why. Probably to stay as impartial as I can with the things that I do. That said, it is probably a good time to explain where we are with testRTC and our support for WebRTC applications.

Where are we with testRTC?

We’ve started testRTC with the intent of providing a self service, cloud hosted testing solution for those developing with WebRTC. Along the way, we’ve expanded our product lines to include 3 separate domains with 5 different products:

  1. Testing
    • testingRTC – our marquee testing product that can be used today for regression, stress and performance testing
  2. Monitoring
    • watchRTC – a passive monitoring service that integrates with the WebRTC client application collecting data from real users, gauging quality of service that they get, both in aggregate and on the individual user level
    • upRTC – an active monitoring service, validating your application’s uptime and quality, able to understand your SLA
  3. Support
    • qualityRTC – the WFH (Work From Home) support tool focusing on connectivity and quality issues by offering end users a self service route and reducing average handling time for support teams
    • probeRTC – continuous network monitoring service for office locations to deal with network fluctuations from specific locations to your WebRTC cloud service

Simply put, we are the only vendor today offering support for the full lifecycle of your WebRTC application – from development to deployment and long term maintenance of the service. We do that at scale, in the cloud, with a big smile

And then we met Spearline, and found a common ground.

Who and what is Spearline?

Spearline offers testing and monitoring for your telephony services.

They have a large global deployment with real phone numbers across 70+ countries and carriers worldwide – landline and mobile. If you need your phone numbers tested and validated for their quality and performance (and you do), then you go to Spearline. Why? Because without actually testing a number, your only insight that a number isn’t working (say your sales line) is to get a customer to complain about it – which is way too late.

This all made perfect sense for us at testRTC. When we were approached, it was easy to figure out that this falls into this category:


  • Same domain
  • Similar customer base
  • Different technologies

We’re completing Spearline in a few ways (WebRTC being an important part of it), and Spearline completing testRTC in other ways (telephony, scale and enterprise sales to give a few of the things we were after).

Which leads me to rocket surgery.

Rocket surgery

I had a technical call the other day. Related to Someone at the call said “rocket surgery” at some point. It took me a few seconds to deconstruct that and understand it – he probably meant to say rocket science or brain surgery – just to indicate that they’re doing things that are hard, but not that hard (he said “this isn’t rocket surgery”).

Then it dawned on me. Rocket surgery is the best term I have for what we’re currently doing.

We’re marrying the best of both worlds here at testRTC & Spearline, so we can now offer our customers rocket surgery solutions. Things that no other vendor out there can do for you.

And that excites me – the things we can achieve and the plans we’re making for the future as part of this acquisition.

What changes for

Nothing and everything.

(can you spot the 10 differences between the images above?)

I am continuing my work at testRTC as before. Not as CEO (never liked that role), but as head of products for testRTC (which is kinda like a small CEO). testRTC is my baby. I want to see it grow and flourish.

But then again, I like the diversity and the thrill and fun of doing everything. And Spearline were kind enough to allow me to continue with my extra curricular activities. These include the courses, the weekly, insights, consulting and Kranky Geek.

I’ve been thinking a lot lately about my future. And what else I want to do. I don’t have the answers to it yet. For the foreseeable future though, this is going to be helping you with your WebRTC and CPaaS needs.

Onward and upward

2021 has been a rollercoaster. I enjoyed the ride.

Here’s for a 2022 that is thrilling, exhilarating and fun.

The post Spearline acquiring testRTC – this is rocket surgery appeared first on

Twilio Signal 2021: A Pivot from CPaaS to Customer Engagement Platform

Thu, 10/28/2021 - 11:00

Twilio Signal 2021 defines Twilio as “API”, “programmable”, “platform” and “customer engagement”. Here’s how it intends to compete in its many markets.

Twilio Signal 2021 is when Twilio officially pivoted from CPaaS to a Customer Engagement Platform. This is the reason Twilio acquired Segment last year, and the explanation of how it intends to leverage that acquisition.

Every year, I put time aside for Twilio Signal. Either in person or remote, going through the sessions and paying extra attention during the keynote. This has developed into a comprehensive view and research resources about Twilio that I’ve put up. It is time now to review what we had at Twilio Signal 2021.

Table of contents Twilio Signal Keynote 2021

Twilio didn’t put the keynote for Signal 2021 on YouTube (yet), but they did have it as part of their all-day Signal TV session. The video below will get you the keynote, which was around 90 minutes long:

As events go, Twilio Signal 2021 was quite a good experience for a virtual event. It was a bit hybrid, but most of the focus and action took place on the virtual side of it (or at least felt that way for me as a virtual audience).

Defining Twilio in 2021

Twilio never liked or used the term CPaaS. I am not really sure why.

The Twilio pivot

There were 4 words that came time and time again during the keynote, and I think they are the center of what Twilio gravitates around today: “programmable”, “platform” and “customer engagement”.

Everything Twilio does can be found around these words, and I believe also every type of adjacent business they will try to go after will have two or more of these words in them in one way or another.

Twilio tried to show this shift and to move away a bit from APIs. It will take more than a single Signal event to do that.

Jeff Lawson, Co-founder and CEO of Twilio, started by presenting the idea of Customer Engagement and ended the keynote with the Customer Engagement Platform taking us in a complete circle around it.

Why did Twilio pivot now?

Twilio is the leader in CPaaS. It has been so for many years now, defining and redefining what CPaaS is. Twilio is also ahead of all of its competitors. Way ahead. It acts as a best of suite provider, which covers most if not all of what CPaaS is, with depth of functionality in many of its offerings.

As such, it sees and knows the market. It also knows the market’s limits. Which means it understands its estimated growth. It had to pivot and start eating up more adjacencies to continue growing at an accelerated rate. But there probably aren’t enough adjacencies it can go after that can be defined as CPaaS or as communication APIs. So they went up the food chain, marketing customer engagement as their target.

How Twilio’s breakout acquisitions into email and customer data enabled the pivot to Customer Engagement

Twilio’s reasoning for doing it now?

  1. Size of the market. The communication market has been said to be $1T. Twilio believes it is much bigger, due to the slower shift of communications towards the cloud and the fact that communication is now used in new ways, not attributed in the original market sizing made by analysts
  2. Architectural shift. The shift to the cloud. This one is driven by customers who need to do more, faster and more flexibly. Legacy vendors can’t do it, while Twilio as a cloud native vendor can offer such capabilities
  3. A focus on “proactive”. Most use cases in business communication so far have been reactive in nature. Now they are a lot more proactive. That shift requires new capabilities, ones that require access to more data and being smart about it

To be frank, the architectura shift as well as the move from reactive to proactive have been industry themes for over 10 years. The pandemic simply accelerated these changes, and probably accelerated Twilio’s own pivot. It is also a new language that Twilio is now speaking, so we hear it from them as well.

Twilio by the numbers

Each time, Jeff starts his keynote with numbers, showing off Twilio’s size. It is interesting each time to see which numbers he shares and highlights at the beginning of the keynote. This year?

Twilio Signal 2021 numbers versus 2019 & 2020

What numbers did Twilio share in the beginning of its keynote this year versus previous years?

201920202021Customers160,000200,000+240,000+ in 180+ countriesText messages––128B (100% growth)Emails––1T (5.8B single day peak)Calls––25BFlex interactions––0.5BSegment data events––10TInteractions750B1T–Unique phone numbers2.8B3B–Calls/minute32,500––Peak SMS/second13,000––Email addresses3B/quarter50%–Video minutes–3B–Developers6M––

This is in-line with its pivot, as many of the original numbers aren’t even mentioned.

So… Twilio is now even bigger, and it is pivoting.

  • Customers came first. Not as a number, but as logos, showing how strong and diverse Twilio’s customers are
  • It was important for Jeff to share that these customers include startups, enterprises and ISVs – Twilio isn’t catering only startups
  • I think it was the first time Twilio shared the countries of origin for its customers. 180 of them. With anywhere between 195 to 249 (depending who is counting), that’s quite impressive. The reason to share this number? To signal that Twilio isn’t only big, but it is big everywhere (ie, outside the US)
  • Text is still the most important thing for Twilio. Not as SMS, but as “text” – omnichannel. We will see later that this still means SMS
  • For calls, Twilio shared the number of calls and not peak, with 25B as that number
  • Flex interactions. For the life of me, I still can’t understand what interactions are, and probably no one does. Twilio simply wanted to say “Flex is a real and it is big” – to remove the doubt in the business success of Flex in the contact center space
  • Segment data events are… as bad as Flex interactions as numbers go – I don’t understand what that means. But saying 10T is always good, cementing Twilio’s “dominance” on the CDP (Customer Data Platform) space Segment belongs to
Twilio and social good

I haven’t added the social good related numbers that Twilio shared not because they aren’t important, but because they require a separate mention.

Twilio made the decision years ago to be a company that does good in the world. It also decided to put its money where its mouth is, through its operation and its shift to become a diversified company.

Time is spent each year at Signal during the keynotes as well as in specific sessions for social good, and this year was no different.

Twilio and partnerships

Jeff mentioned the strategic partners of Twilio at the beginning as well. These are getting more important to Twilio as it grows and shifts towards customer engagement.

Twilio dogfooding

Twilio is dogfooding its own products. For Twilio Signal 2020 and 2021 it has been hard at work building its own hybrid events platform. Still at its early stages but quite commendable.

Each year, additional pieces of the Twilio building blocks are being used to create these events. It will be interesting to see if in 2022 they will continue with this trend or go to a live-only event. Another question is if and when will they productize this as a programmable events platform.

The Pivot: Twilio Customer Engagement Platform

After the numbers it was time for the pivot. This is where Twilio moved away a bit from its roots into communications towards custom engagement. And the way this is explained by the fact that Twilio now isn’t only about communications but about all experiences with customers. Customers “drove” Twilio there, which led to the creation of Twilio’s Customer Engagement Platform.

Setting the stage

Two things here:

  1. Twilio isn’t only about CPaaS anymore
  2. Twilio focuses on communications of business with customers. They aren’t after the UCaaS market in any way
Twilio ignores UC and pivotes to customer engagement

If you look at the communications market diagram above which I like using, then Twilio encompasses two of the three domains. The difference now is that it is vying towards the CRM part with its new story of a customer engagement platform.

The pillars of Twilio’s Customer Engagement Platform?

From here on, the keynote was focused on showcasing everything revolving around customer experience with trust, scale, reliability and compliance as the main themes.

FUDing the enterprise

To hammer the message through, Twilio decided to harness the “digital giants”. In its mind, these are Amazon, Google, Netflix and Facebook. An odd choice, as Apple and Microsoft would be “gianter” than Netflix…

The reason behind this, is that these companies make the best use of customer data to improve its engagement with its customers, providing a singular, cohesive view of them.

Logic states that these digital giants have grown with the pandemic because they understand their customers better, and other vendors need to follow suit or be gobbled up by these digital giants.

Now that we want to be like them, we need to have the technology to do that. Amazon didn’t buy its CRM from anyone, it built it. It fed it with the data needed. And so do you dear vendor – you can’t rely on an existing CRM – you will need to build it. And just accidentally, Twilio Flex is what you need to build it (wink wink ).

Oh, but it isn’t Twilio Flex. It is actually Twilio Flex + Segment + machine learning.

To hammer that in, Jeff made sure you know that you don’t want the digital giants as your partners when it comes to your customers: Amazon taking a cut of each purchase,the Apple tax, Facebook and Google auctioning user attention via ads. You dear vendor, need and want to own your customer relationship – directly:

Now that we’re all warmed up, it was time to share and explain what Twilio Customer Engagement Platform really is.

The Twilio Customer Engagement Platform Twilio’s new Marketecture: Twilio Customer Engagement Platform

Twilio’s new Marketecture: Twilio Customer Engagement Platform

Jeff went through the platform’s components, which sits well with its current set of product offerings and acquisitions.

1. Channels

Channels are the basic Twilio building blocks. That’s roughly the CPaaS part of Twilio:

The purpose is to be where the customer is.

Messaging and Voice is what Twilio is focused on. Ads were not mentioned anywhere else. Email is the SendGrid acquisition. And Video… well… that’s almost the only place it appeared during the keynote (more on video later).

2. Engagement Apps

These are the higher level programmable applications that Twilio is offering:

  • Twilio Flex for support (announced 3 years ago at Twilio Signal)
  • Twilio Frontline for sales (announced a year ago at Twilio Signal, no new announcement around it in the keynote)
  • Twilio Engage for marketers (announced later in the keynote)
  • Custom apps are the ones you build yourself on top of Twilio’s CPaaS offering (their Channels)
3. Personalization


This is why Twilio acquired Segment a year ago, and this is where it is taking Segment next.

The reason behind acquiring Segment was to pivot towards customer engagement and provide a larger offering to larger enterprises.

As Jeff said it, this is about engaging customers in real time at scale – that’s the focus of Segment.

From here, the keynote went to specific product announcements.

Twilio Signal 2021 keynote announcements

During the keynote, several official announcements were made. There were others that didn’t make it into the keynote itself, which goes to show where the main focus is.

Here are the things announced in the keynote:

  1. Regional Twilio – running the Twilio stack and connecting to it over different geographical regions
  2. Twilio MessagingX – a rebranding of its SMS and omni-channel offering
    1. TrustHub – managing compliant phone numbers
    2. Google Business Messaging – support for Google Business Messaging
    3. Content API – new API for managing messages across channels
  3. Twilio IVR Now – helping contact centers migrate from on prem IVRs to the cloud
  4. Twilio Intelligence – a new business process automation platform for the contact center
  5. Twilio Flex
    1. Twilio Flex ONE – single API for multiple channels in Flex
    2. Twilio Flextensions – marketplace for partner extensions and implementations for Flex
  6. Segment
    1. Twilio Engage – marketing cloud engagement app for marketers
Regional Twilio

Jeff introduced this first and explained that this was their biggest architectural change.

Twilio switched from a single US based data center to enabling running the Twilio stack from multiple regions. A customer can potentially choose where he wants to connect to Twilio and where he wants his data to reside.

The main difference is lower latency on API calls if sent to the same region, but mainly the ability to choose where to run and store the data.

The actual deployment of this is going to happen in stages with a growing number of locations as well as products enabled. This will start with two new regions – Australia and Ireland, to cover Europe and Asia by year end for Twilio Voice; while Twilio Segment can store data in Europe.

The main reason for this is the growing need to support regional data storage to meet regulation in different countries and the need to entice larger enterprises to use Twilio.

This was announced before the explanation of the Customer Engagement Platform, but I decided to place it here, as part of the announcements of the keynote.

Twilio MessagingX

The first announcement after introducing Twilio Customer Engagement Platform was Twilio MessagingX – the Channels layer in the new marketecture. This is also where the heart of the Twilio CPaaS solution lies.

It started nice. Soumya Srinagesh, Twilio’s VP Messaging Exchange, shared her big number:

Somehow, it differed from Jeff’s by 28B. I am sure there’s a good explanation, though either way, 100B is a large enough number.

SMS centered, but evolving

For Twilio, messages are still SMS. It wasn’t said out loud, but it was hinted strongly enough throughout the session based on the announcement and in the analysts briefing for Twilio MessagingX:

During the analyst briefings of Twilio Signal 2021 the above slide was shared. I like it because it says a lot about how Twilio sees things in the messaging space. I also like it because of the way things are arranged.

Here are my immediate insights from it:

  • SMS is the biggest channel by far. Everything else is just noise
  • Whatsapp comes second, and then Facebook Messenger
  • RCS is puny (it is still dead before arrival)
  • All of the above is true because Twilio deals with business to consumer communications
    • Until now it was mostly business to consumer
    • Whereas the future is in conversations where consumers initiate more of it, where social networks and Apple/Google are more important
  • It also doesn’t take into account communications that aren’t business to customers. Business to business and just person to person, which may happen in other channels
What is Twilio Messaging X?

So what exactly is Twilio MessagingX?

It looks at messaging not from the API building block level, but rather from 3 different perspectives, each with its own set of focus and investments: Trust, Quality and Choice.

To be clear, all CPaaS vendors strive to do that. Twilio is one of the few that are big enough with economies of scale to really deliver it, and do so with programmability in mind in all of the possible layers.


To handle trust, mainly deliverability and compliance, Twilio announced TrustHub.

TrustHub is all about compliant phone numbers (did we say SMS?)

It isn’t as if other CPaaS vendors don’t offer compliant phone numbers. TrustHub does that by enabling access to it via APIs as well, making it… programmable? More flexible?

The intent at the end of the day here is to have messages pass unfiltered and not get them to be blocked by carriers. Especially now, when our phone’s spam folders for SMS and voice are full of such numbers and messages.

This initiative is starting with the US market and will expand elsewhere.


This is about deliverability by selecting which carriers to use to route messages, and figuring out bad connections. Twilio does that proactively (other CPaaS vendors do or say they do as well).

Not much else was said about it during the keynote, but this is where many of its acquisitions and investments in communication providers such as Syniverse earlier this year come to play.

This is a topic for a separate future analysis though.


Choice is omni-channel. The ability to send messages to users on the channels they prefer.

There were two announcements around choice that were made:

1. Google Business Messages

Twilio already had SMS, Facebook Messenger and Whatsapp. Now they added support for Google Business Messages – the ability of customers to start a conversation with a business directly from a Google search result or a map listing.

Interestingly, Twilio still has no Apple Business Chat support. Probably because Apple doesn’t want to deal with generic CPaaS vendors just yet.

2. Content API

To manage and handle the fact that each messaging channel has slightly different rules you need to deal with, the new Twilio Content API is there to allow writing a message once and delivering it on whatever channel, with Twilio taking the headache of matching the message you want to send to how each channel likes that message.

As messages become more complex, requiring the user to take actions for example, such an API becomes a nice add-on.

For the most part, it feels like a utility that reduces a lot of the headache of a developer.

Twilio Voice and IVR Now

This was the first time voice was discussed. It was preceded by this nice number:

We had 25B calls, now with 36B voice minutes. If both relate to voice, then that’s 1:26 minutes per call on average. Transactional is the main focus of Twilio.

Not much more has been said or announced about Twilio Voice directly. The only thing was IVR Now, with about a minute spent on explaining it:

IVR Now seems to be a program that is designed to assist enterprises to migrate their VoiceXML from on premise IVRs to Twilio’s IVR. If I had to guess, this is about offering professional services either by Twilio directly or via partners.

The reason for sharing this during the keynote was to get enterprises listening in to talk to Twilio about it – there still isn’t anything on Twilio’s website about this program…

Other than that, it felt out of touch with the rest of the keynote.

Twilio Intelligence

Al Cook, VP & GM, Artificial Intelligence was the one introducing Twilio Intelligence. Al was the one leading and announcing Twilio Flex a few years ago, and this in a way is an extension of it.

The premise of Twilio Intelligence is the need to get from voice to data to meaning.

Twilio Autopilot was released to beta in 2018 and GA’d during Twilio Signal 2019. Interestingly, this is a platform and not a product (which means it probably is still Twilio Autopilot).

What is included?

  • Driven by conversations
  • Your own switch transcription engine and language understanding capability
  • The transcription engine itself was built by Twilio, not using third parties
    • This reduces the price points for Twilio and increases their ability to deliver a specialized solution
    • The data used to train the engine was labeled with type of data and calls that Twilio sees with its customers
    • This leads to accuracy higher than 90% (based on Al’s explanation)
  • The Twilio transcription engine is included in the Intelligence platform but can also be used as a standalone API
  • Accents were mentioned but not languages, so this is probably English only at this point in time
  • The intelligence part comes with language operators which can be trained by the vendors themselves
A view of the language operators of Twilio Intelligence as implemented as part of Twilio Flex

A view of the language operators of Twilio Intelligence as implemented as part of Twilio Flex

Here’s what it means that Twilio Intelligence is a platform:

  1. This isn’t a specific product, but a mix of multiple Twilio products and capabilities
  2. Twilio voice recordings will now offer transcriptions, most probably with diarization based on the channels in the call
  3. Segment stores the data
  4. Twilio Studio is used to manage and automate decision trees based on the language operators
  5. Twilio Autopilot or something newer/different is used to sift through that data to get to the understanding part of it
  6. Twilio Flex holds all that glue together with the application level implementation of it all

The demo was quite interesting, so I decided to share the direct pointer to it in the keynote here, as that’s easier than explaining it:

What I think:

  • This is the holy grail of call centers
  • Being able to understand conversations at scale
  • Automate proactive actions
  • Do things intelligently

It is hard work, and it will be interesting to see if Twilio nailed it this time around and what the next iteration of this will look like.

Where and when?

Now in limited private beta. A broader private beta in early 2022.

English only for now. Voice based for now.

Twilio Flex

Twilio Flex launched 3 years ago. At the time, it was questioned if this would be successful or not. To some extent, it still is. The interesting thing is that the same was said about Amazon Connect, which took about 3 years to mature enough to show its size in the market.

Sateja Parulekar, Head of Contact Center Solutions at Twilio made it a point to explain that:

  1. Large contact centers are already using Flex
  2. Flex is the fastest growing product at Twilio (though no specific numbers around size were given, besides the 0.5B interactions at the beginning)

There were new announcements around Flex, mainly Flex ONE and Flextensions.

Flex ONE

Flex ONE is about adding new channels to the Flex contact center with a single API. That includes today voice, messaging (including Whatsapp), chat and email.

The end result is one page holding all conversations across all channels with the customer.


Flextensions are pre-build extensions to Twilio Flex. To me it sounded much like Zoom Apps or application directories of other enterprise tools.

This is geared on top of the partnerships that Twilio has been working hard on and explained in last year’s Signal 2020 when they discussed the Twilio Flex ecosystem. It is the right move for the Flex platform.

From a product perspective, the future of Flex lies in its integration with Segment. This is where Twilio Intelligence is most focused on, as we’ve seen in its introduction and demo.


Peter Reinhardt, GM of Twilio Segment came to explain two things:

  1. What is Segment and why Twilio acquired it
  2. Announce Twilio Engage
What is Segment and why Twilio acquired it

Segment is about collecting customer data from multiple sources and making it available as the single source of truth to wherever the business needs that data – all in real time.

Businesses store data about customers in many different places. With the migration towards cloud and SaaS, the number of these places is growing fast. I know… my own small business to run this website and my courses have their own share of SaaS vendors that I am using, all cobbled up with half-made integration and knit together with this masking tape called Zapier. It works. For my single person small business. Somewhat (I have tons of things I’d love to have better integrated, but don’t have the time or inclination to do – not enough ROI in it).

For real businesses, not like mine, the problem is a lot bigger and a lot more important to solve. Especially if… you want to be like the digital giants Jeff talked about at the beginning of the keynote and Peter made sure you remembered.

But back to the why:

  • Businesses need a glue for their customer data. And Segment is a nice glue. A super glue
  • Twilio does communications APIs. And is going after businesses, especially where businesses need to communicate with customers
  • So the data used to decide if and how to communicate resides in Segment, or gets pushed to Segment from Twilio
  • A win win if you could integrate these two together

And we’ve already seen glimpses of it with Twilio Intelligence earlier on.

I think Segment was the most interesting acquisition of Twilio so far. It isn’t only closing a gap on something they don’t have or need. It isn’t even going after a close adjacency. It is about being able to double down on customer engagement… and building a platform for it.

Which is exactly where Jeff started and where the keynote ends.

Twilio Engage

Twilio Engage was the last announcement. This is the new engagement app that Twilio decided to launch. Flex is for support, Frontline is for sales and Engage is for marketers. This is the marketing cloud offering of Twilio, built on top of Segment.

It is available in pilot now and as GA in Q1 next year.

Not much else was explained or shared about this and the demo was mostly a concept of what can be done with it. Next year’s Signal event will probably show the flashy UI Peter said was less important than the data

Announcements that didn’t make it into the keynote

Video. IoT. Frontline. Sendgrid.

Probably a few others that I missed.

I’d like to discuss 2 of these announcements here in brief.

Twilio Video Insights

Video isn’t (and was never) top of mind for Twilio. They have it supported, but somehow it feels like a second class citizen most of the time: Twilio WebRTC Go was announced in Signal 2020 to give a semblance of progress with video. It is a free peer-to-peer video service from Twilio that is limited in scale. It got some increased capacity this year especially for Signal 2021. Nothing to write home about (I already discussed these free WebRTC video APIs at length recently.

What was announced was Twilio Video Insights and Twilio Video, both very different from each other.

Twilio Video Insights collects WebRTC and other statistics off of your calls done over Twilio Programmable Video, to create a dashboard view of media quality.

This is similar to what we do at testRTC with our watchRTC product.

A demo was shown in one of the sessions of Twilio Signal.

For me this validates our own watchRTC product, as Twilio saw the need to offer that out of the bex as part of its service. That said, if you need something like this (for Twilio, another CPaaS vendor or your own infrastructure), then come check for yourself which tool is most suitable for your needs.

Twilio Live

Twilio Live was announced a bit prior to Signal 2021. Probably in order to give center stage to Twilio Customer Engagement Platform where Live (or video for that matter) play a marginal role if any.

Here’s what I learned about Twilio Live during Signal 2021:

  • Twilio Live offers “interactive” audio and video
    • “Interactive” because there’s a 2 seconds latency end-to-end
    • It isn’t WebRTC on the viewer’s end, which can probably be blamed for that 2 seconds of latency
    • The problem with this is that today’s CDN streaming solutions that can go down to 5-10 seconds, and with further optimizations of their existing technology stacks down to 2 (using LLHLS for example)
    • Their competition from WebRTC streaming vendors is that these vendors support subsecond latencies, usually at the 500 milliseconds mark
    • CDNs are probably cheaper. WebRTC streaming vendors will probably be on par with Twilio’s pricing
    • Main reason for selecting Twilio here is if you’re using the Twilio stack elsewhere as well, but it might not be enough if what you are looking for is real interactivity
    • Yes, 2 seconds delay is great for most use cases, but not for all of them
  • It reaches millions of users on a single stream
    • I’d estimate that Twilio Live runs like a traditional CDN streaming service
    • It sends data over TCP (using HTTPS or a secure Websocket), so there’s no packet loss and there’s buffering added to deal with potential retransmissions
    • It probably also does ABR (adaptive bitrate), to deal with different bandwidth availability of different users
  • Twilio Programmable Video Group Room is used as the source of the content
    • Which means the broadcasters are using WebRTC
    • Since a single outgoing stream is sent towards Twilio Live, this gets mixed and “recorded” and then sent to the audience. All this is probably done by a headless chromium instance in the cloud somewhere
    • The fact that the content is mixed means that all viewers can only see the exact same layout. Less flexible, especially for the interactive type of use cases with several broadcasters

It is an interesting route that Twilio took for its broadcasting service. I am not sure how well it can compete with other CPaaS vendors who are clocking 100s of users or more per single WebRTC session. And it is hard to see this as an alternative for those using CDN streaming services already.

What will be interesting to see is how vendors accept this product and its position in the market – will this be good enough or even perfect for certain customers that can’t find the right solution for their broadcasting needs elsewhere.

What Twilio isn’t

After writing down this longform article and analysis of Twilio Signal 2021, I think the most important part is what wasn’t said. And that’s what Twilio isn’t.

I long suggested and thought that CPaaS, CCaaS and UCaaS are going to merge as the lines between them are blurring. Vendors in each of these segments are vying towards the others through new product announcements and acquisitions.

Twilio went after CCaaS with Flex. It only made sense it would move into UCaaS at some point, being a comfortable adjacency in communications.

But it didn’t.

It went after customer engagement. Acquired Segment and doubled down in this route – making a splashing announcement of it at this Signal event and keynote.

Twilio is all about businesses communicating with customers.

Twilio is a lot less about people collaborating with each other in a business. Why? Because that’s where the focus of UCaaS is, and a lot of that focus relies on a slightly different set of requirements and roadmap.

This is also why video is getting less attention by Twilio for example.

What’s next for Twilio?

I don’t really know.

This can be seen as a pivot, but also as the next step in Twilio’s evolution.

Twilio is surprising with the way it handles itself in the market, at least for me.

If I had to bet, I’d say that the next 2-3 years are going to be more of the same. Twilio will work on its current set of engagement applications, pouring data from the Segment CDP into it, and fitting its solutions for sales, support and marketing. Obviously, developers are still an important part of all of this.

I wouldn’t expect Twilio to go into additional adjacencies in the API domain or to go after unified communication related use cases either. At least not now. They have their hands full going up market and out of their comfort zone of pure communications.

The post Twilio Signal 2021: A Pivot from CPaaS to Customer Engagement Platform appeared first on

A year of WebRTC Insights

Mon, 10/25/2021 - 12:30

WebRTC insights is turning out to be fun to create and super useful to our clients, looking to navigate the world of WebRTC.

Philipp Hancke and myself started this new thing called WebRTC Insights a year ago. We work well together, so we simply searched what we can do other than the WebRTC codelab, which was and still is a fun project.

WebRTC Insights is meant to help vendors sift through the technical (and non-technical) information that is out there and ever changing around WebRTC. Anything from bugs found, important changes in the WebRTC implementation to security issues raised and many other topics.

The idea? If you are a developer who uses WebRTC on a daily basis and relies on it, we can reduce the time you spend on finding what can bite you in the back when you weren’t looking. And we can definitely reduce the risk of that happening.

A year has gone by. The service evolved through this time, as we added more insights into it. Time to look at what we’ve done

WebRTC Insights by the numbers

We started small. The first WebRTC Insights issue looked at 6 issues, 7 PSAs and 2 market insights. 4 pages in total. Now we’re at 15-20 issues on average (twice as much when a Safari release happened) and 10 pages (or more).

In numbers, over the year this turned out to be:

26 Insights issues, 331 issues & bugs, 120 PSAs, 17 security vulnerabilities, 74 market insights and 185 pages. Phew…


In the past decade we have had more than 13,000 issues filed against libwebrtc, Google’s implementation of WebRTC that we all use in Chrome (and all other browsers in one way or another), with close to 5,000 of them external bug reports. In addition to that close to 2,000 external chromium bugs related to WebRTC.

WebRTC is a complex piece of software and staying on top of it requires quite some effort. While the development activity on WebRTC is much lower these days (at a third of the peak change rate back in 2017) there is still a surprising amount of issues we have to look at.

WebRTC Insights started from conversations about WebRTC issues and the challenges they bring between us. We have long looked at and discussed bugs, but this happened over chat and we never wrote it up. Nowadays we write up a summary, our thoughts and the potential impact each bug has. Quite often we learn something from it.

In the process we actually created an annotated list of issues that we can then refer to when we encounter new issues. So when Tsahi complained about an increase in video jitter statistics recently, Philipp just pointed him to the issue where we discussed this topic (you see, Tsahi’s memory isn’t what it used to be).

Mailing lists and PSAs

“Public Service Announcements” or PSAs are a way for the WebRTC team (and Philipp) to communicate breaking changes in WebRTC. They range from changes to the C++ APIs to the plan-b deprecation and typically require action from developers using WebRTC in their applications.

We also list WebRTC-related Intent-to-ship from the Chromium process. This is a mandatory step in the process to launch WebRTC features that require Javascript API changes. In the last year we have mostly seen changes related to screen sharing which then turned into features of Google Meet – yet were available to other users of the platform as well.

Last but not least we do monitor the W3C working group and what happens there as it has a long term impact on where WebRTC is going.

The crazy profession syndrome: WebRTC trials in Chrome

WebRTC uses field trials in Chrome to roll out changes that have some technical risk. We identify them which gives us insights into what might be a possible root cause for issues that are hard to reproduce locally. The best example for this recently was this report by Facebook where an experimental change to reduce the noise during opus dtx caused a large AV desync issue. We had been tracking the experiment for a couple of weeks at that point.

Security patches in WebRTC

We keep track of WebRTC related CVEs in Chrome (17 in the last twelve months), determine whether they only affect Chromium or when they affect native WebRTC and need to be cherry-picked into forks of the native library.

Where is the market headed?

This part is the bird’s eye view that we offer. The rest of the insights are the low level details developers need. Here, we look at the bigger picture of what WebRTC is and the market forces around it.

We bump into tweets, posts, LinkedIn messages and other articles out there – and when we feel they are relevant and important to your work, we mention them. And explain where we see this trend headed and what you should be aware of.

The market insights are designed and handpicked for the clients we serve in WebRTC Insights.

We’re evolving

Over time, we’ve evolved the service.

Security and Chrome trials were added later on. We are now experimenting ourselves with short video explainers of each libwebrtc release (=once a month) and its implications to developers. We got some great feedback on it, so we’re likely to keep it as part of our format.

There are now also 3 different plans to the WebRTC Insights:

  • Light – the biweekly insights email
  • Premium – Light + monthly brainstorming session
  • Exclusive – Premium + unlimited access to courses

Want to join us for the ride this coming year?

To learn more, check us out at WebRTC Insights

You can leave us a message there to get a sample copy of one of our latest insights issue

The post A year of WebRTC Insights appeared first on

Managed WebRTC TURN: The need for speed

Mon, 10/18/2021 - 12:30

What the announcements of Subspace and Cloudflare on their Managed WebRTC TURN services mean for the industry.

In the past couple of months we’ve seen two new entrants to the managed WebRTC TURN business. After stagnation for many years, this small market niche is becoming interesting. REALLY interesting.

Table of contents TURN and the WebRTC developer ecosystem

TURN servers are used in WebRTC in order to get your sessions connected if there’s no direct route available. I am not going to go into the technical part of it, but I’d say that without TURN servers, not all of your WebRTC sessions will get connected. You don’t need it for all sessions, but for some, you won’t be able to work without it. They are an essential component that has its own category in my WebRTC Developer Tools Landscape.

At the end of the day, TURN servers act as intermediaries by relaying the media between two points.

Roughly speaking, you have 3 alternatives in how you can get these set up:

  1. Self host. You can install and host your own TURN servers and manage them on your own. In most cases, this will be by using the open source coturn server
  2. Managed. You can use a third party that runs its own TURN servers, giving you access to their servers, paying for the service. Don’t search for free TURN servers – if they exist, then they aren’t worth the money you aren’t paying for them
  3. Everything and the kitchen sink. You could just go with a WebRTC CPaaS vendor. These will give you everything you need, including TURN servers and service. An all in one deal

In this article, I will be ignoring the “everything and the kitchen sink” approach. Not because it is bad, but because if you’re just interested in a managed WebRTC TURN, then you probably want to control a bit more of your destination (more on that later).

Challenges of using open source coturn in production

Let’s start with the self hosting approach. The leading choice today is to take coturn, a popular open source TURN server, and deploy it on your own. There are one or two other alternatives, but this is by far the most common one.

The challenge though stems from the fact that for TURN the majority of the issues aren’t around integration or development but rather in configuration and maintenance. As such, it falls into the laps of ops, but requires knowledge and understanding of WebRTC.

The main culprit? The fact that you don’t need TURN for each and every session – and that there are 3 different TURN transport protocols, offering a progressive fallback mechanism.

What does that mean?

You install and configure your TURN server. But how do you test that all went well? Just conducting a WebRTC session will not tell you that. If the session succeeded, is it because it didn’t need TURN or because it used your TURN server properly? And if it did use it properly, was that on all 3 different transport protocols?

Configuring TURN is a headache:

  • Testing TURN configuration it isn’t straightforward
  • Scaling TURN horizontally may seem simple, but it has its own set of challenges
  • Geolocating TURN servers properly is tough and tricky when you’re small
  • Securing your TURN servers from abuse isn’t hard, but another necessary task. So is monitoring it
  • And then there’s the hacking angle to it, as Slack found out in 2018
Managed WebRTC TURN – the early days

In the early days of WebRTC, developers had two main alternatives:

  1. DIY – building everything on their own, including the installation and configuration of their TURN servers
  2. CPaaS – “outsourcing” all of the WebRTC infrastructure components including their TURN servers to a third party vendor who specializes in it

You either knew what you were doing or didn’t want to know what you were doing.

The initial indication for managed WebRTC TURN service came from two vendors. It started with Xirsys and continued with Twilio.


Xirsys was the first vendor to offer a managed WebRTC TURN service commercially. It was limited to a data center or two when they started, but grew over time.

Today, the Xirsys Cloud service spans 7 regional data centers.


Twilio is the most widely known CPaaS vendor out there. It is playing the best of suite game, with its large and growing portfolio of services. One of these products is their Twilio Global Network Traversal Service, a half-hidden product that enables you to leverage their TURN servers for your application without using their other CPaaS and WebRTC products.

At the time of writing, Twilio runs its media over 9 different regions, all on AWS.

Why use a managed WebRTC TURN service?

I guess it is a matter of experience and expertise. Do you really want to deal with questions such as how do you decide which TURN server to connect a user to? How to deal with WebRTC TURN geolocation?

A managed WebRTC TURN service eventually targets the exact pain points and challenges that setting up your own TURN servers pose:

  • Someone else takes care of properly configuring the TURN servers (assuming they know what they are doing)
  • They take care of scaling this for you, so you don’t need to deal with increases in traffic, at least not on the TURN servers
  • You get someone else to decide on geolocation (and do it better than you can for the most part)
  • Inherently, managed WebRTC TURN services secure their service from abuse, so that’s also a given – oh – and they’ll provide you with a nice usage dashboard as well

The best thing about managed WebRTC TURN services?

There’s no vendor lock-in.

Switching from one managed WebRTC TURN service to another or to your own self installed servers is a breeze – just change the iceServers configuration on your peer connections in WebRTC and you’re done. Theoretically, that’s a single line of code change.

It is also why I suggest anyone who is building their own WebRTC application to start by using a managed WebRTC TURN service – they can always switch to their own, and the cost of switching next year will be the same as just building it today. And as the lazy person that I am, I will always postpone to tomorrow something that I don’t have to do today.

Managed WebRTC TURN – the post-pandemic version

Then came the pandemic, with its lockdowns, quarantine and the rise in use of WebRTC and any other remote communications technology.

The market stayed roughly the same for managed WebRTC TURN servers, or at least it did until 2021. What happened is that we now have 2 more vendors in this domain: Subspace and Cloudflare. And they are different: they are bigger in the physical footprint they have and they make use of Anycast – an IP addressing and routing scheme used to connect a large set of globally spread servers via a single IP address. This type of a solution also makes things a lot simpler to whitelist when needed.

Subspace GlobalTURN

Subspace offers better connectivity than the open internet. They do that by optimizing the routes your packets go through. What you do is send your packets through their network, which will then figure out the best route.

In 2021, they decided to expand what they are doing to WebRTC as well, offering their GlobalTURN service. With around 100 cities and an Anycast addressing scheme, they offer a global footprint.

For Subspace, this isn’t the first VoIP related product they offer, but it is the first WebRTC related one. Would they move towards hosting media servers as well? I think it is an unlikely path for them.

Cloudflare WebRTC Components

Cloudflare announced their own deployment of a managed WebRTC TURN service called WebRTC Components. Besides it being a TURN service, there’s not much to go by yet.

What we do know is that it relies on Cloudflare’s anycast network spanning 250+ cities.

For Cloudflare, this is the first WebRTC related offering, which was announced alongside a slew of other capabilities, targeted at cloud vendors (their R2 storage which directly competes with AWS S3 for example). There’s a good overview of the disruption path Cloudflare is taking. The WebRTC addition to it is an interesting choice.

Interestingly, I debated the potential of using Cloudflare’s Workers as a TURN service enabler when it was announced. Seems like they decided to build it on their own

Which managed WebRTC TURN service to use?

That should be the question you should ask yourself.

It isn’t about whether you should use a managed WebRTC TURN service or deploy your own – it should be which managed WebRTC TURN service to select. Why? Because this is super simple to adopt and replace with zero vendor lock-in.

Pricing is important, but also global footprint, latency and quality. Then there are things like actually doing its job – the percentage of successful connections you get with it.

It will be interesting to see if and how Xirsys and Twilio address the threat from the newcomers to this market niche. For Xirsys this should be more worrying than it is for Twilio, as that’s one of their core products, whereas for Twilio it is a small part of what they offer to their customers.

Who would have thought that in 2021 we will see competition and innovation coming to the managed WebRTC TURN service?

The post Managed WebRTC TURN: The need for speed appeared first on

Free WebRTC Video API in CPaaS. Is it worth it?

Mon, 09/13/2021 - 12:30

Are free minutes and accounts in WebRTC video API worth the trouble? I think not. Don’t choose your CPaaS vendor based on their “free” tier.

I am finalizing my 10th edition of Choosing a WebRTC API report these days. In the past year I’ve heard from a few vendors and developers questions about the free tiers in this space. So I took the time as part of this edition, to sit down and analyze the price plans of the various vendors in the market and create another article as part of the report (one that is available through the membership site for those who purchase the report).

In this article, I want to shine a light on one aspect of price plans in WebRTC APIs which is the free tier.

Let’s dive into things, shall we?

Table of contents Free tier is optional

14 out of 24 vendors I looked at practice per minute pricing. Sometimes, they have multiple price strategies, but per minute pricing is the most common – especially on the bigger more widely known vendors.

Out of the 14 vendors, 5 offer free tiers in one way or another. And 2 offer credits – Amazon Chime SDK and Microsoft Azure Communication Services – these two offer IaaS cloud credits to startups as general practice and their CPaaS/WebRTC offering wraps into these as well (I’ve written about cloud giant effect on the CPaaS market last year).

Not all WebRTC API vendors offer a free tier

Free tiers seem to be almost “random” in who offers them and who doesn’t

Free depends on the plan

Some vendors have free plans that depend on different things.

For Twilio, for example, free minutes come only with their Twilio Video WebRTC Go service, which… amounts to ~$10/month, and offers a limited peer-to-peer experience.

With some vendors, the free plan is actually a limited free evaluation for 1-4 months in timeframe.

That said, the most popular alternative seems to be free minutes on a paid plan. You give your credit card, and will only be charged if you pass a number of minutes on a given month. More on that – in the next section.

Free monthly minutes depend on the plan/feature set you choose/use

It might also be dependent on what you pay (did we say free plan?)

10,000 free WebRTC minutes

Most vendors that give free minutes, are giving 10,000 free minutes per month.

Some give less. A few give more. The highest is 30,000 minutes per month.

If your service offers group calls of 10 participants for 30 minutes each time on average, then a single group call will take 300 minutes. That means ~33 such calls a month are free. Or a bit over a call a day.

This isn’t much. Not even for a small vendor just starting out. To be clear – this isn’t to say that 10,000 free minutes isn’t nice. Just that it won’t get you far.

The number of free minutes offered may seem a lot, but calculated for a use case they aren’t that many

Many small vendors see upwards of a million video minutes a month, so this amount to 1% of less of their total monthly minutes. Negligible in the long run

WebRTC video free tier? Money Time

Minutes are nice, but how about money? How much money do you actually save with these free minutes?

I did the math. The numbers range between $30-$90 per month. Less than $1,000 per year.

If you are building a business and making your long term plans on the CPaaS vendor to use based on a potential discount of $1,000 a year then you’re doing it wrong.

Why aren’t CPaaS vendors offering higher free plans? Because they have costs they need to cover. Assuming a 10% cost over that price point, then 1,000 “free” accounts will cost them up to $100,000 a year to maintain. And that doesn’t include the support costs which are higher.

CPaaS vendors would like to have startups sample and use their service, but they also need to operate as a business and make money. Giving more minutes than they do today probably isn’t going to accomplish more paying customers – it will just bring in more free riders that will also leach on their soul and support resources.

Free WebRTC video CPaaS plans worth less than $100/month

When making your decision on choosing a vendor, ignore that plan in your own business plan

As a CPaaS vendor, decide if you want such a free tier and what type of customers it is going to attract

How do you choose a WebRTC CPaaS vendor?

The answer to this question is definitely NOT through their free tiers or minutes…

To some extent, the decision is made these days via pricing. It is why I’ve written in this round of my report to include a special article dedicated to pricing of WebRTC calls in CPaaS services. This includes the leading metrics these platforms use for their price plans as well as price ranges for each vendor. For this analysis, I’ve also added Zoom Video SDK as another reference point for pricing.

The report itself introduces a new CPaaS vendor and removes another vendor. It also sports a new features set structure, one that is geared towards the changes in requirements made due to the pandemic.

This report is used today by:

  • CPaaS vendors themselves, who wish to understand their competitive landscape
  • Enterprises and startups who need to pick and choose a CPaaS vendor to work with
  • Companies who wish to start a CPaaS business or compete through an adjacency type solution
  • Investment first looking to understand the market and… make an investment decision

This month, until the report gets officially published, there’s a $500 discount. You can use coupon code API2021LAUNCH when you purchase the report.

Learn more about my report

The post Free WebRTC Video API in CPaaS. Is it worth it? appeared first on

How to hire WebRTC developers for your job

Mon, 08/23/2021 - 11:59

Hiring WebRTC developers? Here are some things you need to know and consider, since finding WebRTC experts for a job is challenging.

You’re growing. Obviously. And you have this huge, important, strategic, one of a kind, critical project. And it requires WebRTC. Only thing missing is developers. Or should I say skilled WebRTC developers.

How do you go about finding, hiring and retaining WebRTC developers?

I wrote a short post on LinkedIn the other day about this:

Typical conversation on #WebRTC recruitment

You: “Do you know any developer who can help us with WebRTC?”

Me: “No. Those I know either have a day job they love are are freelancers not looking for work (and almost always fully booked)”

You: “If you learn of a developer available let me know“

Me [Thinking ]: “Join the club at the end of that waiting list…”

Finding developers that know WebRTC is really hard. Seriously.

There’s a lot more demand than supply in this one, and the market is tiny compared to other technologies you need to deal with.

If you’re looking for WebRTC developers you can either:

poach someone from another vendor who does WebRTC. Tricky and expensive

find someone with the inclination and train him on WebRTC

If you’re on that second track of training, I can help you.

This brought with it a request to write this in longform so Philipp Hancke will have a place to refer recruiters to…

yes. Tsahi, please write a blog post so I can have a canned response for recruiters

— Philipp Hancke (@HCornflower) August 5, 2021

Philipp – this one’s for you

Table of contents

Oh – and if you are interested in history, this isn’t a new topic here. I wrote about finding WebRTC developers years ago…

WebRTC developers: A supply problem

The chart above shows a crude comparison between WebRTC usage and LinkedIn profiles. While the pandemic has shown a huge increase in WebRTC usage (=demand) the change in LinkedIn profiles has been relatively moderate (=supply).

Here’s the two separate charts showing each data point independently:

LinkedIn profiles showing “WebRTC” in them grew steadily from ~17,000 to 25,000 profiles (47% growth in total) whereas growth in WebRTC usage (calculated as calls to GetUserMedia in page loads) grew 0.05 to 0.22 (340% growth in total), peaking at almost 0.6 with the pandemic (that’s %1,100 growth).

We’ve got a supply problem with WebRTC. There’s a shortage of developers, architects, product managers, testers and support who are savvy enough with WebRTC. They are all hard to come by, and it is harder still to know what they really know about WebRTC – installing your own Jitsi server and playing with it is different than running it at scale or developing your own SFU media server from scratch.

With this in mind, you can safely assume that one of the most popular topics raised when people talk to me about WebRTC is hiring WebRTC developers – or more accurately, if I can recommend anyone specific.

The challenging skillsets of WebRTC

Why is it that it is hard to find WebRTC developers?

I think it starts from the diagram below:

WebRTC is multidisciplinary by its nature. It is located right between web and VoIP technologies:

This means a developer who needs to handle WebRTC needs to have a good grasp of more than a single field of software development. And this isn’t easy to come by.

There’s one more reason though, and that’s the fact that WebRTC means different things to different people, and isn’t really focused on a single set of skills. Look at the short set of questions I’ve asked years ago about how much WebRTC  developers are worth. The answers are mostly around “it depends”, where it depends on what tasks or job description that developer is filling up.

Here are the main areas today that you may need to find different profiles of WebRTC developers:

  • Frontend
  • Backend
  • Mobile
  • Telephony

In each domain, the skillset is slightly different and you will be hard pressed to find a superhero developer that meets all your requirements in all areas.

Hiring WebRTC talent

WebRTC hiring is challenging. If you are looking for talented engineers who know a thing or two about WebRTC, then you are in for a world of pain. Finding them isn’t easy and hiring them is even harder.

Here are the different techniques I’ve seen vendors take when trying to find and hire WebRTC engineers.

WebRTC head-hunting and poaching

You can go head hunting for WebRTC talent. Bear in mind 3 things though:

  1. There aren’t a lot of WebRTC developers out there
  2. Most of them are in cushy jobs not looking to change places
  3. Many of them don’t even go on the open market when they need to look for their next gig. They go through “friends and family”, and since the market has so much pent up demand, this is usually where they will land

There are two approaches here. Let’s call them bottom up and top down.

Bottom up – you find the individual developers that fit the profile you are looking for, and then you reach out to them to see if they are bored enough to consider moving elsewhere

Top down – target a vendor in this space who you think peaked or someone who got acquired or just someone you think a bit vulnerable and attractive as an employer, and then figure out who are the developers there worth approaching to poach

Neither approach is easy. They are time consuming, frustrating and long.

Job boards and job listings

You could use traditional job boards and job listing sites, place the job opening on your website, etc. What you’ll most probably get is going to be generalists with little domain knowledge and expertise in WebRTC. This means most applicants won’t have the WebRTC experience you seek.

The only other option here is to do an ad placement on WebRTC Weekly and/or webrtcHacks – many of the sponsors there use it for job listings, and you can try as well. The main advantage here is that the readership is quite relevant – developers working with WebRTC.

* Note that I operate WebRTC Weekly and affiliated with webrtcHacks

Hire from an adjacency

This is something I suggest to many of my clients. Hire from an adjacency:

  • Video streaming industry
  • VoIP or traditional video conferencing
  • Telephony
  • Software networking

My favorite is probably finding companies that vanished, for example Polycom Israel. They had a large engineering team in Israel experienced in video conferencing. You can try to find developers who worked there 5-10 years ago and… moved on – often to other domains. And try to get them back. They won’t be experts in WebRTC, but they’ll know a lot about how to handle real time video. And that’s better than nothing.

The same is applicable elsewhere in the world and in other adjacencies.

When hiring from an adjacency though, you will need to be certain the candidate in question isn’t “in love” in how things are done today and have the willingness and the openness to learn and grow. WebRTC brings with it new paradigms and challenges and developers who have partial experience and knowledge from an adjacency need to be open to learn new concepts.

Nurture and grow in-house WebRTC expertise

When all else fails, you’ll need to grow someone in-house or train a new hire that is clueless about WebRTC to become that expert. Not an easy task, but certainly achievable.

WebRTC requires a certain inclination. There’s a need to wrap your head around asynchronous events and programming (lots of await and callbacks). There’s a need to understand codecs and lossy compression mechanisms (at least at the conceptual level). There’s perpetual optimization and fine tuning work that goes with it. Not everyone likes to work in such environments (I thrive in them).

Once you find that person, you will need to train him. Something that again can happen in one of 3 ways:

  1. Throw him into the water. He probably knows how to Google and find his way on the Internet. He will either sink or swim. I believe this involves too much time, risk and wasted effort
  2. Have someone train him. If you have WebRTC developers already, then adding a new one and training him can be done in-house. But that will take time from your developers in creation of materials, training and frustration – they might not even be good at training while being great developers
  3. Put him on a WebRTC training course. There are a few of these out there, so might as well have him enroll in one (or a few of them). I know for a fact that there is a good WebRTC training for developers out there probably because I author and maintain it…
More than just WebRTC developers

I have only discussed developers so far, but the product life-cycle of WebRTC products involves more than just the engineers who need to understand WebRTC. There are a few more roles to think about:

  • System Architects – they need to understand how different design decisions affect the end results, where the limits are, what architecture alternatives they have, etc.
  • Product Managers – need to speak the language. Especially should be aware of what is or isn’t feasible with WebRTC. They need to understand the time and cost implications of the decisions they make
  • Testers – if you’re going to test something that makes use of WebRTC, you better know what WebRTC is and what it is capable of…
  • Support and Sales – people are going to ask technical questions. Be it because they got into a pickle and can’t connect or have bad quality. Or because they are buying and want to understand what’s in there

All of these roles need a solid understanding of WebRTC if it is part of the things you are offering in your company.

Can I help?


There are several things that I actively do here:

  • Online training courses for developers (and other roles)
  • Assistance in writing job listings
  • Publish your job listings on WebRTC Weekly and/or webrtcHacks
  • Screen candidates based on CVs
  • Conduct technical job interviews to your potential candidates
  • Offer coaching to the WebRTC experts you’re grooming

If you’re interested in learning more, feel free to contact me.

Oh – and don’t ask me if I know someone suitable. You’re likely not the first to ask me that this week.

The post How to hire WebRTC developers for your job appeared first on

Tweaking WebRTC video quality: unpacking bitrate, resolution and frame rates

Mon, 08/02/2021 - 12:30

WebRTC video quality requires some tweaking to get done properly. Lets see what levels we have in the form of bitrate, resolution and frame rate available to us.

Real time video is tough. WebRTC might make things a bit easier, but there are things you still need to take care of. Especially if what you’re aiming for is to squeeze every possible ounce of WebRTC video quality for your application to improve the user’s experience.

This time, I want to cover what levers we have at our disposal that affect video quality – and how to use them properly.

Table of contents What affects video quality in WebRTC?

Video plays a big role in communication these days. A video call/session/meeting is going to heavily rely on the video quality. Obviously…

But what is it then that affects the video quality? Lets try and group them into 3 main buckets: out of our control, service related and device related. This will enable us to focus on what we can control and where we should put our effort.

Out of our control From my workshop on WebRTC innovation and differentiation

There are things that are out of our control. We have the ability to affect them, but only a bit and only up to a point. To look at the extreme, if the user is sitting in Antarctica, inside an elevator, in the basement level somewhere, with no Internet connection and no cellular reception – in all likelihood, even if he complains that calls aren’t get connected – there’s nothing anyone will be able to do about it besides suggesting he moves himself closer to the Wifi access point.

The main two things we can’t really control? Bandwidth and the transport protocol that will be used.

We can’t control the user’s device and its capabilities either, but most of the time, people tend to understand this.


Bandwidth is how much data can we send or receive over the network. The higher this value is, the better.

The thing is, we have little to no control over it:

  • The user might be far from his access point
  • He may have poor reception
  • Or a faulty cable
  • There might be others using the same access point and flooding it with their own data
  • Someone could have configured the firewall to throttle traffic

None of this is in our control.

And while we can do minor things to improve this, such as positioning our servers as close as possible to the users, there’s not much else.

Our role with bandwidth is to as accurately as possible estimate it. WebRTC has mechanisms for bandwidth estimation. Why is this important? If we know how much bandwidth is available to us, we can try to make better use of it –

Over-estimating bandwidth means we might end up sending more than the network can handle, which in turn is going to cause congestion (=bad)

Under-estimating bandwidth means we will be sending out less data than we could have, which will end up reducing the media quality we could have provided to the users (=bad)

Transport protocol

I’ve already voiced my opinion about using TCP for WebRTC media and why this isn’t a good idea.

The thing is, you don’t really control what gets selected. For the most part, this is how the distribution of your sessions is going to look like:

From my Advanced WebRTC Architecture Course
  • Most calls probably won’t need any TURN relay
  • Most calls that need TURN relay, will do so over UDP
  • The rest will likely do it over TCP
  • And there’ll be those sessions that must have TLS

Why is that? Just because networks are configured differently. And you have no control over it.

You can and should make sure the chart looks somewhat like this one. 90% of the sessions done over TURN/TCP should definitely raise a few red flags for you.

But once you reach a distribution similar to the above, or once you know how to explain what you’re seeing when it comes to the distribution of sessions, then there’s not much else for you to optimize.

Service related

Service related are things that are within our control and are handled in our infrastructure usually.This is where differentiation based on how we decided to architect and deploy our backend will come into play.


While bandwidth isn’t something we can control, bitrate is. Where bandwidth is the upper limit of what the network can send or receive, bitrate is what we actually send and receive over the network.

We can’t send more than what the bandwidth allows, and we might not always want to send the maximum bitrate that we can either.

Our role here is to pick the bitrate that is most suitable for our needs. What does that mean to me?

  1. Estimate the bandwidth available as accurately as possible
  2. This estimate is the maximum bitrate we can use
  3. Make use of as much of that bitrate as possible, as long as that gives us a quality advantage

It is important to remember to understand that increasing bitrate doesn’t always increase quality. It can cause detrimental decreases in quality as well.

Here are a few examples:

  • If the camera source we have is of VGA resolution (640×480), then there’s no need to send 2mbps over the network. 800kbps would suffice – more than that and we probably won’t see any difference in quality anyways
  • The network might be able to carry 10mbps in the downlink, but receiving 10mbps in aggregate of incoming video data from 5 participants (2mbps each) will likely tax our CPU to the point of rendering it useless. In turn, this will actually cause frame drops and poor media quality
  • Sending full HD video (1920×1080) and displaying it in a small frame on the screen because the content being shared in parallel is more important is wasteful. We are eating up precious network resources, decoder CPU and scaling down the image

There are a lot of other such cases as well.

So what do we do? I know, I am repeating myself, but this is critical –

  1. Estimate bandwidth available
  2. Decide our target bitrate to be lower or equal to the estimate

Codecs affect media quality.

For voice, G.711 is bad, Opus is great. Lyra and Satin look promising as future alternatives/evolution.

With video, this is a lot more nuanced. You have a selection of VP8, VP9, H.264, HEVC and AV1.

Here are a few things to consider when selecting a video codec for your WebRTC application:

  • VP8 and H.264 both work well and are widely known and used
  • VP9 and HEVC give better quality than VP8 and H.264 on the same bitrate. All other things considered equal, and they never are
  • AV1 gives better performance than all the other video codecs. But it is new and not widely supported or understood
  • H.264 has more hardware acceleration available to it, but VP8 has temporal scalability which is useful
  • Hardware acceleration is somewhat overrated at times. It might even cause headaches (with bugs on specific processors), but it is worth aiming for if there’s a real need
  • For group sessions you’d want to use simulcast or SVC. These aren’t available with H.264 and probably not with HEVC either
  • HEVC will leave you in an Apple only world
  • VP9 isn’t widely used and the implementation of SVC that it has is still rather proprietary, so you’ll have some reverse engineering to do here
  • AV1 is new as hell. And it eats lots of CPU. It has its place, but then again, this is going to be an adventure (at least in the coming year or two)

Choosing a video codec for your service isn’t a simple task. If you don’t know what you’re doing, just stick with VP8 or H.264. Experimenting with codecs is a great time waster unless you know your way with them.

Latency How you design your WebRTC infrastructure will affect the latency

While we don’t control where users are – we definitely control where our servers are located. Which means that we can place the servers closer to the users, which in turn can reduce the latency (among other things).

Here are some things to consider here:

  • TURN servers should be placed as close as possible to users
  • In large group calls, we must have media servers
    • If we use a single server per meeting, then all users must connect directly to it
    • But if we distribute the media servers used for a single meeting, then we can connect users to media servers closer to where they are
  • The faster we get the user’s data off the public network, the more control we have over the routing of the packets between our own servers
  • The “shorter” the route from he user to our server is, the better the quality will be
    • Shorter might not be a geographic distance
    • We factor in bandwidth, packet loss, jitter and latency as the metrics we measure to decide on “shortest”

Measure the latency of your sessions (through rtt). Try to reduce it for your users as much as possible. And assume this is an ongoing never-ending process

Here’s a session from Kranky Geek discussing latencies and media servers:

Looking at scale and servers

There’s a lot to be said about the infrastructure side in WebRTC. I tried to place these insights in an ebook that is relevant today more than ever – Best practices in scaling WebRTC deployments

Device related

You don’t get to choose the device your users are going to use to join their meetings. But you do control how your application is going to behave on these devices.

There are several things to keep in mind here that are going to improve the media quality for your users if done right on their device.

Available CPU

This should be your top priority. To understand how much CPU is being used on the user’s device and deciding when you’ve gone too far.

What happens when the device is “out of CPU”?

  • The CPU will heat up. The fan will start to work busily and noisily on a PC. A mobile device would heat up. It will also start to have shorter battery life while at it. Interestingly, this is your smallest of worries here
  • WebRTC won’t be able to encode or decode media frames, so it will start to skip them
  • On the encoder side, this will mean a lower frame rate. Regrettable, but ok
  • The decoder is where things will start to get messy:
    • The decoder will drop frames and not try to decode them
    • Since video frames are dependent on one another, this will mean the decoder won’t be able to continue to do what it does
    • It will need a new I-frame and will ask for it
    • That will lead to video freezes, rendering video useless

So what did we have here?

You end up with poor video quality and video freezes

The network gets more congested due to frequent requests for I-frames

Your device heats up and battery life suffers

Your role here is to monitor and make sure CPU use isn’t too high, and if it is, reduce it. Your best tool for reducing CPU use is by reducing the bitrates you’re either sending and/or receiving.

Sadly, monitoring the CPU directly is impossible in the browser itself and you’ll need to find out other means of figuring out the state of the CPU.

Content type

With video, content and placement matter.

Let’s say you have 1,000kbps of “budget” to spend. That’s because the bandwidth estimator gives you that amount and you know/assume the CPU of both the sender and receiver(s) can handle that bitrate.

How do you spend that budget?

  • You need to figure out the resolution you want to send. The higher the resolution the “better” the image will look
  • How about increasing frame rate? Higher frame rate will give you smoother motion
  • Or maybe just invest more bits on whatever it is you’re sending

WebRTC makes its own decisions. These are based on the bitrate available. It will automatically decide to increase or reduce resolution and frame rate to accommodate for what it feels is the best quality. You can even pass hints on your content type – do you value motion over sharpness or vice versa.

There are things that WebRTC doesn’t know on its own through:

  • It knows what resolution you captured your content with (so it won’t try to send it at a higher resolution than that)
  • But it has no clue what the viewers’ screen or window resolution is
  • So it might send more than is needed, causing CPU and network losses on both ends of the session
  • It isn’t aware if the content sent is important or less important, which can affect the decisions of how much to invest in bitrate to begin with
  • Oh – and it makes its decisions on the device. If you have a media server that processes media, then all that goodness needs to happen in your media server and its own logic

It is going to be your job to figure out these things and place/remove certain restrictions of what you want from your video.

Optimizing large group calls

The bigger the meeting the more challenging and optimized your code will need to be in order to support it. WebRTC gives you a lot of powerful tools to scale a meeting, but it leaves a lot to you to figure out. This ebook will reveal these tools to you and enable you to increase your meeting sizes – Optimizing Group Video Calling in WebRTC

The 3-legged stool of WebRTC video quality

Video quality in WebRTC is like a 3-legged stool. With all things considered equal, you can tweak the bitrate, frame rate and resolution. At least that’s what you have at your disposal dynamically in real-time when you are in the middle of a session and need to make a decision.

Bitrate can be seen as the most important leg of the stool (more on that below).

The other two, frame rate and resolution are quite dependent on one another. A change in one will immediately force a change in the other if we wish to keep the image quality. Increasing or decreasing the bitrate can cause a change in both frame rate and resolution.

Follow the bitrate

I see a lot of developers start tweaking frame rates or resolutions. While this is admirable and even reasonable at times, it is the wrong starting point.

What you should be doing is follow the bitrate in WebRTC. Start by figuring out and truly understanding how much bitrate you have in your budget. Then decide how to allocate that bitrate based on your constraints:

  • Don’t expect full HD quality for example if what you have is a budget of 300kbps in your bitrate – it isn’t doable
  • If you have 800kbps you’ll need to decide where to invest them – in resolution or in frame rate

Always start with bitrate.

Then figure out the constraints you have on resolution and frame rate based on CPU, devices, screen resolution, content type, … and in general on the context of your session.

 The rest (resolution and frame rate) should follow.

And in most cases, it will be preferable to “hint” WebRTC on the type of content you have and let WebRTC figure out what it should be doing. It is rather good at that, otherwise, what would be the point of using it in the first place?

Making a choice between resolution and frame rate

Once we have the bitrate nailed down – should you go for a higher resolution or a higher frame rate?

Here are a few guidelines for you to use:

  • If your content is a slide deck or similar static content, you should aim for higher resolution at lower frame rate. If possible, go for VBR instead of the default CBR in WebRTC
  • Assuming you’re in the talking-heads domain, a higher frame rate is the better selection. 30fps is what we’re aiming for, but if the bitrate is low, you will need to lower that as well. It is quite common to see services running at 15fps and still happy with the results
  • Sharing generic video content from YouTube or similar? Assume frame rate is more important than resolution
  • Showing 9 or more participants on the screen? Feel free to lower the frame rate to 15fps (or less). Also make sure you’re not receiving video at resolutions that are higher than what you’re displaying
  • Interested in the sharpness of what is being shared? Aim for resolution and sacrifice on frame rate
Time to learn WebRTC

I’ve had my fair share of discussions lately with vendors who were working with WebRTC but didn’t have enough of an understanding of WebRTC. Often the results aren’t satisfactory, falling short with what is considered good media quality these days. All because of wrong assumptions or bad optimizations that backfired.

If you are planning to use WebRTC or even using WebRTC, then you should get to know it better. Understand how it works and make sure you’re using it properly. You can achieve that by enrolling in my WebRTC training courses for developers.

Learn more about my WebRTC training

The post Tweaking WebRTC video quality: unpacking bitrate, resolution and frame rates appeared first on

Why you should prefer UDP over TCP for your WebRTC sessions

Tue, 07/06/2021 - 12:30

When using WebRTC you should always strive to send media over UDP instead of TCP. at least if you care about media quality

Every once in a while I bump into a person (or a company) that for some unknown reason made a decision to use TCP for its WebRTC sessions. By that I mean prioritizing TURN/TCP or ICE-TCP connections over everything else – many times even barring or ignoring the existence of UDP. The ensuing conversation is usually long and arduous – and not always productive I am afraid.

So I decided to write this article, to explain why for the most part, WebRTC over UDP is far superior to WebRTC over TCP.

Table of contents UDP and TCP

Since the dawn of time the internet, we had UDP and TCP as the underlying transport protocols that carry data across the network. While there are other transports, these are by far the most common ones.

And they are different from one another in every way.

UDP is the minimal must that a transport protocol can offer (you can get lower than that, but what would be the point?).

With UDP you get the ability to send data packets from one point to another over the network. There are no guarantees whatsoever:

  • Your data packets might get “lost” along the way
  • They might get reordered
  • Or duplicated

No guarantees. Did I mention that part?

With TCP you get the ability to send a stream of data from one point to another over a “connection”. And it comes with everything:

  • Guaranteed delivery of the data
  • The data is received in the exact order that it is sent
  • No duplication or other such crap

That guaranteed delivery requires the concept of retransmissions – what gets lost along the way needs to be retransmitted. More on that fact later on.

We end up with two extremes of the same continuum. But we need to choose one or the other.

TCP rules the web

Reading this page? You’re doin’ that over HTTPS.

HTTPS runs over a TLS connection (I know, there’s HTTP/3 but bear with me here).

And TLS is just TCP with security.

And if you are using a WebSocket instead, then that’s also TCP (or TLS if it is a secure WebSocket).

No escaping that fact, at least not until HTTP/3 becomes common place (which is slightly different than running on top of TCP, but that’s for another article).

Up until WebRTC came to our lives, everything you did inside a web browser was based on TCP in one way or another.

UDP rules VoIP

VoIP or Voice over IP or Video over IP or Real Time Communications (RTC) or… well… WebRTC – that takes place over UDP.

Why? Because this whole thing around guaranteed delivery isn’t good for the health of something that needs to be real time.

Let’s assume a latency of 50 milliseconds in each direction over the network, which is rather good. This translates to a round trip time of 100 milliseconds.

If a packet is lost, then it will take us at least a 100 milliseconds until the one who sent that packet will know about that – anything lower than that won’t allow the receiver to complain. Usually, it will take a bit more than 100 milliseconds.

For VoIP, we are looking to lower the latency. Otherwise, the call will sound unnatural – people will overtalk each other (happens from time to time in long distance calls for example). Which means we can’t really wait for these retransmissions to take place.

Which is why VoIP, in general, and WebRTC in particular, chose to use UDP to send its media streams. The concept here is that waiting will cause a delay for the whole duration of the session reducing the experience altogether, while the need to deal with lost packets, trying to conceal that fact would cause minor issues for the most part.

With WebRTC, you want and PREFER to use UDP for media traffic over TCP or TLS.

WebRTC ICE: Preferences and best effort

We don’t always get what we want. Which is why sometimes our sessions won’t open with WebRTC over UDP. Not because we don’t want them to. But because they can’t. Something is blocking that alternative from us.

That something is called a firewall. One with nasty rules that… well… don’t allow UDP traffic. The reasons for that are varied:

  • The smart IT person 30 years ago decided that UDP is bad and not used over the internet, so better to just block it
  • Another IT person didn’t like people at work bittorrenting the latest shows on the corporate network, so he blocked UDP traffic of the encrypted kind (which is essentially how WebRTC media traffic looks like)

This means that you’ll be needing TCP or TLS to be able to connect your users on that WebRTC session.

But – and that’s a big BUT. You don’t always want to use TCP or TLS. Just when it is necessary. Which brings us to ICE.

ICE is a procedure that enables WebRTC to negotiate the best way to connect a session by conducting connectivity checks.

In broad strokes, we will be using this type of logic (or strive to do so):

The diagram above shows the type of preferences we’d have while negotiating a session with ICE.

  • We’d love to use direct UDP
  • If impossible then relay via a TURN/UDP server would be just fine
  • Then direct TCP connection would be nice
  • Otherwise relay via a TURN/TCP or a TURN/TLS server

UDP comes first.

When is TCP (or TLS) good for WebRTC media?

The one and only reason to use TCP or TLS as your transport for WebRTC media is because UDP isn’t available.

There. Is. No. Other. Reason. Whatsoever.

And yes. It deserved a whole section of its own here so you don’t miss it.

TCP for me is a last resort for WebRTC. When all else fails

When will TCP break as a media transport for WebRTC?

The moment you’ll have packet loss on the network, TCP will break. By breaking I don’t mean the connection will be lost, but the media quality you’ll experience will degrade a lot farther than what it would with UDP.

Packet loss due to congestion is going to be the worst. Why? Because it occurs due to a switch or router along the route of your data getting clogged and starting to throw packets it needs to handle.

Here are all the things that will go wrong at such a point:

  • TCP will retransmit packets – since they weren’t acknowledged and are deemed lost
  • Retransmitting them will take time. Time we don’t have
    • For a video stream, in all likelihood, the packet loss will be translated to a request to a new I-frame
    • So the sender will then generate a new I-frame, which is bigger than other frames
    • This in turn will cause more data to be sent over the network
    • And since the network is already congested… this will just worsen the situation
  • Here’s the “nice” thing though. TCP is retransmitting the lost data
    • So we now have data we don’t need being sent through the network
    • Which is congested already. Causing more congestion. For things we’re not going to use anyways
    • It is actually hurting our ability to send out that I-frame the receiver is trying to ask for
  • We’re also running on top of TCP, so there’s no easy way for us to know that things are being lost and retransmitted since TCP is hiding all that important data
    • So the moment we know about packet loss in WebRTC is way too later
    • No ability to use logic like intra packets delay (that’s smart-talk for saying figuring out potential near-future congestion, which also feels like smart-talk)
    • And no way to employ algorithms to correct congestion and packet loss scenarios quickly enough

Bottom line – TCP causes packet loss issues to worsen the situation a lot further than they are, with a lot less leeway on how to solve them than we have running on top of UDP.

The assumptions TCP makes over the data being sent are all wrong for real time communications requirements that we have in protocols like WebRTC

Time to learn WebRTC

I’ve had my fair share of discussions lately with vendors who were working with WebRTC but didn’t have enough of an understanding of WebRTC. Often that ends up badly – with solutions that don’t work at all or seem to work until they hit the realities of real networks, real users and real devices.

I just completed a massive update to my Advanced WebRTC Architecture training course for developers. In this round, I also introduced a new lesson about bandwidth estimation in WebRTC.

Next week, we will start another round of office hours as part of the course, letting those taking this WebRTC training ask questions openly as well as join live lessons on top of all the recorded and written materials found in the course.

If you are planning to use WebRTC or even using WebRTC, there isn’t going to be any better timing to join than this week.

Learn more about my WebRTC training

The post Why you should prefer UDP over TCP for your WebRTC sessions appeared first on


Using the greatness of Parallax

Phosfluorescently utilize future-proof scenarios whereas timely leadership skills. Seamlessly administrate maintainable quality vectors whereas proactive mindshare.

Dramatically plagiarize visionary internal or "organic" sources via process-centric. Compellingly exploit worldwide communities for high standards in growth strategies.

Get free trial

Wow, this most certainly is a great a theme.

John Smith
Company name

Startup Growth Lite is a free theme, contributed to the Drupal Community by More than Themes.