Re: [Gnucomm-privacy] The saga of private VoIP

[charles]

>
>
>
> Friends, I need some help. There are three pieces of problem on which I've
> spent way too much time in the last months without finding appropriate
> solutions. I decide to speak up, because it has been somewhat
> frustrating.
>

I'm glad to see this message. Secure/free (as in freedom) communications
is vital.


>
>
> I am aware that GNU Free Call is being developed, but until it's ready we
> need working solutions. I'm very interested in what you have been using -
> what is your current workaround?

What is the status of GNU Free Call these days?

>
>
> THE PROBLEMS
>
>
> 1) The first is the best way to set up PRIVATE VOIP COMMUNICATION BETWEEN
> TWO LINUX MACHINES.
>
>
> - The two parties are smart enough and willing to spend time configuring
> if
> necessary, although neither party understands the technicalities behind
> networking protocols beyond the very basic, so the config should be 'run
> this and you are done and safe'.

Would you see this being implemented as some sort of script/configuration
management recipe (chef/puppet)? Or even better, a debian package with
basic /required questions being asked as part of setup?


>
>
> - The contents are encrypted and decrypted in each person's machine, so no
> need to trust the service provider.
>
>
> - Ideally there isn't even a provider at all, not even registrars, to
> avoid
> having communication metadata being unnecessarily stored in some server,
> somewhere.
>

Sure. ipv6 will make this much easier, as it will reduce/eliminate NAT.

<snip>

Nice summary of target use cases and threat model.

>
>
> WHAT I TRIED
>
>
> Let me share what I've tried, where I got stuck and what troubles me.
>
>
> a) I've tried many of the SIP Linux clients, and none was satisfactory for
> one reason or another.

I think we have all been there. :)


>
>
> - Ekiga works but doesn't have encryption, SFLphone I really can't make it
> call at all. Twinkle I found buggy and it does work but disconnects on its
> own too quickly, plus it hasn't been updated in a while. Linphone didn't
> work, don't remember why, and if I recall correctly doesn't have ZRTP
> encryption. Qutecom I can't make it work either, and I can't make my calls
> complete with Jitsi. On top of that, only Jitsi has both encryption and a
> Windows version and could thus be used as a solution to #2 above.


So what is your favorite/working SIP client without encryption? Twinkle
has been best for me in that regard.

I found

http://www.gnutelephony.org/index.php/Secure_Call

I'm not exactly sure, but it appears that Twinkle may support ZRTP?


>
>
> b) I've tried in different machines, and I'm convinced it's not some
> system
> problem. Nor is some inability of mine to configure it correctly - I am
> not
> that rookie, and I can navigate menus, so if it's a configuration problem
> it's way too technical, opaque and not obvious. I won't get into much
> detail here, but lest someone answers 'I use SFLphone and it works fine',
> I
> have to say: I really tried configuring and troubleshooting all of those
> without success, and found them unstable and unreliable.

Twinkle has been best for me all around.

>
>
> c) My general impression when using any of those is: does it really have
> to
> be that difficult? Can't I just log in, add an account, add an user, ring,
> and talk? Skype is closed source and not free, but we must admit it: they
> do an excellent job of being simple and quick to use.


Right.

>
>
> d) Even if you encrypt calls, metadata can be stored in registrars's
> servers. Is that a problem? I started to think that it is, but then again
> our regular phone companies also log communication metadata and certainly
> can eavesdrop our calls. So maybe you should either be concerned about
> phone companies or not concerned about registrars, is that correct?


Or just run everything over a VPN and encrypt everything that way. Defense
in depth (application and network level), seems to be the way to go.


>
>
> e) In any case, are there SIP registrars that are preferable for one
> reason
> or another? Such as: they don't log anything at all, or they better secure
> passwords, or anything like that.


Are you familiar with OSTEL?

http://guardianproject.info/wiki/Ostel
https://ostel.me/

They may meet your requirements on the registrar side.

>
>
> f) Can I connect with someone else's computer without any of us using
> registrars, and if yes, how, and is that desirable or preferable? I have
> heard about using SSH/VPN tunneling to do this, but the source was either
> not detailed enough or the setup process seemed way too technical,
> advanced
> and prone to endless troubleshooting. I'm not familiar with such
> techniques, although I am willing to learn if it pays off and there is no
> better alternative.

DNS SRV records would seem to be the way to go. So it's just address@hidden .
Obviously this would need a more open ended/API driven DNS
infrastructure/update system to have a pretty wizard interface to set it
up.


>
>
> g) When it comes to VoIP calls to regular phones there is a need to use
> VoIP providers, since it's paid. They all look quite the same to me, and
> have this 'weird commercial vibe', if you know what I mean. How can I know
> which of those companies I can trust? Is there a need to trust at all, or
> is there some design that makes trust unnecessary? And in any case, are
> there options better than the others in terms of quality of service and
> respect for privacy? Are there any of such companies with a 'free software
> vibe'?


Not that I'm aware of.

>
>
> I appreciate if you guys can share with everybody any answers to those
> questions, excellent step-by-step tutorials, tips, software, automated
> scripts and useful, friendly insights. I believe I am not the only one
> stuck at this same stage.
>

I've provided what info I can. Hopefully others will provide more.

The Free Network Foundation is very interested in the secure Video/Voice
IP space, and is watching it closely. (I'm CTO/co founder of FNF). More
info at http://www.freenetworkfoundation.org and
www.freenetworkmovement.org . Feel free to update

http://www.freenetworkmovement.org/commons/index.php?title=FreedomVoip

with info that you find.