Using SIP to defeat the NSA

Discussion in 'Wireless Internet' started by miso, Sep 17, 2013.

  1. miso

    miso Guest

    I've been fiddling with SIP. It turns out there are a number of
    companies that will allow you to create an internet only account for
    free, with I presume the notion that you will eventually buy their
    service. You can just do an internet search on "free sip account" and
    they will turn up.

    Now you can proxy your sip, though I'm not sure how much that does to
    protect your identity since you still have a SIP address or phone number. The Guardian has some info on GSM security: It seems to me the cellular provider can eventually start to add jitter
    to the data service to stop people from using sip over their phones.

    Here are some test numbers: If you want to experiment with SIP, I'd suggest doing it from a PC first
    since those apps are more mature. Twinkle is a good app on Linux. It
    even handles multiple calls.

    The sip cell phone apps give you the option of using wifi or the
    cellular network.
     
    miso, Sep 17, 2013
    #1
    1. Advertisements

  2. Yep. All they do is add your machine to their directory lookup
    database. For example, dialing
    will cause the example.com server to lookup where to find the fake
    phone number and return its ip address and SIP phone port number. You
    provide those numbers dynamically when you login to their system with
    a login and password. Not exactly wonderful security, since all one
    needs to know is your account number and who services the account.
    Exactly. Hiding the SIP phone number and provider is like having an
    unlisted phone number. Eventually, it leaks out.
    As I previously mentioned, this is yet another cell phone encryption
    system that uses the IP channel, and not the voice channel.
    Add jitter? There's plenty there already. Most jitter and packet
    loss can be handled with a SIP jitter buffer. Try testing the VoIP
    jitter over a cell phone IP data channel:
    <http://www.myconnectionserver.com/voip.html>
    Java required.
     
    Jeff Liebermann, Sep 17, 2013
    #2
    1. Advertisements

  3. miso

    miso Guest

    I think technically that would be JVM required, which isn't going to
    happen on any phone I own.

    If I put the phone in hotspot mode and use wifi to connect to a linux
    notebook, is the jitter test still valid? Otherwise I could tether to a
    windows notebook, but would have to install the JVM.

    Basically I try to keep the browser from using the JVM if I can, for
    obvious reasons. Apparently the JVM by itself isn't much of a security
    risk, but letting your browser use it is a problem.

    There is SIP over TLS, That should be secure. I'm not sure how easy that
    is to do mobile.
     
    miso, Sep 17, 2013
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.