Using SIP to defeat the NSA

I've been fiddling with SIP. It turns out there are a number of companies that will allow you to create an internet only account for free, with I presume the notion that you will eventually buy their service. You can just do an internet search on "free sip account" and they will turn up.

Now you can proxy your sip, though I'm not sure how much that does to protect your identity since you still have a SIP address or phone number.

formatting link

The Guardian has some info on GSM security:

formatting link

It seems to me the cellular provider can eventually start to add jitter to the data service to stop people from using sip over their phones.

Here are some test numbers:

formatting link

If you want to experiment with SIP, I'd suggest doing it from a PC first since those apps are more mature. Twinkle is a good app on Linux. It even handles multiple calls.

The sip cell phone apps give you the option of using wifi or the cellular network.

Reply to
Loading thread data ...

Yep. All they do is add your machine to their directory lookup database. For example, dialing will cause the server to lookup where to find the fake phone number and return its ip address and SIP phone port number. You provide those numbers dynamically when you login to their system with a login and password. Not exactly wonderful security, since all one needs to know is your account number and who services the account.

Exactly. Hiding the SIP phone number and provider is like having an unlisted phone number. Eventually, it leaks out.

As I previously mentioned, this is yet another cell phone encryption system that uses the IP channel, and not the voice channel.

Add jitter? There's plenty there already. Most jitter and packet loss can be handled with a SIP jitter buffer. Try testing the VoIP jitter over a cell phone IP data channel: Java required.

Reply to
Jeff Liebermann

I think technically that would be JVM required, which isn't going to happen on any phone I own.

If I put the phone in hotspot mode and use wifi to connect to a linux notebook, is the jitter test still valid? Otherwise I could tether to a windows notebook, but would have to install the JVM.

Basically I try to keep the browser from using the JVM if I can, for obvious reasons. Apparently the JVM by itself isn't much of a security risk, but letting your browser use it is a problem.

There is SIP over TLS, That should be secure. I'm not sure how easy that is to do mobile.

Reply to
miso Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.