[liberationtech] AES-encyrpted telephony in Iran?

Adam Fisk a at littleshoot.org
Wed Jun 13 15:59:37 PDT 2012 

I would just point out Nathan that both Skype and PrivateGSM should be
doing all the NAT/firewall traversal necessary to create direct P2P
connections in about 90% of cases. If anything Skype's likely able to
cross NATs in more cases, so the participants in the conversation
should be observable even more frequently. I would argue that "it will
stream the RTP media stream through that same server" is only the case
in more like 10% of cases - both should (and certainly Skype does)
stream RTP directly between peers.

Totally agreed that the overall user experience with Skype should be
much much better though.

-Adam


On Wed, Jun 13, 2012 at 4:09 AM, Nathan of Guardian
<nathan at guardianproject.info> wrote:
> On 06/13/2012 01:24 AM, Naiz Mudin wrote:
>> We must be prepared, in my country, to communicate with one another
>> without fear of the govermnment having automatic access to our data, as
>> is the case currently, whenever we (for example) use Skype VOIP outside
>> of the country.
>
> One question Naiz - are you using Skype on mobile phones today to
> communicate, or only from desktops? Is this from 3G or wifi?
>
> I ask because I think that it is important to that while PrivateGSM
> software is technically very sound, there are some additional risks and
> perhaps limitations when it comes to running VoIP, and even more so
> secure VoIP, on a 3G network such as is available in Iran.
>
> Skype is tolerated in many places in the world where encryption and VoIP
> are considered illegal. Skype is allowed both because it is very
> difficult to block (it uses many different IPs/hosts to connect in a
> peer to peer like manner), but also because it is understood that most
> people are using it to talk with family and conduct business.
>
> If you use a VoIP system like PrivateGSM, or any SIP/RTP VoIP software,
> it will look very different on the network than Skype. It will most
> likely connect to one server, with a single IP address, for the SIP
> portion (registration, call setup), and then it will stream the RTP
> media stream through that same server. With secure VoIP that SIP stream
> will be secured using SSL or TLS, the RTP media stream using something
> like ZRTP or SRTP (basically the "AES encrypted" part you referenced).
> If two people are calling each other using this service, it will be very
> clear who is talking to whom and when. In some cases even, the RTP media
> stream will stream directly between the two people/devices
> communicating, clearly tying the two IP addresses together. If those IPs
> are connected to a registered SIM card, then you see how this can be
> problematic.
>
> With Skype, this is hidden in the cloud a bit more because there are
> millions of people, though obviously Skype has many, many security
> issues, and can suffer from this same direct IP-to-IP problem. Still,
> Skype is tolerated, while Secure VoIP may not be.
>
> Finally, there is another, more practical problem, which is speed or
> "latency". Skype is really good at low bandwidth connections, while
> Secure VoIP, mostly designed for enterprise/business use in the west, is
> not. PrivateGSM is very good as Jacob mentioned, so it may be able to
> adjust its call quality to the bandwidth/latency of your network, but
> your expectations should be set a bit lower, and amount of patience of
> your users higher... meaning, don't expect Skype simplicity and quality
> right away.
>
> Best,
>  Nathan
>
>
>
>
>
>
>
>
>
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
>
> Should you need to change your subscription options, please go to:
>
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
>
> You will need the user name and password you receive from the list moderator in monthly reminders. You may ask for a reminder here: https://mailman.stanford.edu/mailman/listinfo/liberationtech
>
> Should you need immediate assistance, please contact the list moderator.
>
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech



-- 
Adam Fisk
http://www.littleshoot.org | http://adamfisk.wordpress.com |
http://twitter.com/adamfisk

More information about the liberationtech mailing list