Slashdot Mirror
Ask Slashdot: Are There Secure Alternatives To Skype? (theguardian.com)
How can you make a truly secure phone call? An anonymous Slashdot reader writes:
I have a Windows 8.1 phone and mostly use it for Skype calls and chats. A bit of browsing every now and then, and checking public transportation schedules... What can I do to be able to securely chat and place audio/video calls? What do you think is the best device to buy and what apps to use on it?
Skype for Windows Phone will stop working in 2017, and Skype's privacy was already suspect after Edward Snowden leaked evidence of Microsoft's secret collaboration with the NSA. But are there any good alternatives -- especially for a Windows Phone user? Leave your suggestions in the comments. What are the best secure alternatives to Skype?
Skype for Windows Phone will stop working in 2017, and Skype's privacy was already suspect after Edward Snowden leaked evidence of Microsoft's secret collaboration with the NSA. But are there any good alternatives -- especially for a Windows Phone user? Leave your suggestions in the comments. What are the best secure alternatives to Skype?
There are loads of alternatives to Skype, that offer similar (but not identical) functionality. The one I use is WeChat, not because it is better than the rest, but just because it is what the people I care about use it. It can do the usual things: chat (text etc) and calls (w or w/o video). No doubt there are many others. As for security: surely you are joking? How would these companies operate, if they couldn't get their cold, clammy hands on the info you send?
Tox is a alternative, no sure if it is ported to windows phone...
https://ring.cx/
Options are plenty. But the point is how you can persuade all your contacts to switch to the niche app of your choice with you.
Simply put, there is no such thing as a truly secure phonecall.
Any "easy" solution coming out of or running through the USA needs to be "insecure" thanks to CALEA - Communications Assistance for Law Enforcement Act - but even if this were not an issue, the endpoints can still be bugged and systems hacked.
You may be able to get a fair part of the way there by setting up your own infrastructure (ie something which runs over a VPN and/or ZRTP) - Maybe look at Silent Circle for an ?easy? partial solution to your woes.
Signal is open source. Use Signal if you want real security.
WhatsApp is closed source but uses the same encryption in Signal. Use it if you need something people already use.
In either case, turn on security notifications and learn what they mean, and verify your contacts by reading out their fingerprint over the voice connection.
Telegram's encryption is kinda broken. Therema's encryption is broken. iMessage only works on iOS and it's slightly broken. I donno if Allo does voice, but you must turn on encryption manually, so it's probably broken if you imagine the user can be tricked.
Electroic Freedom Foundation created the Secure Messaging Scorecard to help answer this question. The biggest problem with this scorecard is it mixes desktop and mobile apps together without really indicating which type of app they are. But both Signal and Silent Phone are available for Android and iOS. Either of these might be worth considering as alternatives for the types of things you current use Skype for today.
If they care so little about what we do then they wouldn't try to spy on us.
Little kids like you don't understand the importance of privacy because you don't work or have any sensitive personal data. All you do is listen to music, play video games and watch porn, which is why you mentioned those things specifically. When you grow up you might come to appreciate privacy, if you have any left by then.
You mention the need for "secure chat", but don't express "how secure" you would like that to be. As others have posted, if you're connected to the internet (and your question is worded to imply that you're looking at Voice Over IP (VOIP) solutions, then there is pretty much no secure option out there... An Agency like the NSA could record all your data packets and brute-force them pretty quickly, if they so chose.
;)
Having said that, it might be possible for us to brainstorm the sort of attributes that would help to make your VOIP calls less insecure. The collective wisdom of slashdotters might then be able to suggest some alternative products for you to consider. Things to look out for might include:-
1. A solution that uses a central server only for the purpose of establishing the IP address of your chosen call recipient, then allows all communication to that recipient to happen directly, point-to-point. There is no need to route call traffic through central servers (unless you want to listen in). Ahem. Skype.
2. A solution that not only uses the latest approved encryption algorithms, but which makes the swapping of an algorithm a relatively easy process [think user-selectable option, addition of a library file with the algorithm code]. The upgrading of key strength/entropy parameters should be even easier...
3. A solution that includes, within the encryption stream, random white noise padding (to make it much harder to determine the precise amount of data being exchanged) might be nice.
And so on...
I did think about including an option that said, "For each legitimate call channel that you set up using the central register of logged-in users, pick three more logged in users at random and simultaneously exchanged random, encrypted data packets with those users too." Unfortunately, there are multiple issues with that. First, what if one of those random users really was under surveillance by a three-letter-agency. Using the "association" rules, that agency would then start monitoring you *real* closely... and second, running four calls for the cost of one might actually degrade your network/audio performance if you happen to be on a slow link.
Bottom line; there is no easy answer to your question, but please don't consider using Skype and "secure" in the same statement...
Completely P2P and encrypted. See tox.chat
I'm rapidly approaching middle age and I still enjoy music, video games, and porn.
That said I also appreciate the importance of privacy, so they call this wisdom. :-)
Chill out and let them do their work to catch terrorists, don't draw unnecessary attention to yourself (like by being paranoid), and you'll have no trouble.
Who were they listening to when the terrorists were in San Bernardino? Because they missed that one completely. Not to mention all the mass shootings taking place in the US even using Stingray. If they're work is to catch terrorists... I'm afraid they're failing really bad. The only logic that I find from that, is that surveillance is not to catch terrorists. And if it truly is, the three letter agencies need to fire all the staff, top to bottom, and start hiring competent people.
If we could not ask the same questions every month, that would be great.
The only reason they want to listen in on everyone is control/power and the fabricated reason is terrorism (which if true means that they are admitting defeat to terrorists). That's why they throw a childish tantrum if you even try to legally record one of them (see: public "illegal" wiretap excuse).
WeChat is a Tencent product, and Tencent is partially state-owned by the People's Republic of China. So I can guarantee you that anything you do in that program - in fact, probably anything you do in any device with that program installed, or any device linked to your WeChat profile with social media or other links - is going straight to a national surveillance agency. Just not an American one.
That being the case, I have to seriously question the credibility of anybody suggesting WeChat in the context of basically anything.
WebRTC-based services, in the form of e.g. https://meet.jit.si/, are end-to-end secure and decentralised. Not sure if Windows Phone has any browser which supports WebRTC, though.
The last 100 years or so of history would disagree with you..
Many libs/modules are available that allow you to make a simple chat/video application, including whatever encryption you see fit, even adding some salt to it if necessary. The other party needs the same program. That makes your app even more discreet (by obscurity).
Slashdot, fix the reply notifications... You won't get away with it...
If you run Windows Phone or Windows 10 you should say goodbye to any sort of privacy.
https://www.gnu.org/proprietar...
As of now there are no commercially available smart phones that respect your freedom entirely. Depending on where you draw the line,
your best bets are Replicant or at the very least CyanogenMod without any Google Apps.
F-Droid is a package manager for Android that only contains software that respects your freedom.
I have family in Japan, where LINE seems to be popular.
http://line.me/en/
It is a Japanese company:
http://linecorp.com/en/company...
But it supports English speaking very well, too, and on the major platforms.
Unfortunately not on Linux PC's yet.
Why are you people so obsessed with privacy from the government?
Because we don't fucking trust you, shithead. Haven't you figured that out yet?
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
As soon as you involve the phone-system, you are compromised. However, you can have a secure voice-chat, with numerous technologies. If you run your own server, something like mumble may serve. Needs a dedicated client, but security is apparently pretty good. Works on Linux.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Use a Web site to set up a WebRTC peer-to-peer session. I like talky.io, which uses peer-to-peer for one-to-one chats. There are many others, and if you don't like them or don't trust them, you could pretty easily build your own.
The security properties of peer-to-peer WebRTC are pretty good:
-- end-to-end DTLS with perfect forward secrecy
-- all protocols involved are IETF standards and have had a decent amount of public security review
-- Firefox/Chromium implementations are fully open source that you can build yourself and run on Windows/Mac/Linux/Android
-- the Web site that sets up the connection could MITM you, but there are many WebRTC sites to choose from and it's pretty easy for anyone to set up more.
I kinda wonder why governments aren't complaining about WebRTC. It's probably just not popular enough yet.
or maybe you want to minimize anyone's digital dossier of you in case the future does alter such that information that is benign today becomes not so benign.
You've got that the wrong way around. The question you should be asking is "Why is the government so paranoid about terrorism?"
Take off the tin foil hat and stop being so paranoid about terrorists, you anti-American, freedom-hating douchebag.
And how much exactly did 'they' pay you to post this kind of nonsense?
"Trump!!", the new Godwin.
Dutch police close Ennetcom encrypted communications network (April 25, 2016)
How about Telegram? https://telegram.org/
or wire?
wire.com
telegram.org
open source, 'secure'...
I expect the issue is more to the point, as we have recently found out that our own government had been spying on us, despite the laws that says they shouldn't would make us feel a bit nervous.
In America there is a good deal of history where we had tried to find the un-americans among us. McCarthyism, blacklisting supposably Communist, Japanese internment camps during WWII are a few examples.
The danger with this local spying is the fact that we may say something that will get us flagged as un-american then we are watched under a finer detail waiting for a slip up then we can get arrested. Remember Ignorance of a law isn't an excuse, so chances are if you are being monitored under a fine tooth comb chance are you will break some law unintentionally.
Then it brings up what would get us flagged? A liberal idea may be too radical for the government, a conservative idea may be blocking the direction the government may want to go. A speculation may actually uncover a top secret plan. Some sign of sympathy for the enemy, or not quite following the propaganda that is being shown.
Now this stuff may not be part of a grand conspiracy. But the government is big, and there are often over ambitious zealots who are in a position to cause trouble. Combined with the fact each group of the government has a narrow focus which may not be inline with the rest of the government's goal.
Besides there is so much damage of getting falsely accused that even if you are all on the up and up. Getting falsely accused is a major detriment to your life.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Terrorism? Is there any single evidence NSA is achieving anything against terrorism? The only evidence we have of their work is that they spy the european MEPs, the european leaders, 56 millions germans, 48 millions italians, 50 millions of french... And the only warning france got before of bataclan came from Algerian services, which are doing mostly Humint....
Maybe using an application like Jitsi allows you to connect with people using other messenger software. You can register a SIP address and then chat with any other user that has a SIP address, no matter what their comm client is.
All terrorists have to do to surprise us again is attack us with a new technique. While the three-letter agencies are making our lives miserable at airports, one jogger tossing a vial of hacked Ebola into a big-city reservoir could be the next 9/11.
From what EditorDavid posted above from the anonymous poster... I quote:
What can I do to be able to securely chat and place audio/video calls? What do you think is the best device to buy and what apps to use on it?
Looks to me like the anonymous poster is willing to abandon his Windows Phone so I don't know why the blurb below the poster's quote immediately asked for a solution "especially for a Windows Phone user".
I get the wish for secure phone calls to a certain extent, but the anonymous poster sure doesn't seem to be doing anything that absolutely requires this kind of security. Is it really worth buying a new phone and software packages to try to get secure calls to Mommy when there are so many people with cell phones that any logical person would realize that every call can't be monitored by The Man?
If you want the " telephone " experience where you can call anyone, anytime then probably not. Both you and the one you're calling must use compatible systems before you can consider securing it.
If, on the other hand, you're trying to setup a secure call to a known party then there are ways to accomplish this but requires some prep.
Example. Grab a flavor of VOIP software you like to use. Build a central server running something like Asterisk on it. Lock down your network, ensure the only means to access it is via a VPN. ( means you have to setup a VPN server )
Remote user connects to the local network via VPN ( however strong you want it to be ) and the VOIP client will register with the Asterisk server. When all clients are registered, it is a simple matter to dial their extension when you wish to talk to them. Conference calls, multi-way calling, etc. will be available depending on server and client capabilities.
The entire stream goes over the VPN and can connect from anywhere in the world. Security is based on how strong your VPN is so plan accordingly.
The weakest link will be the hardware running the VOIP softclient. Best to use something like an Ipod touch or other non-phone based unit.
Signal is currently the best solution for secure messages and phone calls. It's an app for Android and iOS, and Chrome has an extension to sync your messages to a desktop chat. But it communicates between phone numbers of course, so if that's not what you want then it's a bit trickier.
The best totally anonymous desktop messaging protocol I am aware of is Pidgin (Windows, Linux) and Adium (macOS) using the "Off-The-Record" extension. I don't know if there's any good solutions for video chat.
You are certainly ignorant, but I will explain briefly: A good reason is you despite being a law-abiding citizen, you do not agree with the current government and this current government has a history of "disappearing" with people who do not agree with it. And a second good reason is industrial espionage. Right now my country is suffering a coup being helped much by the NSA spying on Petrobras (state oil company) and the politicians who are not sold to the US. It is enough reason to seek communication protected against espionage?
Religion: The greatest weapon of mass destruction of all time
It's not even that we don't trust,
we absolutely trust that if we allow the agents of government a great power to use in a narrow context, against a specific group of bad actors for the general benefit, that they will eventually without fail use that power in contexts never intended and against people never imagined, with only in regard to the benefit of the few power brokers.
Apocalypse Cancelled, Sorry, No Ticket Refunds
..for video/audio calls and other similar communications is heavily encrypted endpoint-to-endpoint VPN traveling though ports that won't get blocked.
It's not necessarily a bad thing to admit, really. You're only further perpetuating and demonising the stereotype, it's not too different from the crazy Christians who didn't want Little Jimmy touching himself in bed.
Obviously he meant gaming. What were you thinking of... Oh, wait... (grin)
Seriously, you're not that interesting to the NSA or any other three letter government agency. Chill out and let them do their work to catch terrorists
You'd like to think that; but as one who found themselves labeled a "Hacktivist" in a story in Wired Magazine, accused of being an organizer for some event I had never even heard of, JUST because I happened to write a provocative (to the Gummint) block of "keywords" in a Sig; let me tell you, it doesn't take NEARLY as much as you'd think to be "of interest"...
Why are you people so obsessed with privacy from the government?
"the Tree of Liberty, it seems, needs to be refreshed from time to time with the blood of Patriots and Tyrants."
250 years of U.S. History, and a few THOUSAND years of collective social history, and still we have to ask a question like yours....
Then ask a question...why do governments use computers controlled by another country (i.e. by Microsoft)
Actually I'm looking for a good secure / encryption strong tool that works on Linux and Windows, even better if it can do Android. Any Suggestions?
Yeah well, I can ask for Symbian but that's a dead platform too.
Does your ISP also fail at IPv6? I've read about a lot of ISPs giving each subscriber his own /56 on IPv6 and using carrier-grade NAT only on IPv4. This technique is called DS-Lite (not to be confused with a Nintendo product).
Offers end-to-end encryption without a man-in-the-middle listener. Uses open industry standard, FIPS 140-2 certified, 256-bit AES encryption on all control and media traffic. The 256-bit AES session key is only available at endpoints, thus not even Vsee themselves can decrypt the traffic. Check out more at: https://vsee.com/security
I have been using Vsee for last few years and consistently found it way more robust and tolerant of network and bandwidth issues then any other video application - including connections to high latency destination over mobile/wireless links.
Primarily designed for healthcare, it is extensively used in remote locations with such as Africa.
Free, lightweight and without any intrusive advertisements, I am not sure why it does not get more recognition.
Remember all those AOL users before the world wide web became popular? They got loose and bred.
Welcome to Web 3.0
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Sorry, but if you care about privacy, using a proprietary OS is a non-starter. You simply MUST use an open-source operating system. The idea of security on Windows or IOS is absurd. These companies can insert whatever backdoors they wish at any time, and you have no way of knowing or doing anything about it. This isn't a matter of my-platform's-better-than-yours, it's simply the fact that proprietary software and security are not compatible.
There are ways to encrypt.
Those people ARE enemies. Groups filing for tax-free status for dubious bullshit reasons are garbage. None of these groups are doing anything charitable, lol.
I think it's funny how people seem to think that being anonymous is important while simultaneously being pissed off that the government doesn't do enough to "deter cheating" of the voting system, legality of immigration status. In short, MY privacy is IMPORTANT, but YOUR privacy is not!
Even more amusing is that they all seem to have no problems with private companies hoarding all of this data. We have no Constitutional protections against private entities. Google and Facebook are far more powerful than the NSA, FBI, and DEA combined. But let's not draw any attention to that, shall we? Let's all focus on how the EVIL GUBMINT is STORIN' DATA ON ME!
Let's pay no attention to the fact that the things you post on social networking or the Internet in general, or the stuff you buy, can be used to build a profile of you that not only controls how much money you're going to spend on something (interest rates), but also whether or not you're hirable at all. You know, things that are truly important to like 99.99% of anyone in the country, earning money and buying goods and services with their money.
So you plan to reach out to one of the dozen or so Windows Phone users by finding them on slashdot?!
Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
There wasn't any logic in my post, merely some statements of fact about the evidence that exists.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
It... it's almost as if you read my mind... /EndSillyRant
Oh no, you're one of them! Get out of my head!!!
Duo son.