You can just use netstat and tcpdump to see who you're exchanging data with. A Skype2Skype call (without firewalls in between) exchanges voice data with the callee and nobody else. Skype.com can't listen in on this. I don't know if there are loopholes or simple errors in their crypto implementation, but I am pretty sure it's good enough to protect me from my neighbour's sniffing. Call it obfuscation rather than encryption if you're more comfortable with that, but it's a lot better than plaintext data exchange as done by any sip softphone I've seen.
As to "pretty colours", availability and wm integration: I do believe those are important factors. I know *no* useable softphone for Linux or BSD. (I'd be grateful for any hints.) X-Lite is not available (it is for OS X, but it's not "integrated", it's a PITA); kphone crashes more often than not; linphone is nice but very primitive; LIPZ4 is very strictly closed source (and I could not get it to work with my VoIP provider); the rest are small fish that lack a lot of important features. Regarding call quality and stability, the best I could do was using asterisk directly in an xterm, with the OSS module as the local extension. Which is not exactly something I'd recommend to my aunt.
As to call quality, go ahead and give Skype a try. I certainly know what I'm sticking to for my private calls.;-)
Skype just works. I configures itself automatically for any kind of firewall setup. X-Lite can be made to work for most kinds of firewall, but you'll have to do that on your own if your firewall is the least bit restrictive.
Skype uses an amazing set of codecs. Voice quality on Skype is just superb. Now I know that you could probably use these same codecs on your Softphone as well. If you could get your hands on them. And patched your softphone. And got your VoIP provider to patch his software. Or used direct connections only and got all of your friends and family to use patched softphones.
Skype has very low latency. On a residential DSL line, local QoS is not an issue for either Skype or SIP phones. But all SIP VoIP providers I know have latency issues, adding several hundred milliseconds.
Skype encrypts calls. Using non-WPA WLAN access to lead a SIP conversation with X-Lite leaves you open to easy sniffing by everybody in range. Skype just uses public key cryptography (albeit closed-source) to prevent sniffing. X-Lite depends on your SIP provider to do encryption on the WAN side, which none of those available here in Germany provide.
Skype has a clean interface. It is available for Win, Mac and Linux, and it's pretty well integrated into all of these. I don't own a Win machine, but I've used X-Lite on a Mac and its interface is unuseable. It's the most atrocious port to OSX I've ever seen. X-Lite is not available for Linux. And worse, having looked around for quite some time, I know of no good Linux softphone for SIP.
I will advocate open source soft and open standards wherever possible. But for VoIP, I'll stick with Skype, for the moment. Its performance is just too good not to use it.
Skype's P2P network is used for the user directory and for routing of calls. Audio data, on the other hand, is sent directly from your computer to mine, using plain old UDP, or TCP as a fallback.
The only situation where the P2P network is used for audio data is when you've got a local firewall that is so restrictive that any direct connection to your system is filtered out.
Security is definitely a concern for some people, which is why SIP is not an easy solution for internetworking. Skype, however, does public-key encryption of all communication (both voice and text), which should alleviate the problem somewhat. See http://www.skype.com/help/faq/privacy.html (near the end of the page).
Granted, they are closed-source and won't show you their implementation, so you can't check it yourself. But I guess some security is better than none, isn't it?;-)
If you're gone and away, and need a safe proxy, and have not had time to prepare Squid or anything elaborate, but you do have ssh access to anywhere, the standard ssh client includes a perfect SOCKS4 proxy. Just do
ssh -D 8080 -f -N yourhost
and you're all set. Use localhost:8080 as SOCKS4 proxy host.
I would really recommend using your own laptop with full file system encryption. And I generally agree with other posters about that old saw: "When in Rome, do as the Romans do."
I've seen one Skype supernode in action and was pretty impressed by the bandwidth it was using. It was getting more than 15000 connections an hour, coming close to saturating its 100 mbps pipe. Which is kind of okay if you're paying a flat rate for access, but if you're paying by volume, I suggest that you take measures to avoid becoming a supernode. It's easy enough to do so. (On Linux, just block the high ports you're not using yourself. On OS X, activate that firewall.)
You can easily avoid becoming a Supernode by not permitting incoming connections to the port Skype has opened for itself. The downside to this is that your calls will now be routed to another supernode, but if you're paying for bandwidth, there may be no way around that. You can still place and receive calls, and the added latency is not worth mentioning in most cases.
If you run Skype on Linux or Mac OS X, it is reduced to using high ports anyway, so it's easy to block. An example iptables command line would be
iptables -A INPUT -p tcp --dport 1024: --syn -j DROP
(Caveat: Check your local servers, use passive FTP, modify this if you actually want to use P2P, etc.)
Slashdot Mirror
As to "pretty colours", availability and wm integration: I do believe those are important factors. I know *no* useable softphone for Linux or BSD. (I'd be grateful for any hints.) X-Lite is not available (it is for OS X, but it's not "integrated", it's a PITA); kphone crashes more often than not; linphone is nice but very primitive; LIPZ4 is very strictly closed source (and I could not get it to work with my VoIP provider); the rest are small fish that lack a lot of important features. Regarding call quality and stability, the best I could do was using asterisk directly in an xterm, with the OSS module as the local extension. Which is not exactly something I'd recommend to my aunt.
As to call quality, go ahead and give Skype a try. I certainly know what I'm sticking to for my private calls. ;-)
- Skype just works. I configures itself automatically for any kind of firewall setup. X-Lite can be made to work for most kinds of firewall, but you'll have to do that on your own if your firewall is the least bit restrictive.
- Skype uses an amazing set of codecs. Voice quality on Skype is just superb. Now I know that you could probably use these same codecs on your Softphone as well. If you could get your hands on them. And patched your softphone. And got your VoIP provider to patch his software. Or used direct connections only and got all of your friends and family to use patched softphones.
- Skype has very low latency. On a residential DSL line, local QoS is not an issue for either Skype or SIP phones. But all SIP VoIP providers I know have latency issues, adding several hundred milliseconds.
- Skype encrypts calls. Using non-WPA WLAN access to lead a SIP conversation with X-Lite leaves you open to easy sniffing by everybody in range. Skype just uses public key cryptography (albeit closed-source) to prevent sniffing. X-Lite depends on your SIP provider to do encryption on the WAN side, which none of those available here in Germany provide.
- Skype has a clean interface. It is available for Win, Mac and Linux, and it's pretty well integrated into all of these. I don't own a Win machine, but I've used X-Lite on a Mac and its interface is unuseable. It's the most atrocious port to OSX I've ever seen. X-Lite is not available for Linux. And worse, having looked around for quite some time, I know of no good Linux softphone for SIP.
I will advocate open source soft and open standards wherever possible. But for VoIP, I'll stick with Skype, for the moment. Its performance is just too good not to use it.The only situation where the P2P network is used for audio data is when you've got a local firewall that is so restrictive that any direct connection to your system is filtered out.
Granted, they are closed-source and won't show you their implementation, so you can't check it yourself. But I guess some security is better than none, isn't it? ;-)
I would really recommend using your own laptop with full file system encryption. And I generally agree with other posters about that old saw: "When in Rome, do as the Romans do."
I've seen one Skype supernode in action and was pretty impressed by the bandwidth it was using. It was getting more than 15000 connections an hour, coming close to saturating its 100 mbps pipe. Which is kind of okay if you're paying a flat rate for access, but if you're paying by volume, I suggest that you take measures to avoid becoming a supernode. It's easy enough to do so. (On Linux, just block the high ports you're not using yourself. On OS X, activate that firewall.)
If you run Skype on Linux or Mac OS X, it is reduced to using high ports anyway, so it's easy to block. An example iptables command line would be
(Caveat: Check your local servers, use passive FTP, modify this if you actually want to use P2P, etc.)