Ostel: Encrypted Phone Calls

Ostel: Encrypted Phone Calls
A tool for having end-to-end encrypted phone calls. This is a public testbed of the Open Secure Telephony Network (OSTN) project, with the goal of promoting the use of free, open protocols, standards and software, to power end-to-end secure voice communications on mobile devices, as well as with desktop computers.

32 thoughts on “Ostel: Encrypted Phone Calls

  1. First of all thank you for a great product and system

    I am currently testing the OSTN /OSTEL sip app. I have one installed on a Google Nexus S with Android 4.12 and another on a Samsung Galaxy tablet with Android 2.2.

    The following are my observations:
    1. On both devices when I make a sip call I notice that the padlock is locked but on looking at the logs it says SRTP is not active. Does that mean that the call between the two accounts is not secured? There is no 4 character code showing app anywhere on the client screen.
    2. When i make a successful connection to each other, I do not go through any process where a 4 character code comes up and there is a cross confirmation of the received common code. It never happens. This is in contrast to when I make a successful call to the 1003 number.
    3. How do i know I am having a secured conversation?
    4. for both devices the OSTEL version shows as 0.04-00. On the Samsung tablet the application file size is 8.77. On the Nexus S, OSTEL version is same, however the OSTEL application file size reads as 8.88MB

    5. On many occasions I could not stop a sip call on the Samsung galaxy tablet even when the other client, the Nexus phone has successfully ended a call. I have on several occasions had to go to the app manager and forcefully end the OSTEL app

    The ultimate intention is to build something to be used by several different church campuses, hence security is very high priority

    1. Not yet, but we are working on it, as well better instructions for how to setup your own server. That is a primary goal, as we understand that US-based services are not ideal for everyone (or perhaps for anyone!) :)

  2. I am really pleased with the ostel system that you have implemented.
    Great work!!!

    I was just wondering if you could add a useful feature in your future release.
    Since, at times the connection drops due to network or other issues with hardware issues the speech is cut off but the other party is unaware that the call has disconnected and continues speaking to a disconnected line.

    To deal with this shortcoming , If you could add the function of a simple alert (audible and/or vibration)in case of an unexpected call disconnect event it would be perfect. Even if the alert sounds during a normal call termination it would be a welcome confirmation. An solid experience somewhat similar to what skype will then be just a stone thow’s away :)

    Thanks again,


        1. Best Bett is Russia, I hope that Russia help people in western country by providing secure server. they are not poster boys of democracy but at least, we don’t Mather for them as we live elsewhere.

  3. If the encryption is end to end, it shouldn’t matter where the servers are. They are just relaying encrypted packets. You can also run your own Ostel server(s) if you wanted.

  4. I was wondering if there is a way to create a conference room (or something like that) in ostel.

    I’d like to create a multi-user call for some of my meetings.

    Thanks in advance.

  5. Hello, I am from Israel, I was using this program, but now ther is problem the ostel is red and it’s writh error while registering- service unavailable, what I need to do?

  6. Yes, I have the same question, i.e., if the encryption is end2end then the physical location of the server doesn’t make any difference or does it? I have heard wiki leaks chose Sweden for their servers? Would that country be better?

    Also ostel runs ZRTP only? Is it true that for complete call content encryption both SRTP and ZRTP should be running? Actually I am not knowledgable regarding these protocols and how they work so please throw some light on it. I wanna ensure that if I have matched the SAS on ostel.co using CSipSimple then my call content is heard by myself and the other person only – bulletproof end2end call encrypted!!

  7. Hi,

    I have noticed on this wiki OSTN webpage in the osted VoIP Services¶ section:


    that it says SRTP is No whereas ZRTP is Yes. If ZRTP only initiates the session key for SRTP then both protocols must be required to have a real end-2end encyption call session.

    I mean to ask in that case the matching of both 4 letters would only mean that session key has been exchanged securely but the call content is still not encrypted if SRTP is not there?


    1. The idea is that it is not plain SRTP without ZRTP to securely negotiate the keys. You are correct that ZRTP is used to initiate an SRTP stream.

    1. If you think that other countries besides the USA are not also trying to monitor everything on the internet, you are sadly mistaken. The USA certainly spends the most money doing it, but basically all governments are doing it now, and the USA’s laws are still relatively protective as compared to most of the world. Yes, even Germany, Switzerland, etc.

  8. In this solution the calls are not peer-to-peer (like skype). All the encrypted data are relayed by the Ostel server. Am I getting it right?

    1. Yes, exactly. We provide media proxying in order to more easily handle firewall/NAT issues that are often faced.

  9. Hello, I’m wondering what is the difference between using the OSTN wizard and the Ostel wizard (under worldwide providers)?
    I was able to connect using the Ostel wizard only after a long time over looking something simple.

    fyi this should be posted somewhere on csipsimple’s wiki/issues. A trivial conflict that’s diffcult to find. I would assume this is the case with any wizard as well. I was not able to register an account using csipsimple using Ostel and OSTN wizards previously. It isn’t noticable normally, but if you view the config in expert mode you can see the Account id field. The format for this field was sip:login@registrar. The Ostel login I was using had ‘@’ in the username and this was the conflict. The ‘@’ in the login name was automatically changed to another character because there can only be one ‘@’ in the Account id format. There’s no character limit for what your login can be when you create an Ostel account so I never thought it would be an issue, but it is with csipsimple. Once I made a new account without any of those symbols in the login name I was able to register.

  10. Hi, thanks for this great secure service, I appreciated it greatly.
    Could you please tell me which mode is more secure, SRTP or ZRTP?

    In CSipCimple 1.02.03 r2458, when ZRTP mode is set to create ZRTP and SRTP mode is set to optional or mandatory, calling the other party shows:
    TLS transport is used for immediate hop SRTP. And there is no SAS code to confirm.

    When SRTP mode is set to disabled, then the call is secured with ZRTP Twofish-256/EC25 and there is a SAS code confirmation.

    What is the more secure in the eyes of the NSA?

    1. ZRTP mode is more secure because it provides a secure key agreement protocol for setting up SRTP sessions.

    1. Keep in mind: TLS is only used to protect the user account and password, which of course are important. But the security of the calls is provided by ZRTP, which has nothing to do with that SSL Labs audit. About that ssllabs audit, it says “When renewing, ensure you upgrade to SHA2”, which we will do. No one has yet publicly broken SHA1, so its not urgent. As for RC4 support, that provides compatibility with a wider range of web clients, so that a wider range of people can setup ostel accounts to get solid ZRTP encrypted calls as easy as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *