Sip

Voice over IP (VoIP) has been around for a long time. It’s ubiquitous in homes, data centers and carrier networks. Despite this ubiquity, security is rarely a priority. With the combination of a handful of important standard protocols, it is possible to make untappable end to end encryption for an established VoIP call. TLS is the security protocol between the signaling endpoints of the session. It’s the same technology that exists for SSL web sites; ecommerce, secure webmail, Tor and many others use TLS for security. [Read More]

Earlier last week n8fr8 suspected something changed on the ostel.co server, due to many users emailing support specifically about Jitsi connectivity to ostel.co. The common question was “why did it work a few weeks ago and now it doesn’t anymore?” The tl;dr follows, skip to keyword CONCLUSION to hear only the punch line. To support n8fr8’s hypothesis, there was a small change to the server but I wan’t convinced it effected anything since all my clients continued to work properly, including Jitsi. [Read More]

If you saw our last post about how to setup your own secure voice-over-IP server instance, then this news is for you. If you are an Android user looking for the best open-source VoIP app, and really need one that can support secure communications, then this post is ALSO for you. CSipSimple, the previously mentioned “best VoIP app”, now includes a wizard for setting up an account configuration for any server which complies with our Open Secure Telephony Network specification. [Read More]

The Open Secure Telephony Network is a standard that defines how to configure a VoIP softswitch with the capability to have secure two-way VoIP conversations if both parties are using the same server. The system requires both backend and frontend components, which makes OSTN is a little different than some of the other Guardian apps. Unlike Gibberbot, there are few public SIP services that support secure signalling for a mobile app to connect with. [Read More]

In a standard OSTN configuration, the Fully Qualified Domain Name (FQDN) of the server running Freeswitch is a core dependency to operate the service. For example, the domain ostel.me was first configured as a DNS record, a server was bootstrapped with ostel.me as the local hostname and a Freeswitch cookbook was run using the Chef automation system. Because the domain was configured both in DNS and locally, the cookbook has enough information to automatically build an operational OSTN node. [Read More]

The Guardian Project develops open source software primarily for the Android platform but we strive for security by design to be a part of all platforms. With OSTN, there are two major components. The the first is the server, which operates as the primary user directory and call switch. The other is the client, which is the program you interact with to send and receive calls. While the Apple App Store forbids distribution of GPL licensed software from their service, the underlying protocols used by OSTN are open, so even iPhone developers may implement them in a proprietary client application without breaking any intellectual property laws. [Read More]

In November 2011, 25 individuals were surveyed using an online form, representing typical end-users, global journalists, activist and human rights organization perspectives (Thank you to all the participants!). The goal of the survey was to establish a baseline understanding of the types of tools and expectations our target user community has around making “telephone calls” over the internet, otherwise known as Voice over Internet Protocol (VoIP). This survey is part of our work on the Open Secure Telephony Net (OSTN). [Read More]