22 June 2013

How to make secure, encrypted phone calls... for free

The ZRTP-capable
Groundwire app for iOS
Recent revelations have alleged wholesale governmental monitoring of phone conversations and emails.  Governments (plural) are reported to have real-time ability to access encrypted digital connections of all kinds, including Skype.  My own hypothesis, based on details in the the published allegations and known hacks of Certificate Authorities (on whose infrastructure the entire trust system of today's Internet is based), is that purloined Certificate Authority certificates are being utilized to allow inexpensive monitoring of communications transported over encrypted channels like SSL and TLS.  The key to privacy is to utilize encryption techniques which do not depend on the compromised Certificate Authority system.

VoIP is rarely encrypted at all, but that may be changing as dismayed citizens demand an end to suspicionless, warrantless surveillance.  Today, ostel.co (note: not .com) is a free/open-source project which implements the ZRTP communications-encryption technique which allows users to call each other securely and without cost over WiFi or other Internet connections.  Conference and video calls are also supported.  More info about ZRTP here.

Each participant must run a ZRTP-capable VoIP client on their computer or smartphone-- this is not something you can use a old-timey analog telephone with.  Clients are available for a variety of platforms including OS X, Windows, iOS and Android.  Some are even free!

Getting started making and receiving secure calls is simple: you sign up for an account at ostel.co and give yourself a user name.  You download the appropriate app onto your computer or smartphone and set it up to talk to your ostel.co account.  Your friends and associates do the same.  You then ring each other up using your respective user names, and validate a randomly-generated numeric code.  Pretty simple.

Documentation is sparse, to put it charitably, but here's how I got it working on OS X 10.8.4 Mountain Lion:

  • Download Jitsi, a free/open-source client capable of, among other things, telephony using ZRTP encryption.
  • Run it... or attempt to.  On later builds of OS X you may receive a message that Java 6 is required.  Well, I have Java 7 installed and enabled (it's needed for some other software I use), but this didn't seem to be acceptable to Jitsi.  With some trepidation given the security issues surrounding Java recently, I accepted the download of the older version.  There was no progress indicator, but events seemed to proceed without issue (and frankly rather quickly-- I have my doubts that Java 6 was installed at all), and eventually I was able to load and run Jitsi.  The current, recommended version of Java 7 remains intact on my system and is still my default, per the version tester at java.com.
  • Now you need to set up Jitsi to use your ostel.co account.  This is totally undocumented, but what works is to open its Preference pane and add a SIP account, specifying YourUserName@ostel.co (again, note it's not .com) and inputting your ostel.co account password.  
  • Done.

Set-up should be similar for other apps.  The only prerequisites would seem to be (1) the ability to work with generic SIP connections and (2) ZRTP compatibility.  (Be sure to select your desired audio input and output in the Preferences-- Jitsi had selected AirPlay as my default, rather than my Mac's speakers or headphones, causing some momentary confusion for me.)

[DELIGHTED UPDATE: seems the free Linphone iPhone app supports ZRTP!  Once you have installed the app and set up a username at ostel.co, just go to the app's settings and input your ostel.co username (minus the "@ostel.co" part), then your password, then "ostel.co" for the domain.  Then, in the Network settings, select Media Encryption and tick ZRTP.  Done!  This app even seems to support encrypted video.]

Now you can enjoy secure calls... or (let's have our eyes open about such things) allegedly secure calls.  Also keep in mind that the use of encryption technologies including email encryption and Tor (if detected) can spotlight you for special scrutiny and indefinite retention of your emails and other data, even if you are a U.S. citizen.

Audio quality in my testing has been excellent, clear and crisp and without echo.


Post a Comment