Interesting People mailing list archives
more on using phone cards for secure communications
From: David Farber <dave () farber net>
Date: Fri, 4 Aug 2006 14:27:31 -0400
Begin forwarded message: From: Brad Templeton <btm () templetons com> Date: August 4, 2006 2:14:31 PM EDT To: David Farber <dave () farber net> Cc: ip () v2 listbox com Subject: Re: [IP] more on using phone cards for secure communications On Fri, Aug 04, 2006 at 01:44:46PM -0400, David Farber wrote:
Needless to say, phone cards should be purchased with cash, never more than one at a time, never twice in the same store, and preferably not under the gaze of a camera. It is too bad we need such tradecraft to keep our freedom.
Many of your pure-VoIP alternatives are also subject to at least traffic analysis, so they can tap the IP addresses of the people you talked to if they have a wiretap on your line, or theirs. However, to the best of my knowledge, nobody not already doing a wiretap keeps logs of these associations, so they can't go back into the past and get your "records." It would be a pretty impressive job to keep records, especially if applications start switching what ports they run on, but it's not out of the question that future record keeping laws might demand ISPs to log unique target/destinations on SIP packets, for example. One thing Skype provides that is very interesting is its use of supernodes. If Skype can't find a direct path for voice packets using the UDP, it "recruits" an unwitting Skype user who is on the external internet to be a bridge. Your traffic goes through the bridge, encrypted. As such, somebody intercepting those packets, except at the bridge, would not be able to know who you were talking to. (I suspect the reason Skype made encryption standard was about 10% for promotion of user privacy, 40% for keeping their protocol proprietary and 50% because they would have gotten into big trouble if the supernodes were able to listen in on conversations and start putting juicy ones up on the web.) However, other things might catch you out, including your query on the user's Skype ID into the network, possible attempts to connect directly with the other user before realizing you must use a supernode, the presence of taps at both ends (less likely), hidden windows in the Skype security, and finally, the fact that your Skype client records a history on your own machine of your calls with everybody, which could be taken with a warrant or subpoena -- though press might have some protection in the latter case. Note that most computerized phone tools keep phone logs for you, as that is what most users want. However, it's better to have logs on your own machine under your control than at a 3rd party's servers. (Note that many people who may think they are behind a NAT will not use supernodes. This occurs only when both parties are behind a highly enforced NAT or firewall. The vast majority of NATs can be penetrated with a number of techniques. Many modern ones also support the uPNP protocol for explicit opening by clients. ) You can use Skype or other applications from internet cafes, or while some would consider it questionable, from open wireless networks where you don't have such explicit permission. Traffic anlalysis on this is not very fruitful, again unless you keep using the same one all the time. However, once again you're a big step over the phone system (and VoIP phone interconnects like Vonage) because nobody but you is keeping records for now. ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on using phone cards for secure communications David Farber (Aug 04)