[HacktionLab] Open Source / federated VOIP?

Tue Oct 6 22:28:39 UTC 2015

Hi,
Thought I'd just resurrect this thread to ask what y'all think of some of the new webrtc offerings out there?
Firefox Hello being one of the obvious ones, opentokrtc.com also allows multiple people to video call 
(without an account), and then there's others like appear.in which use webrtc but appear not to be fully 
open source (well it says nothing about it, so i don't know if that just means that the server-side is 
proprietary).
Any thoughts on how secure these kind of things are? I haven't seen any support for OTR etc. that desktop 
voip programs have the potential for..

Cheers,
Nick

On Friday 16 Jan 2015 14:19:46 you wrote:
> That's really useful clarification - thanks!
> 
> I agree that not having a track record is a negative cf a coder who does.
> Being able to identify them in meatspace is not the main issue, having
> trust is.
> 
> Many thanks for this interesting and important discussion
> 
> Keep on hacking!
> 
> love
> 
> g
> 
> On 16 January 2015 at 14:08, johnc <johnc at aktivix.org> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hi,
> > 
> > The tox developer who goes by the name of irungentoo has not published
> > any other work (at least under that name) that I can find. I'm more
> > bothered about the lack of a proven track record than personally
> > identifying the individual to be honest.
> > 
> > By contrast take ZRTP voice encryption. This was written by Phil
> > Zimmermann who also wrote PGP (which GPG is based on). Zimmerman is a
> > respected programmer and cryptographic expert with a proven track
> > record. Blackphone also comes from the same stable.
> > 
> > Cheers,
> > John
> > 
> > On 14/01/15 16:12, Gareth Coleman wrote:
> > > Hiya John
> > > 
> > > Just a thought - would you always put an anonymous author as a negative?
> > > 
> > > loads of love
> > > 
> > > g
> > > 
> > > On 14 January 2015 at 16:07, johnc <johnc at aktivix.org
> > > <mailto:johnc at aktivix.org>> wrote:
> > > 
> > > I haven't used this yet but have done a little research on the program:
> > > 
> > > +'s:
> > > - it easy to use
> > > - Available on a range of OS's + devices.
> > > - reasonably decentralised - but I believe it still has some known
> > > "good/online" user IP's hard coded for bootstrapping like bitcoin has.
> > > 
> > > -'s:
> > > - Currently no independent security review has been performed.
> > > - It's DHT implementation is vulnerable to Cybil attack=> not that
> > > hard
> > > to DOS.
> > > - No group voice chat.
> > > - Main developer (irungentoo) is anonymous.
> > > 
> > > On 01/12/15 22:17, Jim McTwanky wrote:
> > >> .....educated /opinion/......that is.
> > >> 
> > >> On 11/01/15 20:44, nmd wrote:
> > >>>  Hi, Thanks for everyone's suggestions and thoughts - I tried
> > > 
> > > jitsi and was
> > > 
> > >>> semi-successful (got sound and video working in one direction and the
> > >>> problems
> > >>> may have been specific to one of the laptops). Might try that
> > > 
> > > again in the
> > > 
> > >>> future but will also hope that these things get a bit simpler
> > > 
> > > with time!
> > > 
> > >>> Cheers,
> > >>> Nick
> > >>> 
> > >>> On 02/01/15 11:26, Tim Dobson wrote:
> > >>>> On 31/12/14 16:24, johnc wrote:
> > >>>>> Some Problems: -Mobile phone specific: -- mobile phones vary
> > >>>>> greatly in their ability to run sip clients using crypto. I've seen
> > >>>>> sip clients use 100%CPU with awful audio quality on a few phones
> > >>>>> including high end samsung models. -- The latency on 3G is
> > >>>>> typically around 1 second. Expect horrible lag etc. Using WiFi is
> > >>>>> the only way to go unless you are lucky enough to be on 4G.
> > >>>>> Non mobile phone specific: - ostel's only server is in the US,
> > >>>>> latency is about 120ms. Not so good if you are in Europe. We could
> > >>>>> build our own :-). - If you are going to build an ostel system I
> > >>>>> suggest you include the topology hiding setup from my wiki or
> > >>>>> elsewhere in your Kamailio config. SIP leaks IP/location
> > >>>>> information unless you make an effort to obfuscate it.
> > >>>> 
> > >>>> One solution I quite like, which works *if* you:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.aktivix.org/pipermail/hacktionlab/attachments/20151006/7cfc1dc8/attachment-0001.html>