[HacktionLab] Open Source / federated VOIP?

johnc johnc at aktivix.org
Thu Oct 15 08:50:19 UTC 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,

No prob. I'm on Debian too and the nice people in the Debian Mozilla
team debrand/build/package every version of Firefox (iceweasel)
including nightly builds (codename Aurora) :-). Instructions for
enabling repo here:

http://mozilla.debian.net/

I'm currently running ver. 42.0b1.

Cheers,
John


On 14/10/15 18:42, nmd wrote:
> Hey, thanks for all the comments!
> 
> Ring.cx does look good...will try and have a go soon and see if it
> actually does as it promises soon!
> 
> And unfortunately being on debian so far only have firefox (iceweasel)
> 38 which isn't supported by jitsi meet, so i'll have to wait to update
> before trying that...nice one on getting a test server up and running John!
> 
> Cheers,
> 
> Nick
> 
> 
> 
> On 10/10/15 12:48, johnc wrote:
>> Hi,
>>
>> Firefox uses the telecoms company Telefonica to proxy calls. The calls
>> are encrypted but not end to end. Interception would be a concern at the
>> proxy. A similar situation exist as regards Tokbox.
>>
>> There are still major problems with webrtc, the main ones being the lack
>> of end to end encryption and the reliance on X509 certs issues by the
>> certificate authorities. This blogs post was written by Daniel Pocock
>> about a year ago explaining the issues but not much has changed since
>> then.
>>
>> http://danielpocock.com/is-webrtc-private
>>
>> On a slightly more positive note, if you run your own trusted server and
>> are prepared to carefully check SSL certs have a look at jitsi meet.
>>
>> https://meet.jit.si/
>> https://github.com/jitsi/jitsi-meet
>>
>> It's a browser based multi-party video conferencing solution. This
>> rocks! I set it up for work recently as we have sections in a couple of
>> other European countries. You can share presentations and even your
>> desktop, It's better than a lot of propitiatory solutions.
>>
>> If you configure this companion piece of software: jigasi
>>
>> https://github.com/jitsi/jigasi
>>
>> You can plumb in a regular (insecure) telephone number into a web
>> conference which is quite useful also.
>>
>>
>> I will build and or demo one of these systems if anyone is interested at
>> the next meet up.
>>
>> Cheers,
>> John
>>
>> On 06/10/15 23:28, nmd wrote:
>> > Hi,
>>
>> > Thought I'd just resurrect this thread to ask what y'all think of some
>> > of the new webrtc offerings out there?
>>
>> > Firefox Hello being one of the obvious ones, opentokrtc.com also allows
>> > multiple people to video call (without an account), and then there's
>> > others like appear.in which use webrtc but appear not to be fully open
>> > source (well it says nothing about it, so i don't know if that just
>> > means that the server-side is proprietary).
>>
>> > Any thoughts on how secure these kind of things are? I haven't seen any
>> > support for OTR etc. that desktop voip programs have the potential for..
>>
>>
>>
>> > Cheers,
>>
>> > Nick
>>
>>
>>
>>
>>
>> > On Friday 16 Jan 2015 14:19:46 you wrote:
>>
>> >> That's really useful clarification - thanks!
>>
>> >>
>>
>> >> I agree that not having a track record is a negative cf a coder who
>> does.
>>
>> >> Being able to identify them in meatspace is not the main issue, having
>>
>> >> trust is.
>>
>> >>
>>
>> >> Many thanks for this interesting and important discussion
>>
>> >>
>>
>> >> Keep on hacking!
>>
>> >>
>>
>> >> love
>>
>> >>
>>
>> >> g
>>
>> >>
>>
>> >> On 16 January 2015 at 14:08, johnc <johnc at aktivix.org> wrote:
>>
>> > Hash: SHA1
>>
>>
>>
>> > Hi,
>>
>>
>>
>> > The tox developer who goes by the name of irungentoo has not published
>>
>> > any other work (at least under that name) that I can find. I'm more
>>
>> > bothered about the lack of a proven track record than personally
>>
>> > identifying the individual to be honest.
>>
>>
>>
>> > By contrast take ZRTP voice encryption. This was written by Phil
>>
>> > Zimmermann who also wrote PGP (which GPG is based on). Zimmerman is a
>>
>> > respected programmer and cryptographic expert with a proven track
>>
>> > record. Blackphone also comes from the same stable.
>>
>>
>>
>> > Cheers,
>>
>> > John
>>
>>
>>
>> > On 14/01/15 16:12, Gareth Coleman wrote:
>>
>> >> Hiya John
>>
>>
>>
>> >> Just a thought - would you always put an anonymous author as a
>> >> negative?
>>
>>
>>
>> >> loads of love
>>
>>
>>
>> >> g
>>
>>
>>
>> >> On 14 January 2015 at 16:07, johnc <johnc at aktivix.org
>>
>> >> <mailto:johnc at aktivix.org>> wrote:
>>
>>
>>
>> >> I haven't used this yet but have done a little research on the
>> >> program:
>>
>>
>>
>> >> +'s:
>>
>> >> - it easy to use
>>
>> >> - Available on a range of OS's + devices.
>>
>> >> - reasonably decentralised - but I believe it still has some known
>>
>> >> "good/online" user IP's hard coded for bootstrapping like bitcoin has.
>>
>>
>>
>> >> -'s:
>>
>> >> - Currently no independent security review has been performed.
>>
>> >> - It's DHT implementation is vulnerable to Cybil attack=> not that
>>
>> >> hard
>>
>> >> to DOS.
>>
>> >> - No group voice chat.
>>
>> >> - Main developer (irungentoo) is anonymous.
>>
>>
>>
>> >> On 01/12/15 22:17, Jim McTwanky wrote:
>>
>> >>> .....educated /opinion/......that is.
>>
>> >>>
>>
>> >>> On 11/01/15 20:44, nmd wrote:
>>
>> >>>> Hi, Thanks for everyone's suggestions and thoughts - I tried
>>
>>
>>
>> >> jitsi and was
>>
>>
>>
>> >>>> semi-successful (got sound and video working in one direction
>> >> and the
>>
>> >>>> problems
>>
>> >>>> may have been specific to one of the laptops). Might try that
>>
>>
>>
>> >> again in the
>>
>>
>>
>> >>>> future but will also hope that these things get a bit simpler
>>
>>
>>
>> >> with time!
>>
>>
>>
>> >>>> Cheers,
>>
>> >>>> Nick
>>
>> >>>>
>>
>> >>>> On 02/01/15 11:26, Tim Dobson wrote:
>>
>> >>>>> On 31/12/14 16:24, johnc wrote:
>>
>> >>>>>> Some Problems: -Mobile phone specific: -- mobile phones vary
>>
>> >>>>>> greatly in their ability to run sip clients using crypto. I've
>> >> seen
>>
>> >>>>>> sip clients use 100%CPU with awful audio quality on a few phones
>>
>> >>>>>> including high end samsung models. -- The latency on 3G is
>>
>> >>>>>> typically around 1 second. Expect horrible lag etc. Using WiFi is
>>
>> >>>>>> the only way to go unless you are lucky enough to be on 4G.
>>
>> >>>>>> Non mobile phone specific: - ostel's only server is in the US,
>>
>> >>>>>> latency is about 120ms. Not so good if you are in Europe. We could
>>
>> >>>>>> build our own :-). - If you are going to build an ostel system I
>>
>> >>>>>> suggest you include the topology hiding setup from my wiki or
>>
>> >>>>>> elsewhere in your Kamailio config. SIP leaks IP/location
>>
>> >>>>>> information unless you make an effort to obfuscate it.
>>
>> >>>>>
>>
>> >>>>> One solution I quite like, which works *if* you:
>>
>> >>>>> a) trust the clients to a degree
>>
>> >>>>> b) are happy with non-federated, centralised phone system, with the
>>
>> >>>>> PBX as a single point of failure
>>
>> >>>>>
>>
>> >>>>> is:
>>
>> >>>>>
>>
>> >>>>> Your favourite SIP-based PBX system over OpenVPN.
>>
>> >>>>>
>>
>> >>>>> So, your phone connects to OpenVPN, and then the sip clients
>>
>>
>>
>> >> connects
>>
>>
>>
>> >>>>> to the PBX via SIP, over a VPN.
>>
>> >>>>>
>>
>> >>>>> Pros:
>>
>> >>>>> a) as secure as your deployment of OpenVPN
>>
>> >>>>> b) removes NAT issues - there aren't any - the SIP/RTP goes via
>>
>>
>>
>> >> OpenVPN
>>
>>
>>
>> >>>>> c) It mostly 'just works' (tested with .bg client connected to .uk
>>
>> >>>>> server with no issues)
>>
>> >>>>> d) possible on mobile [android], desktop and in modern Snom
>>
>>
>>
>> >> firmwares
>>
>>
>>
>> >>>>> Cons:
>>
>> >>>>> a) nontrival to setup
>>
>> >>>>> b) centralised [not federated, and not designed to be]
>>
>> >>>>> c) requires the giving out of VPN certificates to each client in
>>
>>
>>
>> >> advance
>>
>>
>>
>> >>>>> d) SPOF [or compromise] on PBX system
>>
>> >>>>> e) not really possible to 'just leave on' on mobile without
>> >> emptying
>>
>> >>>>> your battery
>>
>> >>>>> f) only known to be *super reliable* on Snom desk phones,
>>
>>
>>
>> >> connected to
>>
>>
>>
>> >>>>> an uncongested network
>>
>> >>>>> g) certainly not without points of weakness
>>
>> >>>>>
>>
>> >>>>> ---
>>
>> >>>>>
>>
>> >>>>> It's not foolproof. It's not bombproof. But it is a nice
>>
>>
>>
>> >> architecture
>>
>>
>>
>> >>>>> that works for some scenarios. :)
>>
>> >>>>>
>>
>> >>>>> -Tim
>>
>> >>>>>
>>
>> >>>>> _______________________________________________
>>
>> >>>>> HacktionLab mailing list
>>
>> >>>>> HacktionLab at lists.aktivix.org
>> >> <mailto:HacktionLab at lists.aktivix.org>
>>
>> >>>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>> >>>>
>>
>> >>>> _______________________________________________
>>
>> >>>> HacktionLab mailing list
>>
>> >>>> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
>>
>> >>>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>> >>>
>>
>> >>> _______________________________________________
>>
>> >>> HacktionLab mailing list
>>
>> >>> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
>>
>> >>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>> >>>
>>
>> >> _______________________________________________
>>
>> >> HacktionLab mailing list
>>
>> >> HacktionLab at lists.aktivix.org <mailto:HacktionLab at lists.aktivix.org>
>>
>> >> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>>
>>
>> >> --
>>
>> >> ------------------------
>>
>> >> Gareth Coleman
>>
>> >> layer zero labs
>>
>> >> l0l.org.uk <http://l0l.org.uk>
>>
>>
>>
>>
>> >>>
>>
>> >>> _______________________________________________
>>
>> >>> HacktionLab mailing list
>>
>> >>> HacktionLab at lists.aktivix.org
>>
>> >>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>>
>>
>> > _______________________________________________
>> > HacktionLab mailing list
>> > HacktionLab at lists.aktivix.org
>> > https://lists.aktivix.org/mailman/listinfo/hacktionlab
>>
>>
>>
>> _______________________________________________
>> HacktionLab mailing list
>> HacktionLab at lists.aktivix.org
>> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> 
> 
> 
> 
> _______________________________________________
> HacktionLab mailing list
> HacktionLab at lists.aktivix.org
> https://lists.aktivix.org/mailman/listinfo/hacktionlab
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWH2jLAAoJELy1jPQ1KER70nwP/3n0b7EwxIx2+DINTxEEvWU5
9OUdLxfdsELXBUow9/XX2KpImeHlduXn+Nu+R81r2tPC+sx7xFuwJBsM+2J+bVOB
D4LsXS0HhZW+MDzO0oO9i8dH9a0vqFoUn00FhW4AZv+x/xX7jLLnz9UZa6q9aWI5
YuXlBTJkTVKCh+Fh2AMGX0PIE7SJqB743eEsy7uDhhbCJTvWPke//pVRS+vOYQdt
4fjF6akDDLhtW19Z2T9tZSojOzToxNlAPqDVw9N15bBv87BipPeBuLjp/2ZDFVw7
XUpi7Vk4BoJ8/p3RKKJ9HMMhRx45G3wBICoDj11F5XNEzIodEPFJGKtTKhd2bpRL
ldLLYo2qW+W4+EENCCiGWfx5IALEw7IhlemvvgkrI5eKTsXvpUw9EHplljElXtMb
hT0hZfkQY8Jh5xDfD2Ri6Efl0KkpvphQJb2kHyKSUbSjp8NSutlkB0vuKz+qH5ae
9nyH4jUY1zT5Khu5K1RgX4FX5WYV3UEefOnE3yJQyHwD+q1IzV9u7Zpb/HJ+yXyZ
MEsz1hEMDTG7Wr+M0ulOfh26V1a7jPz5lZ9piDoJ14DoEPKnQogHpJEN7pNIrkx7
q2ntLRBVmK7Hm4LjTYcFujeeo8VmHIMhE5R7f0F9B+t0niXiSH/S7wm3czTacy2U
t3J5lmpI/M/FWB7cOBwL
=rhst
-----END PGP SIGNATURE-----

More information about the HacktionLab mailing list