Will secure VoIP conversations be possible in the near future?


Encrypted VoIP you say? Why do we need such a thing? Ain't that difficult? Just for Geeks? I've got nothing to hide! Am I paranoid?

Let's start off with the most difficult question : "why". As far as I'm concerned, there is no answer that has all the reasons you may be interested in it for, why I may be interested, or Jake or Ali down the road. We all have out reasons, even though one may not realize it until it's too late to turn back and do things differenly. If you write a letter - you know, those ancient things with real paper, ink or a pen and actual handwriting - and put it in an envelope, stamp it and drop it in the mailbox, you expect that to reach the destination without it being opened, read or tampered with, don't you. That's the way we've been doing it for years.

Let's take e-mail for example : you write a mail, send it almost instantly to the addressee and be done with it. However, just like in the postal system, your mail bounces through various servers and systems all over the world before it reaches the destination. While we can be - relatively - certain about the security and reliabilty of the established postal system, you have much less certainty about the validity, trustworthness and security of the many servers that accept and forward your e-mail. Pretty much anyone could read it, alter it, or discard it on the way, and in some cases you'd be nothing the wiser.

The same is possible with VoIP, as it's just an IP based protocol that uses servers that are not under your control to reach the destination. Sure, you may not have secrets to share - or so you think - and no one is interested in your boring life anyway, why would the waste time and money tapping your conversations?! Don't ask yourself those questions and just assume that someone, somewhere *is* interested in what you say, write or read.

So, I'm quite interested in what Phil Zimmermann, will have to say about his newest VoIP encryption project, as he presents it at a security conference next week. Check out the Wired article for more information : Privacy Guru Locks Down VOIP. Interesting words by Bruce Schneier on related matters, and The Register has also picked up info on the VoIP encryption : PGP inventor to debut VoIP crypto.


Now, that more and more people are using Skype, it's certainly something to be aware of. In the house where I am living, a programmer used Ettercap to sniff the communication on our hub. Our landlord installed a hub to make sure that our Internet connection is shared by the ten inhabitants of our house. After somebody requests information from a server on the Internet, that information is returned to all ports on the hub. The programmer was able to listen to information being returned to the hub, which was not meant for his computer. He overheard MSN conversations of other inhabitants and found out one of the inhabitants of our house was apparently gay. Luckily after having talked to the landlord he was evicted from our house. But it shows that privacy on the Internet should be a concern of all of us.

I've done some sniffing myself, using ethereal but I usually fire it up if I forgot my password for some application, yet it is still saved. I let the app connect to the server, capture the stream and read the password in plain text - pretty convenient, yet I think most people are just unaware it can be done.

Now, what I wonder about in your comment is this : who was kicked out? The programmer for sniffing the hub, or the gay man for being gay? In either case, I would object since none of them did anything wrong if you ask me.

Sure, if Mr.Geek abused the information gathered, that would warrant a firm warning, but should also lead to others being more aware of the problems.

If Mr.Gay was kicked out because of his sexual preferences, that is equally wrong because what other people do in their private and intimate life is of no concern to others, let alone should one be judged on it.

It's been available for a long time, it's just not something that the vast majority of people regard as important.


Mr. Geek was kicked out by the landlord, after I complained about it even if I had just arrived in the house and had not yet been the victim of it. The first time it happened Mr. Geek reputedly said he realized it was inadmissable and promised he wasn't going to do it anymore. Later on the inhabitants found out that he was continuing. He also sniffed on demand. The boyfriend of one of the girls in this house had asked Mr. Geek to check her MSN conversations. When I arrived and the inhabitants told me this story, I felt I had to declare my solidarity to them, because it was clear to me that Mr. Geek had not yet fully realized how troublesome his behaviour really was.

Leave a comment

Monthly Archives


OpenID accepted here Learn more about OpenID
Powered by Movable Type 5.04

About this Entry

This page contains a single entry by ServMe published on July 27, 2005 9:53 PM.

Warning : Totally addictive was the previous entry in this blog.

TGIF meme is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.