On Tuesday, 15 November 2016 11:13:36 AM AEDT Peter Ross via luv-talk wrote:
1. Most of our communication is not encrypted end-to-end.
2. The metadata for phone communication is easily available.
We have at least the following questions:
1. How do you encrypt safely all communication from phone to phone?
I believe, the only way of doing it these days is by using IP telephony (and messaging etc.) because I can encrypt it.
Encrypting data without VOIP is possible and has been done in several ways. GSM includes encryption but it's only designed to stop hostile parties between the cell tower and the phone, and in addition it's been broken. The GSM calls have a digital data stream that can be used for other things. A Dutch company that I knew of when I was in Amsterdam made phones that encrypted voice data and sent it as a GSM stream. The telco thought it was a regular phone call but it happened to be encrypted. I don't think there's a lot of demand for that sort of thing nowadays. As you noted Whisper only encrypts the data. I am not sure to what extent it would protect metadata. It would not be THAT difficult to design a VOIP service that had all calls with encrypted data going to a central system so it would not be obvious which end users were talking to each other, but a hostile party with significant resources (IE a government agency) could tap all data and match start and end times. It wouldn't be any more difficult to have a VOIP service that's always on and sends a continuous data stream to/from all end nodes such that the start and end of calls can't be known without decrypting the data. But the problem with this is that a central service is vulnerable to all manner of attacks by government agencies. Tor is very difficult to crack, some people who have done various illegal things have said things like "if Tor was easy to crack I would be in jail now". It's quite plausible that there is a weakness in Tor that allows someone with the resources of a government agency to attack it, in fact it's certain that if an agency had enough hostile nodes in the Tor network it could do that. But it's a matter of how badly they want to catch someone. If you have the type of secrets that most people have or commit crimes that don't have a national security impact then government agencies wouldn't risk revealing their capabilities for attacking Tor. But Tor is totally unsuitable for phone calls. Long RTTs and lots of jitter. If you want good encryption then use IM instead of phone calls. Torchat is supposed to be good at what it does. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/