it feels like more than a year since I last used Skype. The reason? I refuse to use it any longer since it is everything else but secure. But, after having set up my new computer, I would like to install the most-recommended Skype-Alternative, End-to-End-Encryption is a MUST for me. I would prefer finding a service which is cross-platform to be able to recommend it to my friends and make it easier for them to change. An awesome reference to opt out of global data surveillance programs likePRISM, XKeyscore and Tempora I found is PRISM-BREAK. This website is dedicated to defend our right to privacy, which we can exercise by encrypting our communications and ending our reliance on proprietary services.
So, fellow users, what do YOU use to securely video chat, send files and write about stuff noone else but your friend shall know about? I would like to catch up with the openSUSE community if there is some application I have not heard of yet and is particularly secure and trusted by our power users here. Let the discussion beginn!
I mostly use Ekiga for SIP calls, no implementation of encryption yet it seems but it is coming: http://ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available
I also use KTP, or rather try to use it, but whatever capabilities it has at this stage I wouldn’t know; KTP is quite hard to get an overview on, but I would really like the project to succeed as I am on KDE and would welcome a more integrated IM/telephony client for the DE.
Thank you very much for having the courage to participate in this thread. Reputation added! One interesting client I found in the section for Instant Messaging Alternatives on PRISM-BREAK is called “Jitsi” and it claims to offer end-to-end encrypted text, voice and video messaging. I would LOVE to hear your opinion on that - if other people have been using it here, please tell me how it compares to the other options out there!
On 2014-02-28 07:56, F Sauce wrote:
>
> Hello!
>
> One or another SIP client should do: http://tinyurl.com/m6j5vwp
>
> I mostly use Ekiga for SIP calls, no implementation of encryption yet it
> seems but it is coming:
The SIP protocol allows for encryption, end to end. The connection
metadata can be encrypted, and the data stream can be encrypted. But you
need all parties (the people talking plus the… whats the generic name?
The exchange server (asterisk, for example) supporting it. And this does
not happens always.
On most occasions, participants will not even know if their
communications are encrypted or not. If one of the involved parties can
not handle an encryption protocol on which all agree, the communication
defaults to non-encrypted.
Besides that, I’ 80% sure that those interested agencies can break those
encrypted communications. Not as convenient to break as skype, but I’m
pretty sure they can do it as well, if they wish.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)
I don’t know if things have changed but for the longest time on demand encrypted multimedia (video particularly) streaming wasn’t practical. Hardware (and less likely software) couldn’t do the required encrypting/decrypting fast enough to support low enough latency for a practical experience. Streaming is already dropping out of order and late packets, think what that would do for encrypted packets which likely needs to ensure content integrity.
So, as of today it may not be possible unless you build compromises into the solution and likely run over a specially constructed network, eg dedicated network links and possibly applying QoS for the protocols used.
Still, technology advances and maybe some of the most onerous issues may be solved and hardware is getting more powerful all the time (although pure clock speed seems to have hit a wall)
An interesting alternative is Phil Zimmermann’s (of PGP fame) zfone page (http://zfoneproject.com/index.html) and the Zrtp specification.
It is cross platform and open source plus you can choose the strength of some of the encryption schemes based on the trade off between security and execution time.
Another alternative, is to not use software but hardware for the encryption.
I wonder if encrypted communications be filtered out from all communications taking place and will it make it more likely you will become a “person of interest”.
This seems to me the most promising so far and I even like their website on TOX.IM. Even though I have never heard of NaCl (their networking and cryptographing library), I am eager to give it a shot. But do I have to register first? I don’t see a description… Is anybody here using it already? How does it compare to Jitsi and Zfone?
Although I think it’s great that Tor is developing its own IM tool, I admit to not trusting it anymore. Too many articles and speculations have made me distrusting it. Yes, I know, noone should solely rely on using Tor or any other privacy service, but you know, TRUST and NO NEGATIVE plublicity is my priority in order to select a service running on my hardware. I still consider Tor to be an awesome project, but I will NOT use “Instantbird”. What an ugly name for a secure messaging service.
You now know my current opinion, I’d like to receive some more feedback here - awesome discussion, keep it movin’!
No idea about the others but I found installation to be easy (just download the rpm file from http://wiki.tox.im/binaries [There are other clients you can use listed here http://wiki.tox.im/Client] and then install it using the rpm command or yast). As for running it once it is installed, do that as you do for any other program, then click the plus sign on the bottom to add someone and then just enter their ID and a message you want to send them (the ID is randomly generated and you can get your ID by clicking the down arrow on the top right of the Venom window and selecting edit user, the bottom beside the ID will copy it into your clipboard). I have no idea how good this works as a chat system though, I have no one to test it with.
Alright just for you I decided to test this out with a native client and one running in WINE. Seems to work fine but no file transfer yet (might have to do with the QT version not supporting it though, not sure)
Just a short note on TOX: Yesterday I upped my butt to have chat with the developers through IRC - extremely friendly people and very open about their development. Right at this very moment they are working to improve the ID-sharing system to make it easier to find and connect with your friends than it ever was in other systems like Skype. Once completed, they say that you’ll be connected within the glimpse of a second. To be honest, I have high expectations for this project now!
Thank you for giving it a shot! Did you find a menu where to edit user account details? Maybe you could also give Jitsi and Zfone a try? What I’d like to read about is a through review of all the major alternatives providing strong end-to-end encryption to be able to make a final decision which one to use and spreading positive words about it. Personally I’m a Geek at sticking to something that already convinced me for good. I know, I review all IMs by myself - but unfortunately I’m in a lack of time in this life. So, if someone knows of (or wants to) write a neat review: I’ll add a big, bold positive reputation to the one pasting the link here. THANKS!
I don’t think this will be a big issue, I’m the tech-savvy gutu for them. This morning I opened an issue on the Prism Break GitHub to discuss whether TOX shall be added to Prism Break (which I think would be a neat idea). You’re invited to join the discussion and drop your suggestions, folks!
Perhaps off-topic, however those interested in encryption should perhaps read: ** World War II Code Used By British POW In Letters Home Cracked, Offering Rare Glimpse At MI9 History**
On Mon, 17 Mar 2014 22:36:01 +0000, Fraser Bell wrote:
> SecUpwN;2631072 Wrote:
>>
>> Exactly. That is why you leave your doors wide open, 'cause “you have
>> nothing to hide”.
>>
>>
> … and, OH, how frustrating it is to see the steady, relentless erosion
> of our basic rights and freedoms under this disingenuous mantra!
Guys, let’s keep the discussion here on-topic…we have a soapbox for
topics like this, though this borders on politics, too.
Tox
Still very unknown to many people so I dont see any reviews for it, but I have already shown you some of the features that it has ITT & you can always ask on the IRC channel.
