IETF Logo Mail Archive

[perpass] Mumble project .... Re: Securing VoIP in the Presence of Pervasive Monitoring

Hannes Tschofenig <hannes.tschofenig@gmx.net> Fri, 13 September 2013 07:13 UTC

Return-Path: <hannes.tschofenig@gmx.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AB2C11E8178 for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 00:13:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.998
X-Spam-Level:
X-Spam-Status: No, score=-101.998 tagged_above=-999 required=5 tests=[AWL=-0.018, BAYES_00=-2.599, RCVD_IN_SORBS_WEB=0.619, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUcjjn55jO45 for <perpass@ietfa.amsl.com>; Fri, 13 Sep 2013 00:12:56 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) by ietfa.amsl.com (Postfix) with ESMTP id 3FEC511E816B for <perpass@ietf.org>; Fri, 13 Sep 2013 00:12:56 -0700 (PDT)
Received: from [10.255.128.165] ([194.251.119.201]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LnPGI-1VrlVA27he-00hg5f for <perpass@ietf.org>; Fri, 13 Sep 2013 09:12:46 +0200
Message-ID: <5232BAE4.9040202@gmx.net>
Date: Fri, 13 Sep 2013 10:12:36 +0300
From: Hannes Tschofenig <hannes.tschofenig@gmx.net>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: Hannes Tschofenig <hannes.tschofenig@gmx.net>
References: <522D863F.10903@gmx.net> <87ioyaz0xg.fsf@nordberg.se> <522DB47D.5080400@gmx.net>
In-Reply-To: <522DB47D.5080400@gmx.net>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Provags-ID: V03:K0:x3kLcpeN4sphtC1xAsA4ieD0WnFtlzOXtSL0Ns1HSAsSLeu6uJU 2XnNvoeW4Uu2vyfPgSW5tGJReVpR/mnRmGonP1nv/KOegkSw3WDMlspy/9Fk3eVPBjD2JSs RdjTjRCDkJOAQsRATzFxx0lbweJgJq7O4vUo3V6nu9xMQmW7shwiJfq1aHlHW06HPVs9+ii BB8nNeU9jbSYaC0jEKQvQ==
Cc: Linus Nordberg <linus@nordberg.se>, perpass@ietf.org
Subject: [perpass] Mumble project .... Re: Securing VoIP in the Presence of Pervasive Monitoring
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Sep 2013 07:13:00 -0000

Hi Linus,

now I had the time to look at the Mumble project.

I might be incorrect in my assessment. I found some information but it 
was mostly irrelevant to make a good assessment about the security and 
privacy properties about it.

There seems to be the (wrong) believe that if you publish software as 
open source then everyone can look at the code and the quality will be 
good.

That's of course not the case. There are a few words here and there 
about security but I failed to see enough to even give me enough to say 
something meaningful about it.

 From what I can tell the software does not interoperate with anything 
else other than their own silo, which is bad.

If you use a provider that runs that VoIP service then you have to trust 
him like with any other VoIP providers. Of course you can run your own 
server but then your friends have to be on your own server as well, if I 
understood it correctly. Maybe that's a great idea that everyone should 
have their own server and if you want to talk to someone then they 
create an account at your server and start communicating with you. (You 
could simplify the account creating by using identity federations, even 
if they don't have anything to do with VoIP.) Of course, this would be 
OK with gaming (which seems to be the main target audience of that VoIP 
platform) but not for normal communication use because it would not be 
obviously for anyone trying to contact you how to reach you unless you 
have a permanent VoIP provider.

 From the point of view what we are trying, namely to develop globally 
interoperable VoIP solutions, this is obviously a step backwards (maybe 
20 years).

What is worse, in my point of view, is that adding Tor to Mumble may not 
actually provide you any additional privacy/security benefits.
If you trust the VoIP provider than you could very easily create an 
end-to-end security solution. Without Tor the other party would most 
likely still see the IP address of your device (or the IP address of 
some NAT). That's what Tor (or other tunneling technologies) could hide. 
The VoIP provider still knows who you are talking with and, depending on 
how the details look like, he may still be able to decrypt the VoIP 
communication.

Ciao
Hannes


On 09.09.2013 14:43, Hannes Tschofenig wrote:
> Hi Linus,
>
> thanks for the comments.
>
> I have indeed skipped that topic. I will have to read into the Mumble
> project to see what security and privacy guarantees it provides.
>
> My current conclusion from using VoIP/IM systems without using Tor is
> that you cannot really protect against collecting this transaction data
> (i.e., you have to at least trust the two VSPs, our own and then the VSP
> of your communication partner). While you can influence routing of the
> data traffic to a certain extend it does not work too well when your VSP
> is working against you.
>
> With IM you could at least set up your own server (e.g., by using an
> XMPP server) but with VoIP that's more complicated because nobody else
> will accepted your connection attempts (as explained in the
> interconnection part of my write-up).
>
> I will come back to you on that issue.
>
> Ciao
> Hannes
>
>
> On 09.09.2013 14:31, Linus Nordberg wrote:
>> Hannes Tschofenig<hannes.tschofenig@gmx.net> wrote
>> Mon, 09 Sep 2013 11:26:39 +0300:
>>
>> | http://www.tschofenig.priv.at/wp/?p=997
>> |
>> | It contains a number of recommendations, which are addressed to VoIP
>> | providers and vendors but have to be enforced by data protection
>> | authorities.
>> |
>> | The recommendations unfortunately highlight some challenges...
>>
>> Indeed. And still, I miss any mention on protection against collecting
>> data about who's talking to who.
>>
>> Without claiming any expertise at all in this area, the closest thing to
>> something implementing this that I've heard of is Mumble over
>> Tor. Mumble [0] is not standardised AFAICT. The Guardian Project wrote
>> [1] about this earlier this year. Some people seem to use it [2].
>>
>> [0] https://en.wikipedia.org/wiki/Mumble_%28software%29
>> [1] https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/Mumble
>> [2]
>> https://guardianproject.info/2013/01/31/anonymous-cb-radio-with-mumble-and-tor/
>>
>> _______________________________________________
>> perpass mailing list
>> perpass@ietf.org
>> https://www.ietf.org/mailman/listinfo/perpass
>

v2.23.0 | Report a Bug | By Email