jump to content
In the Network: Media Co-op Dominion   Locals: HalifaxTorontoVancouverMontreal

Online Confidential

Issue: 79 Section: Opinion Topics: Activist, Security Culture, technology

October 12, 2011

Online Confidential

Free software project provides secure alternative to Skype

by Boskote

Photo: Shira Ronn

MONTREAL—Increasing awareness of state surveillance following the 2010 Olympics and the G20 summit last year has prompted greater scrutiny of the lack of privacy offered by most telephone and online communications.

Historically, there haven't been many easily accessible options to reliably provide secure voice communications. That situation changed dramatically in June of this year when a free software project called Jitsi was released, allowing the average computer user to reliably encrypt voice and video communications over the internet. In addition to the software, Jitsi has also released a service called jit.si that allows anyone to create free accounts using Jingle, an open internet communications protocol that is also used for Google Talk.

This combination of software and service provides a secure, accessible alternative to Skype—a corporation that has a history of collaborating with state surveillance. They have worked with the government of China to create a version of their software that tracks certain keywords that are sent in instant messages through the Skype network.

Skype advertises their calls as encrypted. But the security of their system can't be verified because it is proprietary, which means they won't publicly reveal how it works. This is not likely to change any time soon. In May of this year Skype was acquired by Microsoft, a company which is known for selling proprietary software with poor security, such as the Windows operating system.

As a free software project, the source code for Jitsi is available for anyone to examine and modify. This is especially important for programs that are providing security, because it allows for public review of the software to help find any flaws that may compromise the intended security features. Jitsi uses a standard real-time communication encryption system called ZRTP, which was first released in 2006 and has since been peer-reviewed by at least eight different cryptography research teams. This system is very easy to use. A call is made to someone else using the same system. Once the connection is established, a four-character code will appear on both ends of the conversation. If the people talking confirm that these two codes match, it indicates that there is no one listening in on the call.

Despite the strengths of ZRTP, there are always limitations to the security, whether for Jitsi or any other communications software. For example, there is a special kind of malware that can record a conversation directly from the audio input and output of a computer.

While Jitsi runs on Windows, Mac, and Linux, it is much easier for malware to infect a Windows operating system than the other two. Of course, if there is a listening device planted inside or near the computer that is being used, or if the person on the other end is not trustworthy, the security of the conversation is compromised no matter what operating system is being used.

Encryption of the content of a conversation is also limited because it will still be clear that a conversation has occurred, and under most circumstance it wouldn't be difficult to figure out who was on either end of the call. This information can be useful from a surveillance perspective for mapping social networks.

Currently, the US government already does this kind of traffic analysis for all of the phone calls that are made in the United States. Fortunately, it is possible to evade this kind of tracking by using anonymity software such as Tor, which can send your network traffic to a global network of computers in order to make it much more difficult to track your location and identity. It is possible to route Jitsi traffic through Tor, allowing for communication that is both anonymous and secure.

Currently Jitsi is only designed to work on computers, but a version for Android phones is under development. However, there are already secure communications options available for Android phones. A company called Whisper Systems has developed two apps for Android. One, called RedPhone, makes calls through a smart phone's data plan and encrypts them using ZRTP. The other is called TextSecure, and it encrypts text messages.

If smart phone and data plans become more affordable, these Android apps will become important tools for secure mobile phone communication. In the meantime, many people have access to computers, and Jitsi now provides a good way of using them to communicate securely.

Boskote does research and workshop facilitation on secure communication with ATS (Anarchistes pour des technologies solidaires/Anarchist Tech Support).

Own your media. Support the Dominion. Join the Media Co-op today.

Comments

Advertisement

Want to receive an email notice when a new issue is online? Click here

The Dominion is a monthly paper published by an incipient network of independent journalists in Canada. It aims to provide accurate, critical coverage that is accountable to its readers and the subjects it tackles. Taking its name from Canada's official status as both a colony and a colonial force, the Dominion examines politics, culture and daily life with a view to understanding the exercise of power.

»Where to buy the Dominion

User login