Question About SIP or Other Phone Services

In another thread on this forum, I posted about how happy I am with my new Pixil 6 Pro running a GraphoneOS. Graphene OS is likely to be the most secure and privacy-oriented operating system in the world today, that is actually available for both sale, and that you can actually receive within a few years of having ordering and paying for your new phone. Whereas the phone itself arrived at my door within five days after I ordered it, I did have to take another ten minutes to flash GrapheneOS to the phone in a four-mouse-click flashing procedure. GrapheneOS is a fully-developed, security-based, opensource audited Android operating system.

There are some compromises to make when using this method. 1.) If there are any firmware blobs in the hardware that compromise your privacy, there is nothing you can do about that and you will probably never know about it. 2.) You have to purchase the phone from Google. So you pay the devil and trust the devil to not betray you in a new deal. In exchange, you don’t actually live in hell where you would have to willingly agree to sign-over all of your privacy rights to the devil in exchange for the right to live in his kingdom. Hopefully, Google won’t be evil when it comes to this other, more appealing deal:

https://en.m.wikipedia.org/wiki/Don't_be_evil .

In fairness to Google, all businesses have to make money to stay in business. Maybe by using cash to pay Google for their flagship phone, their firmware blobs alone will be less intrusive than if I were to agree to their terms of service and submit to a known oppressive OS with apps that I would agree to allow anyone to spy on me. That Android Open Source Project (AOSP) and GrapheneOS appear to both offer me a lot of protection from the otherwise extreme known acts of exploitation against me.

Having escaped from the Matrix now, I find myself looking for a secure way to replicate Google Voice services without actually doing business with Google. And like the phone itself, I am willing to pay a reasonable monthly fee in exchange for privacy and security, and in fairness to the seller, for the service itself. I am guessing that maybe a SIP phone service might be the best method. But I have recently read that SIP protocols have no security and that the SIP service won’t work if you use it in a VPN environment. I like the flexibility of moving my phone numbers around without having to port them to do it. I like the features of making phone calls from any phone, and my friends and family recognize my number when I call them, regardless of which device I am calling from. I like receiving calls to my number from any device of my choice. I also want a phone number that is different than the phone’s real number, so as to throw off anyone who snoops and thinks they have my phone number because they cracked-in enough to read the SIM and carrier information assigned to the phone by the carrier. So a trusted proxy is needed for the service. By using data to make and receive the calls, anything is possible.

Anyone here have any ideas.

So… what’s your question?

LOL, I was thinking the same thing.

But I can provide you with how I set up a PBX with mobile clients.

So I use twilio with an sip trunk into an asterisk server. This server has a number of other
trunks all connected thru wireguard VPN.
Also a couple android phones are connected via wireguard.
As a sip client I currently use linphone, because the andoid dialer dropped the support for sip. (well the sip dialer still allows for configuring a sip connection, but it doesn;t work anymore)

-H

1 Like

Not the OP (and I realize your comment may be somewhat sarcastic) but I broke it down in case anyone wants to skim over, note that this is somewhat paraphrased:

I want a data based phone service that allows me to do/handles the following:

  • I don’t want to worry about porting phone numbers
  • I want to make calls from any phone (using the same number)
  • I want to receive calls to any device I choose
  • I don’t want to use my “main” number for security purposes and am ok using a secondary number

I read the following and don’t know if this is true or rules out SIP services entirely as i like to use a VPN

  • SIP protocols have no security and that the SIP service won’t work if you use it in a VPN environment.

It wasn’t really sarcastic. SIP in general covers those first 4 points, assuming the device(s) used can establish a SIP connection. SIP can (I believe) use encryption, so I’d have to see where point 5’s information is coming from.

So is the question “should I use SIP?” or “I want to use SIP, which SIP service should I use?”?

1 Like

Both not true.SIP can be secured with TLS and so can RTP.
It works great over VPN. It sounds actually counter intuitive but in my experience the VPN lowers the latency. (Singapore - USA : with VPN 120 ms, without 150 ms; Germany - USA with VPN 110 ms, without 115)

-H

1 Like

Thanks for all of your inputs here everyone. I guess I can just try a SIP service with my current VPN to see if it works. Hopefully, it will be secure also. I’ll look in to TLS and RTP also.

That will be complicated as SIP has to navigate the VPN. May work. May not work. Best to try it.

SIP via VPN is not really secure - because it is not end-to-end secured. It is only secured as far as the remote VPN endpoint.

If you are concerned about SIP security then there is no substitute for end-to-end securing SIP e.g. SIP itself via TLS (whether using a VPN or not).

Of course even then it is not fully end-to-end secured. It is only secured as far as the SIP proxy. (Hence for example if you use a SIP service to call a service on the regular phone network then you are kidding yourself if you think that either the content of the phone call or the metadata of the phone call remain confidential. On the other hand, if you call another SIP service then the content of the phone call may be confidential but the metadata of the phone call may not be confidential.)

1 Like

I have to admit that I did not really understand when your were talking about “VPN”.
When I talked about VPN I meant the technology (not those VPN services out there).
I can see where those VPN services will cause all kind of issues for SIP telephony.
To secure a SIP/RTP connection to your ITSP you should use TLS. If they offer a VPN to their server you could use that, but I am not aware anyone offering this.

-H