Liberty oriented VoIP service!

[error]

I've never heard of this FBI wiretap network, (until I read the news yesterday) and I certainly haven't built anything which would give them access to it. Especially not from their desks, the lazy no-good bastards.

[porcupine kate]

I have a trackfone and pay about 10 cents a minute.  I've been happy with it.  I set it up in VA and I had no trouble getting a NH number.  I purchased a $50.00 card that gives me double minutes for the life of the phone.  Pay cash and no account information.
Just be aware that every cell tower records that your phone passed it even if the phone is off and you aren't using it.  They used these records of where the phone went to help convict a lady of killing her ex husband in Richmond VA.  They used it to prove she traveled from Texas to Virginia the weekend the murder happened.  I'm not sure if removing the battery solves this problem.  Most older phones from the 90's don't have this "feature".  This "feature" came about around the same time as 911 service on cell phones.

[error]

Removing the battery is the only way to solve that problem. And it works.

[penguins4me]

I wuv my old, beat-up, featureless Nokia '99-era E911-less freebie phone. :)

[money dollars]

I have a disposable drug dealer phone too 

In order for the phone company to route calls to your cell phone, they need to know what cell your phone is in, so they have to keep track of the cell your phone is in. This has nothing to do with GPS features of a phone.

[penguins4me]

In order for the phone company to route calls to your cell phone, they need to know what cell your phone is in, so they have to keep track of the cell your phone is in. This has nothing to do with GPS features of a phone.

... and there's no reason whatsoever to keep track of which cell your phone is in to be able to route calls to your phone if your phone is turned OFF.

[ArcRiley]

Do you support the Speex codec?  This is available if you're operating using Asterisk.

Most VoIP providers do not as their cheap CPEs don't have the processing power (around 90mhz ARM) to support it.  The main advantage of it is it's extremely low bandwidth, "good" quality can be had at only 16kbps, "best" is 32kbps.  Most codecs are "good" at 96kbps and "best" at 128kbps.

For the provider's end this is very good news, more active connections can occupy the same net uplink.  For the customers side it's also good news as using 2+ lines doesn't swamp their broadband uplinks.  With Asterisk and a bit more beefy hardware all calls can also be encrypted.

If you have Speex support I'm interested in putting together some CPE's built to use it using Gumstix.

[error]

Yes, I can do Speex. What do you have in mind?

[ArcRiley]

With the exception of a few GNU/Linux based voip phones (costing $400+) only computers can support Speex at the moment.  As I said, the reason behind this is the FPGA's and little 25mhz ARM processors in CPE's just don't have the processing power to do Speex.

For around $250 a small CPE can be put together which not only supports Speex, for lower bandwidth, but also supports tunneling calls through OpenPGP-based TLS.  That method takes care of the "man-in-the-middle" tapping techniques as well as passive line monitoring while providing a non-hierarchal trust model which protects the service provider as a viable target from someone looking to break this system.  The service provider is still a target for PSTN-gateway calls but they could just tap his gateways for that without his knowledge.

Oh - and a USB client port that the gumstix easily provides can allow it to operate as a USB mass storage device so the loaded software and encryption keys can be verified and maintained by the user should they choose.  Many CPEs, ie those made by Cisco (aka Linksys), "call home" for updates during which time malicious software could be installed without a means for the user to verify.

[error]

Many CPEs, ie those made by Cisco (aka Linksys), "call home" for updates during which time malicious software could be installed without a means for the user to verify.

Actually they call ME for updates. At the moment I don't distribute any.

[ArcRiley]

Oh.  I didn't realize you were distributing CPE, I read earlier in the thread that customers had to purchase their own.  That's disappointing, really.  This whole trend of service providers to own the hardware their customers pay for removes freedom.

In any case I've never seen a voip CPE handle updates in a secure manner.  Most just fetch via http or tftp with no server-identity or signature.  An ISP or someone in control of a router between customer and provider could hijack these update requests and, for example, send modified configuration w/ the firmware to connect to a 3rd party to place calls.  A proxy at this host could record all phone conversations while still routing information to and from the service provider.  We've seen this demonstrated.

Even if a service provider signature was required to authenticate the update as legitimate the existence of such a mechanism makes the service provider a prime target.  Nothing can be done about the PSTN gateway but users should, at the very least, have access to the software and it's configuration.  This is how one keeps federal agents with guns out of the server room.  Recent history shows this as a very real threat, it happens all the time.

This is why I advocate OpenPGP instead of X.509 certs for session key exchange, the "single trusted authority" model doesn't work. Someone can warrant and gag a service provider, they can't do the same to an entire community.

It's nice to have automatic updates - so long as they can be verified by anyone who chooses to ensure the software behaves in a proper manner.  All the pieces to build a truly secure VoIP service already exists - one must only put the pieces together.  Since you're running Asterisk-based service you're already 50% there ;-)

This is part of what I envision a liberty-minded VoIP service being.  I've never seen this done - and it should.  I'm not the one to do it, everyone knows I have enough on my plate already, heck I've settled for Sunrocket/Teleblend with their cheap "gizmo" CPE firewalled and closely monitored by my WRT54G w/ custom firmware.  I can help in small ways, such as help with the firmware build and a custom expansion board for a gumstix CPE.  The latter is fairly easy since the art and information for their existing boards are under the GPLv2, they're very much into enabling things like this.

Would most people want to pay upwards of $250 for a VoIP box?  Unlikely.  Many are content with the $50 jobbers from Cisco.  With volume that $250 would drop to near $50, though, and increasingly more users would choose security/privacy over cost to reach that volume.

We'll have to talk cooperative networking sometime, too. ;-)

[error]

Oh.  I didn't realize you were distributing CPE, I read earlier in the thread that customers had to purchase their own.  That's disappointing, really.  This whole trend of service providers to own the hardware their customers pay for removes freedom.

You misunderstand a lot of things. First, yes, everyone buys CPE, but I distribute it. That's not at all disappointing since the devices are not locked and therefore accessible to the end user, should they want to go somewhere else. (Ask Russell about his $100 Vonage paperweight.)

If you can get me securable CPE down to the $100 price point then we may have something, but I can't move the devices at $250. It is what it is.

[ArcRiley]

Ah, I see re: retailing the boxes but not locking them.  I have a similar vonage brick, it's actually recoverable with some JTAG work but I haven't bothered, the hardware costs far less to replace than my time to open and reprogram it.

$100 price point isn't going to be met with gumstix, that's what the motherboard themselves cost. 

The price could likely drop well under $100 if built as a single layer board using a Blackfin processor but for that, at minimum, a commitment of 500 units would be needed cover the design costs.  That's several weeks of work there.

For lower volume the only alternative is to find a GNU/Linux based CPE with at least a 200mhz ARM.  Not impossible.  I haven't tracked down the specs on the Linksys PAP2 yet, that may be a good candidate.  For, say, 120mhz Speex could be supported - a nice feature even without encryption.  If you find something like that I could do a one-time build service for you to flash onto the units you're already selling.

Now if you're looking cellphones take a gander at the FIC Neo1973.  A GSM+Wifi phone, full color screen w/ 3d accelerated video, 400mhz processor can easily handle client Asterisk + Speex and GnuTLS while playing music in the background.  Can likely knock the price down on these to $400 retail when purchased in bulk.

... very much like an iPhone with it's big bright color touchscreen except it runs GNU/Linux and is thus fully configurable, not vendor-locked.  You could likely license use of AT&T or TMoble's network with seamless VoIP-Cell transition.

[Kat Kanning]

Is there a wireless VOIP router?  We want to go from wireless internet connection to phone.  Is that possible?

[ArcRiley]

Is there a wireless VOIP router?  We want to go from wireless internet connection to phone.  Is that possible?

That will be possible once we have OpenWRT support for the WRTP54G series.  All the wireless access points I could find which support VoIP only do VoIP through the wired ethernet "WAN" port.

So long as the channel isn't suffering from too many collisions you should be able to get a reliable enough upstream to keep the voice streams constant.  If your provider is omnidirectional or too many people are using it who can't "hear" each other you'll get "stuttered" calls and/or frequent dropouts.