
Silent Circle Launches Global Encrypted Calling Plan - mike-cardwell
https://blog.silentcircle.com/why-are-we-competing-with-phone-makers-skype-and-telecom-carriers-all-in-the-same-week/
======
MichaelGG
I love how they talk about how they don't have any infrastructure costs and
can outmaneuver "major telecoms" but then gleefully talk about connecting to
the PSTN.

I'd also like to have them publish and guarantee exactly what they mean by
"encrypted to the PSTN". Are they guaranteeing they have TDM access in every
destination, and that their TDM access doesn't get sent out over IP? Or do
they really mean the run IPSec to a handful of VoIP carriers and call that the
PSTN?

Not to mention, encrypted to the PSTN solves what, exactly? How's it really
any different than using my cell phone?

The whole blog post is written in a very odd, feels-like-snake-oil manner.
They compare to Skype's plan, but on their homepage, their $12 plan has only
100 minutes. Skype's plan is "unlimited" (subject to fair use). So I'm not
sure why they'd bother comparing the two - they don't seem the same?

The zRTP and member-to-member stuff is probably done correctly, but the rest
of it feels very hype-like.

~~~
cowbell
>Not to mention, encrypted to the PSTN solves what, exactly?

I presume, if one calls Germany, and the line is encrypted from the handset to
Germany, then that person would be out of NSA's reach.

I suspect that would make wiretaps more difficult as well, since police would
need to tap who is called, instead of the caller. That's a lot more warrants
and they need them in advance of a call... or they need every call recorded
from the end points for later search.

~~~
xorcist
But the PSTN is the _easy_ part to wiretap. Especially the TDM part of it.
Data is nicely partitioned in channels and there is only one single metadata
format to worry about.

And you can not compare the NSA with the police. The latter needs a warrant
(sort of, depending on locale) but the former doesn't.

~~~
cowbell
According to everything I've read on the subject, including today's revelation
that NSA is recording 80% of all phone calls, is that NSA grabs from the
backbone. They do not have monitoring installed at endpoints. That would be
expensive, and in foreign countries, infeasible. It's hardly perfect, but I
think everyone can agree it's better than unencrypted all the way. Everyone
except the Friends of NSA trying to convince everyone to stay away, because
"it isn't truly secure"... You've got to start somewhere.

~~~
xorcist
That's what I'm saying. The "backbone", by which I take it you mean the big
PSTN providers, is by far the easiest point to wiretap. Internet exchange
points are by design far more heterogenous, plus that wirespeed protocol
parsers that has the ability to parse the plurality of protocols used is at
least an order of magnitude more difficult/expensive.

The five eyes do that as well, no doubt about it. But if you encrypt your
traffic on IP and then switch out to unencrypted PSTN then that's completely
useless as you'd risk drawing unnecessary attention to your plaintext.

~~~
cowbell
>But if you encrypt your traffic on IP and then switch out to unencrypted PSTN
then that's completely useless as you'd risk drawing unnecessary attention to
your plaintext.

So the solution you suggest is to try to hide in plain sight? Good luck with
that.

~~~
xorcist
Why would you think that? Am I really that unclear?

If I had to venture a suggestion it would be to encrypt your data end-to-end.

~~~
cowbell
lol. Right, because my mom's rotary phone will work like that.

That's the "comprehensive reform" argument weaselly politicians use. Ex. Chuck
Schumer works for the banking industry. The banking industry needs reform
after financial crisis. Chuck blocks banking reform by demanding
"comprehensive reform" and refuses to implement partial measures that would
help/start the reform process. He claims he's strongly in favor of reform. So
much he's unwilling to compromise for partial measures. As such, he votes
against all measures of reform. Sure Chuck, we all believe you really want to
reform the banks that paid for your elections.

If end to PSTN can make it more expensive for the NSA to collect, then it's
good, even if it isn't foolproof.

If the default config for apache were to generate self signed certificates,
you would say, that's useless, because MITM. I would say, that's great,
because now NSA is forced to MITM if they want to snoop. It increases the
expense for the attacker, making their ability to snoop more limited.

~~~
xorcist
> Right, because my mom's rotary phone will work like that.

No it doesn't. That's why you shouldn't market products with the claim to make
secure calls to her.

There are product to encrypt PSTN calls. These products needs to be used at
both ends to be effective.

> If end to PSTN can make it more expensive for the NSA to collect, then it's
> good,

It doesn't, that's the point. You can count on the whole SS7 being
compromised, all the time. It's where these agencies came from.

> If the default config for apache were to generate self signed certificates,
> you would say, that's useless, because MITM.

Again words in my mouth. I believe it is in fact the default in the major
distributions, and it isn't "useless". This has absolutely nothing to do with
the PSTN so I won't discuss this particular straw man further.

~~~
cowbell
>I believe it is in fact the default in the major distributions

I have never once seen apache generate a self signed cert and default to http
off for all connections. But sure, you didn't say that. I was simply drawing a
parallel argument to what you were saying about PSTNs.

So let me make one more logical fallacy since the article clearly isn't
providing enough info to prove either of our arguments.

Appeal to authority: Who should I trust dude? You, random internet poster, or
Phil Zimmermann? I'm going with the guy who invented PGP and has a reputation
and track record on encryption. Through his actions, he has built lots of
trust/cred. You have not. If he has started a company, is delivering this as a
product, and marketing that aspect as a feature, he clearly believes that it
offers some benefit over a fully unencrypted line.

I'm willing to give that man the benefit of the doubt. You on the other hand
could be working for the NSA and trying to derail interest in his product for
all I know. Oops, that was two logical fallacies.

------
xorcist
What is this marketing gibberish and why is Zimmermann (of PGP fame) connected
to this?

I first thought that it was cool they released a mass market product that
encrypts PSTN communications. This is something that speciality phones do that
carry a hefty pricetag and are two generations behind technologically. But on
a second reading it says "encrypted TO the PSTN". What does that even mean?
You could say that about every GSM phone if you wanted!

Also "secure virtual operator". Are they a virtual operator or not? In which
countries? Certainly not the 41 countries listed above, even if that's what
they want you to believe.

"No roaming charges". Yeah, that'd be great. But for what and where? No idea.

After making my way though the text I want to dismiss this, but Zimmermann is
in. So what's the deal here?

------
bites
If call will go to telecommunication network i can guarantee that call can be
intercepted. It is like normal call and those can be listened.
[http://en.wikipedia.org/wiki/Media_gateway](http://en.wikipedia.org/wiki/Media_gateway)
[http://en.wikipedia.org/wiki/Lawful_interception](http://en.wikipedia.org/wiki/Lawful_interception)

------
dboy1612
Huh, it's an interesting service that's for sure, I'm just more lost about
some of it's subject.

Call me stupid, but "no roaming charges" are available for any type of "VOIP"
service, not specifically to them. If I live in the US and travel to Europe,
and want to make a call with what I'm guessing is going to be a US Data Only
Sim on a standard Android phone, I'm going to be charged extra, right?

And if using their Blackphone, would it remove the need for US Data Sim? Just
lost, the blog post didn't get too specific in those details. Can't beat all
these telecom competitors listed if you're dependant on them in some way for
your apps on native phones.

------
carlob
I really want these guys to succeed, but I have to say the comparison with
skype is misleading to say the least:

Skype @ $13.99 gives you unlimited calls to 63 countries for landlines and 8
countries for mobile

Silent Circle @ $12.95 gives you 100 minutes in admittedly many more places.

The crazy thing is that there is absolutely no need for them to market
themselves as the cheap option, when they should be focusing more on privacy.

------
ZoFreX
This does sound really cool, and I'm genuinely excited that there is a market
for secure communications, but this solution isn't for me. I simply can't
trust something in this field that is closed source. For anyone else who feels
the same way but likes the sound of this, I'd recommend looking at TextSecure
and RedPhone.

------
Cyph0n
I don't get it. If the plan covers domestic and international calls and
includes no roaming charges shouldn't they be providing each customer with a
SIM? Or is it similar to Skype in that you need an internet connection?

It still looks very interesting either way.

~~~
JshWright
Yes, it requires a data connection (either baseband or WiFi).

Even still, a prepaid data-only SIM is pretty cheap most places, and you can
continue using your number wherever you are.

------
quinndupont
Really wish they offered pay-as-you-go plans... I have no need to a $10/month
extra expense, but I would love to occasionally use this service if it was
based on usage (although there is surely some expense for Silent Circle here).

~~~
dublinben
You can make encrypted calls for free using an application like CSipSimple and
ZRTP. Calls to another SIP user are completely free. Calls to a landline are
$0.01 with many VOIP providers.

------
dan_bk
Real solutions must be entirely de-centralized and open-source. Anything else
is bandaid at best.

------
foobarqux
Do I need a blackphone for this?

~~~
tetrep
The lack of any mention of supported platforms and the remarks about selling
phones in last paragraph seem to indicate as much.

"We snuck in the back door, by offering the most secure commercial device
system on the market. We don’t want to sell 100 million phones, we simply want
to own the secure enterprise and prosumer market."

~~~
JshWright
The client apps are available on both Android and iOS, in their respective app
stores.

------
beedogs
Better get the lawyers ready for the inevitable "national security" letters.

