
Ghost Call – Secure, Encrypted, Anonymous Calling - tvirelli
https://ghostcall.io
======
patcon
Hm. I'm not sure I get it. (from the Google cache)

> Q: Can I call any number I want?

> A: No. Ghost Call can only call other Ghost Call numbers.

> Q: How can we contact you?

> A: You can email us at info@ghostcall.io, or Ghost Call us: (490)-628-2381

So it's a ZRTP SIP provider that uses regular phone number format as the
identifier? It strikes me as rather much like OSTN/OSTel, but using a phone-
number-looking identifier rather than a username... and if that's the case,
the whole ostn stack is opensource/auditable and federated, so I'm unsure of
the improvement here, aside from the branding. Heck, I would prefer if they
used the OSTN chef cookbooks and contributed back.

EDIT: Nooo! I'm the downer top commenter! I have become all that I am mildly
irritated by. To clarify, I like that this service was created, and commend
the interest of the devs, regardless of my outstanding questions :)

~~~
chatmasta
"You can do this with open source, X, Y and Z" is the classic initial
criticism of successful companies. What critics forget to consider is that
99.9% of people do not enjoy doing complicated things. If private calls were
as easy as public calls, why wouldn't someone make a private call?

I think there is even an XKCD for this phenomenon.

~~~
rakoo
In these situations I'm always reminded of this answer to the "Show HN:
Dropbox"
([https://news.ycombinator.com/item?id=9224](https://news.ycombinator.com/item?id=9224)):

 _For a Linux user, you can already build such a system yourself quite
trivially by getting an FTP account, mounting it locally with curlftpfs, and
then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP
account could be accessed through built-in software_

------
chatmasta
If you are going to recommend users connect to you via a proxy or Tor, don't
recommend tor2web. The whole point of tor2web is that it's a non-anonymous way
to access Tor. Your traffic goes through tor2web servers, which are not part
of the onion routing.

Anyway, nice business. If I'm understanding correctly, you are basically an
SIP hosting provider that assumes your clients will use Linphone to connect.
Am I correct in this? If so, it's an interesting model, but I think you need
to put more effort into clarifying that you are a host, not a security
provider. Also, you might want to apply some of that hosting expertise to your
website....

------
xbryanx
"Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety."

I used to use this quote all the time too...until I realized it originally
meant something entirely different.

[http://techcrunch.com/2014/02/14/how-the-world-butchered-
ben...](http://techcrunch.com/2014/02/14/how-the-world-butchered-benjamin-
franklins-quote-on-liberty-vs-security/)

~~~
jessriedel
I don't see how it means something entirely different. At most, Franklin and
the other founding fathers had a more expansive notion of liberty than is now
common. Both the sanctity of private property and the right to privacy are
aspects of that sort of liberty.

~~~
afarrell
Is private property really still sanctified when so much of our wealth has
come from robbery, slavery, and rents extracted under intimidation?

Strong property rights are very useful to a healthy economy, but sanctified?

~~~
jessriedel
The standard reply here is that none of those bad foundations is a good
justification for someone else (e.g. your neighbor, your homeowner's
association, or the state government) to take your stuff, unless they can
actually show that whose stuff it ought to be.

If I could hypothetically follow the "chain of legitimacy" for, say, your car
all the way back to the original exertion of labor on natural resources...

[https://en.wikipedia.org/wiki/Labor_theory_of_property](https://en.wikipedia.org/wiki/Labor_theory_of_property)

...I'd likely find some sort of illegal activity at some point. But this
doesn't mean I can take your car by force and give it charity.

------
drussell
Anonymity is quite the growing market segment. And the NSA is as unpopular as
ever.

It's fascinating how the public responds to the government.

~~~
amelius
Is that true? I hear bitcoin is gaining market share, and it is the antithesis
of anonymity.

~~~
andrewchambers
I think you are confusing anonymity with something else. Bitcoin is entirely
anonymous, but all transactions are public. You can create as many wallets and
keys as you want, and you don't have to tell anyone you own them.

~~~
olefoo
This only allows you to stay anonymous if you can get your money out of
bitcoin anonymously. Whether by buying dollars/yen/whatever on an exchange or
purchasing goods and services.

And it's damn hard to buy a yacht anonymously regardless of the unit of
account the transaction is done with.

~~~
andrewchambers
You can get bitcoin anonymously by mining. The weakness is in trading, even
then, there are anonymous goods such as digital goods, and probably ways to
perform anonymous escrow when trading real goods.

In practice, people don't care, because they aren't doing anything illegal.

------
crypt1d
Looks cool but the 'About' part might be 'too much' for the average Joe. I'd
put it in layman terms if I were you, maybe make a simple diagram...etc

~~~
KFW504
Agreed - this is amazing, but speed to scale comes with clarity for the masses

------
ncza
Site seems dead.

Is it free software? What differentiates it from Signal/TS?

~~~
tedks
* It is free software, or rather, the client they recommend is Linphone, an existing open-source VoIP client. * Specifically, the value add is an introduction/routing layer over SIP. They recommend connecting via Tor. * The encryption is stock ZRTP.

In comparison, Signal/TS is free software, but uses novel crypto for text
messages. I believe RedPhone/Signal voice is still just ZRTP. RedPhone/Signal
will convert the SAS code to two frequently-amusing phrases, whereas LinPhone
will just display the raw code.

There doesn't seem to be an easy way to use RedPhone with Tor, or to
anonymously register with RedPhone, though I could be wrong.

~~~
Canada
Redphone/Signal has its own signaling protocol for voice calls as well. This
service uses SIP. The Redphone protocol is simple in design, while SIP is the
opposite.

------
0x006A
how does it compare to OSTN/OSTel ([https://ostel.co/](https://ostel.co/))

~~~
john8675309
I have never personally used the service, but the design from the ground up on
ghost call is encryption, using all open source phones/etc (I think ostel does
this as well) I also wanted to prevent any unencrypted client from connecting
either intentionally or by misconfiguration.

------
john8675309
Hey everyone, the site is having a hard time responding (obviously), I am
working to get it back going, Thanks for hanging in there!

------
kseistrup
So by registrating I get (1) a number, (2) a password, and (3) a country code.
What do I enter as username etc. in Linphone?

~~~
patcon
presumably the country code + phone number is your username... but I can't see
the tutorial videos while the site is struggling

~~~
kseistrup
I've tried both with and without the country code, but the SIP client fails to
register. The server could be overloaded, tough — perhaps I should try again
tomorrow.

~~~
fenesiistvan
With regular SIP you might have a look at mizutech SIP encryption. It has
multiple encryption methods (the standard TLS/SRTP and non standard RSA based)
and also a nice obfuscation to bypass VoIP blockages. They are also running a
distributed network to mask the VoIP servers. [http://www.mizu-
voip.com/Software/VoIPTunnel.aspx](http://www.mizu-
voip.com/Software/VoIPTunnel.aspx)

------
ericfontaine
Will this be available on f-droid? Many people don't like having google play
on their phone, especially those concerned with privacy and open-source. I
know the user can always compile this themselves.

~~~
patcon
Peanut gallery here: It's just a service that will work with most any SIP
client app that supports ZRTP -- csipsimple, linphone, etc :)

------
doomrobo
Could anybody explain what ZRTP hash is and why it's insecure?

~~~
KFW504
This might help: [http://blog.cryptographyengineering.com/2012/11/lets-talk-
ab...](http://blog.cryptographyengineering.com/2012/11/lets-talk-about-
zrtp.html)

------
dataker
> A:During the beta period logs are kept for 24 hours, once beta is complete
> there will be no call log records.

Is there a particular reason to do so during their beta?

~~~
iaw
Not associated with Ghost Call but my expectation is that they'd use the logs
for debugging major bugs during the beta period. Kind of hard to identify and
reproduce transient issues without those logs.

~~~
john8675309
You hit it on the head. I am not interesting in anything but calls not
working. After that I have no need or want for the data.

~~~
iaw
I think anyone that's built a complicated system before gets it implicitly.

------
MrSheen1812
Have gone through the setup for Android, manage to make calls but they're not
secured, TLS and ZRTP enabled, STUN server correct.....

------
howtoplayhuman
Hmmmm?

1st: Ghost Call recommends ZRTP media encryption

2nd: ZRTP hash allows a MITM (Man In The Middle) and creates a risk of
decryption.

Why recommend it then? Am I missing something?

------
tvirelli
We updated the site with a video showing video chat!

------
dataker
Seems like a great project, but I'd argue governments would heavily try to
undermine it.

