Adventures of a foreigner in the south of Brazil.

Friday, July 25, 2008

VoIP and Security (aka governments may snoop on skype)

It appears that there is a backdoor in skype that allows interested parties, such as governments, to snoop on your calls. That hardly comes as a surprise in a closed network that has been trying very hard to resist all scrutiny of its encrpytion and security mechanisms. If true - and that seems to be very likely - it is still dishonest business practices.

So...how to defend against it? Drop skype. Discontinue its use. There are a number of applications out there that use open standards and protocols such as SIP/RTP and IAX. The call is of better quality than skype calls, too. There are free phone registries and calls and video can be encrypted. In short, you can have better quality, good security and actually even better convenience without skype at all.

Here's how:
  1. Register with an SIP service, such as Free World Dialup. That will give you VoIP telephony, dial-in/dial-out, and an online registry. There are many more out there with various service offerings. Google will help.
  2. Get a VoIP softphone. Often providers will offer freely downloadable software; there is also open source software available on the net. For Linux you can use software such as Twinkle (with built-in encryption). Twinkle and some others should be available through your distribution's installer.
  3. If your software has built-in encryption you should enable it (in Twinkle this is in the profile under the security tab, enable ZRTP). Alternatively get Phil Zimmerman's zPhone that encrypts your connection for a number of applications and providers.
  4. You're ready to roll. Your VoIP number will look similar to sip:123456@myvoipproivder.net. Give your number to your friends, maintain your application's buddy list for greater convenience and chat in privacy.
And if you're a webcam freak: That also works. Not every application has it but some do.

Remember: This whole thing is independent of application and provider. It's one network. It's an open standard. You pick what you like, your friends pick what they like and it works. If you'd like to get my numbers feel free to ask. And don't expect me on skype.

For your other instant messaging needs I would strongly recommend a Jabber client such as Psi, since the Jabber protocol also features end-to-end encryption and is completely open. One of the more well-known Jabber services is offered by Google. Here, too, software and provider do not matter, and fred_flintstone@gmail.com will be able to have malcolm_x@someotherprovider.com on his buddy list, chat, send files etc. without any problems.

The setup takes a few minutes each, call it half an hour in total if you've never done it before. So if you value your privacy: What are you waiting for?

Wednesday, July 09, 2008

I saved Brazil

Truly, I did. Sort of. Well, I did save the Brazilian economy. All right, I did not. But I did save the roots upon which the Brazilian national economy is founded. That is, I got officially ripped off. Again. If you read that other post you will know that a bit more than a year ago I had to redeem the national debt on account of not having with me a very much superfluous piece of paper any kid could fake when entering the country. If you have not read it imagine an old chewing gum wrapper with a stamp on it.1 Meanwhile I have traveled far and wide, over sea and mountain, and I have left and entered Brazil many times. For almost a year without my proof of redemption as apparently the payment had been successfully registered.
A few weeks ago I entered again, and....

For easier perusal I will call the two officials Herby and Frank. As far as I know these are not their real names. They did not look like Herby or Frank.2

(Herby) "There is a fine registered on your name."
(Me) "Oh no, would that be this one year old thing for not having my chewing gum wrapper with me?"
(Herby) "Exactly."
(Me) "But that was paid a year ago. Look at my passport! I've been in and out of the country many hundred times."
(Herby) (calls Frank)
(Frank) "There is a fine registered on your name."
(Me) "Oh no, would that be this one year old thing for not having my chewing gum wrapper with me?"
(Frank) "Exactly."
(Me) "But that was paid a year ago. Look at my passport! I've been in and out of the country many hundred times."
(Frank) "But it is registered here and that means you have to pay."
(Me) "I see. Since I paid already, can I get the money back?"
(Frank) "I'll register it in your passport and all you have to do is go to the Federal Police when the clock strikes midnight and wave all your receipts while walking around the reception widdershins and reciting Hail Mary. Then they will return your money."

I have not walked widdershins around any reception desk at midnight and the proud nation of Brazil still has my money.3 Sometime in the future when I have steeled myself I will try to get my money back and risk the downfall of the Brazilian economy. For now, let it be known far and wide that it was I who saved it.


1 Of inferior quality.
2 I do not personally know anybody called Herby or Frank but if I did they would look different.
3 May it rip off many other foreigners and forever prosper.4
4 It is, after all, only polite to bestow good wishes as the occasion arises.