State of VoIP encryption for Republic

wifi
#1

I knew when I signed up for RW originally that our voice calls over wifi are just plain unencrypted SIP calls. I’m still a fan of RW’s philosophy and plan structure, but now that many carriers are offering WiFi calling (using various different underlying implementations) are there any updates available on whether there are plans to introduce encryption to RW WiFi calls? I know there’s been some talks about VPNs but AFAIK this can also be implemented via TLS without having to route everything through a VPN.

I think encryption is becoming more and more crucial to online communication and I hope that as the tech evolves RW will consider improving security on voice calls this way. Last time I did any reading about it, it seemed like eavesdropping on a plain SIP call is trivial for anyone with network access, which can be a point of concern for people making calls while on work networks, for instance, along with the general internet.

#2

Hi @rationull,

Republic Wi-Fi calls are not encrypted, though it’s something we have experimented with. I’m afraid I don’t have any news for you as to plans or future implementation.

If you are making a call of a sensitive nature and this is a concern for you, it might be best to make that call on the cellular network.

1 Like
#3

Wow! Why are the calls not encrypted? Why are you not using ZRTP?

Mind blown, thought encryption was used from beginning.

1 Like
#4

Just checked what Google Fi does, they use a VPN for calls.

You could have VPN specifically for calls and route all other traffic outside the VPN to the WiFi.

That would be an alternative for ZRTP.

#5

I have two phones active with Fi and I can tell you for certain they do not use a VPN for calls. They do offer a VPN service on “Designed for Fi calls” but it isn’t related to calling, it’s either always on, or off.

#6

Interesting. I also thought that Google Fi was using their VPN for voice calls, but I can’t actually find any references explicitly confirming it. Their documentation implies that internet traffic in general is protected, but does exclude “Some Google services traffic” (which presumably could include wifi calls) and of course the VPN connection on the phones can’t make any guarantees about whether any VOIP routing on their backend is encrypted (not sure if this is still via Bandwidth.com like Google Voice is/was).

@louisdi if you don’t mind my asking, how are you certain? Have you monitored your LAN traffic and seen unencrypted Google Fi VOIP traffic not being sent through the VPN tunnel? (Not challenging your assertion, just curious.)

#7

Let me provide some more context. Google Fi offers an always on VPN function that you can choose to use if you have one of their designed for Fi phones. (Nexus, Pixels, a few Motos and a couple of LGs) then you can select to use it on a full-time basis and all traffic including your voice traffic runs over it. There isn’t a way to select only to use it for calls, or for certain apps, it is all or nothing. I personally didn’t want even more of my data flowing through Google servers, and saw drastically reduced wifi speeds at home (not to mention it wasn’t properly excluding private IPs and was therefore keeping me from printing, accessing my file servers, and other such things).

Anyway, you’re right, that with the right phone, and the willingness to always use their VPN, you can indeed have your voicecalls routed through their VPN.

#8

OK we’re on the same page then. FWIW I 100% agree with your comment about not wanting even more data (meaning, ALL data used on the phone) going through Google’s infrastructure. This is one of the things keeping me on RW instead of seriously considering Fi.

A VPN seems like a relatively inefficient way to do voice encryption anyway. But at least it’s an option.

Still hoping RW will consider encryption some day. It’s one of the very few things that give me pause about the service as time goes on and the tech becomes more mature.

#9

One might use ZRTP or even better SIP over TLS as the latter would hide VoIP traffic, thereby keeping both misconfigured routers and intentionally deployed firewalls from interfering.

Of course, once the call hits the PSTN, one’s call is effectively no longer encrypted.

1 Like
#10

I’m not sure TLS would really mitigate misconfigured routers, since one would still want to use the dedicated RTP related ports (the TLS variants) to allow QoS rules that favor voice traffic to be applied.

Agree that the PSTN (as well as whatever network, LAN or otherwise, the other party is talking over) means that no carrier can possibly guarantee end-to-end encryption unless using a dedicated TCP/IP based solution like what Signal supports for voice calls.

Encryption for LAN based calls seems most valuable for protecting against targeted snooping by parties close to the originator of the call (i.e. their home, workplace, or wherever else they’re frequently connected to wifi). If you’re concerned with random snooping from more central network locations then plain old phone calls aren’t a good idea regardless.

#11

Before I became active here, I was active in Republic’s former sister service RingTo’s Community. The folks at Bandwidth operating that service prior to its discontinuation were actively considering SIP over TLS precisely to take misconfigured routers out of the equation. :relaxed:

I would agree but given many folks seem quite comfortable yammering away in all manner of public places within earshot of anyone nearby, I wonder just how big a market we’d be talking about. :thinking:

1 Like
#12

Oh, interesting. I’m sure there are more nuanced cases of router misconfiguration than I’m considering, and perhaps there are also good ways to implement SIP over TLS that mitigate those without hurting QoS.

Yeah … this is true. I feel like this isn’t the kind of thing that a large number of customers are likely to beat down RW’s door about, but it is the kind of thing that could demonstrate having the customer’s best interest in mind. I think privacy is becoming more and more visible as an issue, and the more an already unique company like RW can come out on the right side of that issue, the better IMO.

I’m looking forward to seeing how RW’s tech continues to develop, and hoping that voice encryption is part of that at some point!

2 Likes
Message an
Expert customer