The topic of programs offering optimum privacy in communication is a common topic on many tech forum. Similarly common are their conclusions. Any sensible persons come to the conclusion that XMPP plus OMEMO encryption beats anything else by miles. I agree that XMPP is king for text communication.
Except... a factor is often inexplicably ignored in this consensus.
Voice calling. Especially group voice calling.
So, with that, what is *the only competent* /g/'s sentiment on privacy focused protocols/programs offering voice chat functionality?
>>4075 >showing ugly people
Being "inclusive" means you don't trigger the jealous uglies.
>why not mumble
Without trying either, I can't answer that. I only mentioned it as another possible option.
Well, so far only >>4074 and >>4085 have contributed anything of meaning to this thread. And even then, they're just suggestions and not fairly certain in what is thought to be the best.
I initially thought the various /g/'s just simply didn't have very much experience with "private" voice chat applications and that's why voice was ignored as a factor whenever I brought it up. I thought this was naive, that maybe anons were ignoring voice chatting for further obfuscation of their identity; something deeper than just a lack of knowledge. Maybe, my initial guess was right.
>>4087 Dude, this place is really fucking dead as shit.
Like, not completely dead, but there's clearly 15 people here tops, with half of them checking once in a week or so.
As for your question, I didn't want to reply, since I don't have a clear reply to your inquiry, as I don't use software like this.
Anyway, the thing is, with privacy and security, you better know how it works and what parties you're going to trust, so you don't fuck shit up even after good advice. Now, what makes privacy, essentially? Avoiding the prying eyes of ISPs, companies and whoever else might mine your data and sell it wherever. Meaning, the software must be open source (so you can have your own server running if it's client-server, for example) and properly audited. All I know about is Mumble, really, and I have not used it. Now, with encryption, essentially, you can roll-your-own and use other channels to exchange public keys so you can establish a secure tunnel (e.g via OpenVPN), which is kinda silly, but doable if both of you are tech-savvy. Or maybe you can just use some built-in solution, like, Mumble seemingly has one, and it does have Perfect Forward Secrecy, allegedly.
>>4087 There is really no point in voice chatting since it can be fingerprinted much more easily than pure text.
The only secure method of audio communication would be to have your voice digitized into text and then have it converted back into voice using a unique, synthetic persona.
Microphones pickup all sorts of background noise, and perhaps "noise" outside the human detectable auditory range (check out how that's being used by marketing fags).
Then there's the possibility that the glowniggers have voice profiles for the majority of people (e.g. those that use cellphones, IoT voice assistants) and can now figure out who someone is by running their voice through a neural network. The voice of a person can also be used to construct a profile of a person without having to closely analyze what they're actually communicating.
If you haven't already, go watch the video from Adobe Systems demonstrating the capabilities of their "voice photoshoping".
>>4089 You go into territory of somebody who wants to talk to random people with a chance some of them might be CIA niggers or fingerprinting bots.
But if all you do is chatting with some trusted people you know (maybe personally even), then I don't see why you won't just use some sane privacy-enforcing scheme, thus ensuring you speak to the right person encrypted.
>>4088 This place is definitely slower, but that may not be a bad thing. For example, if you look at the posts here they tend to be of "paragraph quality", which means someone actually put some rational thought into their response. At some of the other chans, you get Facespace/Twatter grade responses, that are little more than one sentence "feels". With these low-effort replies, the threads become little more than collections of predictable feels, that becomes cancer.
The only effort went into the OP. I could go on about why Social Media prefers short, feels-oriented responses, compared to longer, well thought-out replies, but that should be its own OP.
>>4090 If you actually know the people, as in meatspace, then yeah, I can see your position. In that case just look for something opensource, that allows direct, encrypted connections. Something that allows you to setup your own (non-cloud) server, to act as the service provider, would probably be best.
Discord and all those other similar services are stupid to use because they all require you to route through corp HQ, which allows them centralized "platform" control. One could say this place is the same, but it's not, in the sense that you can just hop onto another one if something happens to this one.
>You go into territory of somebody who wants to talk to random people with a chance some of them might be CIA niggers or fingerprinting bots.
I don't know who/what is actually watching, but there's most certainly someone. There are armies of people that are paid to do so, whether it is creating programs to automate the task, or actual humans that look as things that get "flagged". If you don't think this is going on, you're fooling yourself.
>>4092 >If you don't think this is going on, you're fooling yourself.
Well, the point I want to make is that, like, for you to be fingerprinted and datamined as a VOICE CHATTER, you clearly have to be targeted. I mean, probably things like Discord and Skype datamine the shit out of you, 'cause they can (though I dunno if Discord can listen in, Skype most probably can), but for stuff you roll on your own, you could just talk to random people with a great certainty it's not a mole.
>>4088 >Perfect Forward Secrecy
Oh great, so this voice clip of me saying "kill niggers" isn't cryptographically proven, whew, good to know.
To answer OP's question, though : out of all the "private" voice clients I've tried, Mumble is the only one that works. And it's superior to proprietary voice clients.
Don't fall for the matrix meme : end-to-end encryption doesn't work on groups, as any weak point (some normalfag on windows) will leak the whole history. IRC + Mumble on a server you own is better.
First pick: Tox
It is P2P for finding contacts. People do not know your IP addr unless you add them to your address book. You can chat anonymously over I2P or an overlay network. Can group chats, but does not have a 'chat room' function yet.
Mumble: requires connecting to a server. Supports chat rooms. Desktop voice client has best tuning ability for audio.
>>4093 You have to take into consideration that the data can be processed at a later date. For example, people posting pictures on Facespace 15 years ago probably didn't think that all of those pictures they uploaded would be processed through facial recognition to attach them to other accounts (or shadow accounts).
Anons don't need unique voices, if you want anon chat the program would need a full-duplex of something like:
[Voice->SpeechToText]->AnonNet->[TextToSpeech->PitchRandomizer->Sound]
>>4167 Okay, I already agreed with that for similar reasons as to what you layed out.
But, what about Matrix? Its Riot client can replace shit like Discksord and Slack as far as constructive group communication (business-tier) right now. I have yet to see a Tox client that offers the same functionality, in that respect.
I know as far as privacy, Tox is most likely superior as less metadata is scraped from its online activities than that of Matrix.
Yet, Tox may be at a disadvantage for bridging the gap betweent me and normalfags as its mobile clients are unstable and bug ridden to hell.
You have reaffirmed my sentiments on Mumble being pointless. Now, what about Matrix vs. Tox? Or, if you're willing to also be more specific following an answer to that, Riot vs uTox?
Keep in mind I already have made decent enough conclusions. I just want to spawn dialogue on the subject of private online voice communication services, which I feel has been neglected for far too long.
I have had a nice experience with running a Mumble server over Tor. The ping can be high sometimes, even up to a minute, but the audio quality is good. On Android you can use Plumble + Orbot to connect to it. Unfortunately, Plumble is not maintained at the moment.
Doesn't the devs of Librem 5 canvass their product with
the aptitude for encrypted phone calling? What are they using? They run riot natively and recommend VoIP for calls if I remember rightly.
I got my normalfag friends using wire, which has encrypted group chat and voice calls and whatever. They have the serverside source code available so you can set it up to use your own server if you wanted, although because my friends use windows/android I kind of see the privacy measures as placebo anyways
>>5278 >Nothing once in a blockchain gets deleted.
It doesn't matter if it's a block chain. Someone can always modify software to log everything to disk and preserve those logs forever.
True, but like, why have the extra 'saving' of it anyway?
Yes, there are always holes and stuff, but isn't it the point to minimize them as much as possible?
Strange how the blockchain IM's tend to have the best/coolest IMHO (that's my HUMBLE opinion, not "honest", even if it is) aesthetic though.
IE Adamant or that one "Obsidian" one or something.
>>5748 For a blockchain you don't have to keep the whole thing around. For example with bitcoin you can configure it to save the last X amount of blocks and it will keep that amount of blocks + a summary of what you deleted.
In the example of a text one you could have the summary only keep messages that are younger than a week or something to that effect. If you added read receipts you could also factor that into the algorithm of if you should delete that message or not.
>>5896 The reply system in here is kind of weird, it should add the number of the person you're replying to in the reply box
I don't use mumble anymore, RIP mic but it's sure great, the tor quality was bad because it was hosted by a friend's shitty vps or something
Anything VOIP over Tor (TCP) is going to be shit. You want to transfer streams over UDP. Just sign your own certificate and have a secure connection to your mumble server.
I am using this quite often and it is nice. Moving people to is is a different task entirely.
Frankly, until we have a proper FOSS Discord alternative that isn't utter shit and can function almost like it, with self hosting we are all fucked and doomed to the botnet. God save us from the hell that is Discord. I can remember when people started switching from Skype to it and then I realized how fucked we all where. For years to come data would be sold on a level never seen before in social networking.
This argument may stand up but its 2019 and TOR bandwidth isn't as shit as it once was so Mumble over TOR isn't completely out of the question... but there are better ways.
XMPP supports voice chat. In fact, the server doesn't even need any special configuration, it's all client side. I don't know if it can be encrypted, but if you use it over Tor then obviously that won't be an issue.
Is jitsi actually secure? I guess if you run your own private instance of it, it might be secure but out of the box it is a centralized server where they hold the keys you are using is it not? I have used it before, the voice quality is top notch but there is no way in hell I would consider it secure.
Anything using WebRTC is E2EE because the data is being sent peer to peer over an encrypted connection. Their can be a centralized STUN or TURN server for signalling.
>>4089 >The only secure method of audio communication would be to have your voice digitized into text and then have it converted back into voice using a unique, synthetic persona.
The only secure communication channels are end-to-end encrypted. Everything, that's not end-to-end-encrypted, depends on the trustworthiness of the server, which can never be quaranteed. So forget groupchats, be they audio or textbased.
The way I'd implement secure voice communication would be by creating a tor hidden service on both endpoints, open up a circuit in both directions, and send prerecorded soundbites over this connections. I've once written a few simple shellscripts, which did exactly that, and could be used like a walkie talkie. It should be possible to do something similar with mobile phones.
However, I wouldn't consider the approach to be secure. This kind of communications leaves distinct patterns of packets traveling the internet, so it's open to correlation attacks. The same is true for simple text communications like XMPP, but with audio comms the size of the datastream is unique, so profiling becomes much easier, which means, that the anonymity provided by tor would be rather weak. Some primitive mass surveillance of the internet should be able to deanonymize the counterpart, if one party is being surveilled. Plus, it's easy to find out the content of the conversation, by simply pointing one of those pesky laser microphones on the window of one party, and thereby defeat the whole security scheme. The content of the conversation includes biometrical data, aka. the voice profile of the counterpart, so there are further attack vectors to identify the counterpart, even if the correlation attack against tor would fail.
Long story short: Audio communication is a security risk. Realtime communication is a security risk as well. Group communication is a security risk too. And wanting to communicate in a comfy manner, is the greatest security risk of all. Soldiers practice radio discipline for a reason, and they're using hardware, which is much more secure, than all your comfy crap, which probably was designed in such a manner, that the state can fuck you in the ass whenever it wants to.
And if your threat-model doesn't include the state... Why the fuck do you even bother with security, if you ignore the worst threat of all?
>>6608 >if you ignore the worst threat of all?
Might not be part of one's threat model, if all he's concerned about is casual or corporate passive theft.
>>6613 You're right, I wrote that poorly. Meant to describe corporations passively stealing your personal data by monitoring web browsing with trackers etc., vs. an active hacking attempt.
>>6610 If your state isn't in your threat model, just use your oldfashioned phone. Of course, the phone company could spy on you, but why should it, because you're boring to them.
However, I think, that it's dangerously stupid, not to consider the state to be the greatest threat of all.
>>6633 They are part of my model. There's not much I am concerned about right now, but try to secure my systems well enough it won't suddenly become an issue some time in the future if they go full 1984.
>>6650 If you're assuming, that they won't use mass surveillance to get you, the walkie-talkie via a tor hidden services would be the way to go. This should be very easy to implement, if both parties use a hidden service, which receives compressed audio. When I did it, I've used a python script which starts recording when you hit enter, and stops recording when you hit enter again. Then I had raw audio data, which I've compressed via speex, which was the best encoding algorithm for voice at the time. After the data was compressed, I've sent it to the listening hidden service via some basic file transfer protocol, where it was played.
All I wrote was basically a very simple script, and I've configured the hidden services by hand.
I think, that nowadays it's possible to start hidden services programmatically via some interface the tor daemon provides, but I don't know. So one could write a fancy little UI, which displays contacts, and tests, whether they're online, so it behaves more like a messenger.
Something like this probably already exists somewhere. My old implementation is gone, or else I would post it here. But I'm sure, someone else had the same idea.
The topic of programs offering optimum privacy in communication is a common topic on many tech forum. Similarly common are their conclusions. Any sensible persons come to the conclusion that XMPP plus OMEMO encryption beats anything else by miles. I agree that XMPP is king for text communication.
Except... a factor is often inexplicably ignored in this consensus.
Voice calling. Especially group voice calling.
So, with that, what is *the only competent* /g/'s sentiment on privacy focused protocols/programs offering voice chat functionality?