OK, I'm a phone geek, but I'm hoping Moxie will jump in here to set the story straight.<p>I see ZRTP[1], but I didn't see anything on the site about signaling encryption. As you may or may not know, the content is only one component of a secure communication. There needs to be signaling encryption as well. The signaling encryption is harder than the media encryption, because the media encryption only works if the signaling encryption was successful. Signaling across a network you don't trust is really the hard part, and it's a problem for all of these apps.<p>I don't know if Moxie implemented the certificate pinning stuff in RedPhone, but that's the sort of Crypto you need to have fool proof call security.<p>Calls are vulnerable to MITM attacks because you have to trust the network you're riding over to some extent. Redphone has intermediating crypto for the call setup that's nifty, and I'd be cautious about using any "secure" calling system that didn't provide setup protection.<p>Again, I'm not saying Ostel doesn't have these things, I just couldn't find them.<p>[1]<a href="http://blog.cryptographyengineering.com/2012/11/lets-talk-about-zrtp.html" rel="nofollow">http://blog.cryptographyengineering.com/2012/11/lets-talk-ab...</a><p>Edit: Also wtf is FreeSWITCH doing in there??
This is from the Guardian Project, and the source code is available here for the curious:<p><a href="https://github.com/guardianproject/ostel" rel="nofollow">https://github.com/guardianproject/ostel</a><p>I'd like to know what differentiates it from RedPhone, Silent Circle and other similar products.
> Ostel works great on the Groundwire app. It's a paid app and for $10 you'll be able to receive encrypted calls. There's an additional $25 in-app purchase for the ZRTP extension to also place a secure call.<p>$35 for secure calls on iOS? We can do better than that.
FWIW, I prefer Silent Circle, created by the same team behind PGP. Glad to see more choices in the market though. :)<p><a href="https://silentcircle.com/" rel="nofollow">https://silentcircle.com/</a>
Some of the most important information for intelligence agencies is the metadata, i.e. who is calling who. That is often considered more important than the content. As far as I can see this does not address that.
I'm going to be a jerk here but I'm having difficulties taking a product seriously with badly photoshopped interfaces into devices that don't even respect basic laws of perspective.<p>The problem I don't see this solving is the fact that I still need to trust a third party that routes my call not to store and hand over any data on those calls.