Talk:Internet telephony

We have a list of SIP and non-SIP phone companies. I suppose we are not trying to be complete, just listing (and possibly commenting on) some of the most useful or prominent options. Am I right?

(There seems to be a user adding frinzo.com, saying it offers free calls. Calls to normal phones are not, according to the web page, so I have removed the entry as misleading. I have no idea whether the company is worth mentioning.)

--LPfi (talk) 08:01, 19 March 2015 (UTC)[reply]

This can never and will never be complete. Anyone can buy blocks of incoming numbers from a competitive local exchange carrier, deploy an Asterisk (PBX) server using free software and start offering Internet telephone service, much like any danged fool can install a few servers in a data centre and start offering website hosting. About all we can do is list a few options for each broad geographical region and leave it at that, without trying to become voip-info.org or a similar telephone directory. I'm a little wary of users who do nothing but repeatedly add the same provider to Internet telephony (or its WP counterparts), much like I'm a little wary of users who do nothing but add their own obscure organisation to Volunteer travel repeatedly. Anyone whose sole and only contribution to WV is to repeatedly add the same business or organisation, in any context, is spamming. K7L (talk) 14:49, 19 March 2015 (UTC)[reply]

I added an infobox at Internet_telephony#Blocks_and_obstacles about tapping of VoIP connections. Some references are w:Skype security and [1]. Pashley (talk) 16:06, 2 November 2017 (UTC)[reply]

I think it is good to have such an infobox, but I am not sure the problems are described in an optimal way.

Skype's security is not necessarily compromised by eavesdropping on the line. The connection is encrypted, and there is no reason the encryption would not be reasonably strong (sloppy coding is widespread, so it might be weak, of course). Instead, the problem is that there seem to be security weaknesses in Skype itself, possibly even backdoors. The user normally has little control over the communication path, so intermediate Skype hosts can be used for the eavesdropping, regardless of the security of the endpoints. VPN is a secure solution only if one can force the connection to use only hosts on trusted networks, which is not necessarily easy with Skype.

In the case where the VoIP protocol is well understood and the communication channel is made between the endpoints (possibly via trusted intermediaries), the main issue is encrypting the communication channel (your device should of course also not be compromised). This can be done with VPN, but at least some VoIP software can handle the encryption itself, with protocols minimizing overhead and latency, which often is critical for voice quality.

This latter might be a problem with VPN. I suppose it typically introduces significant overhead, given that VoIP packets generally are small (but I have not checked how VPNs are implemented on the packet level).

--LPfi (talk) 19:06, 2 November 2017 (UTC)[reply]

Sorry, I see now that Skype was explicitly accused also of badly encrypted connections. I am not sure whether the bad "current VoIP encryption" was about Skype or VoIP in general, and if the latter, whether all VoIP protocols are insecure. I'll read the research paper. --LPfi (talk) 19:16, 2 November 2017 (UTC)[reply]

According to w:Comparison of VoIP software, Skype is badly encrypted. Other software varies from no encryption to good encryption, pick your poison. Even if the VoIP client supports encryption, not all providers do so. If I install Zoiper (which supports encryption) but my provider is voip.ms (which doesn't provide encryption) I'm SOL. K7L (talk) 12:10, 3 November 2017 (UTC)[reply]

The (indirectly) referenced article explains that also strongly encrypted channels can be vulnerable to statistic attacks on the packet sizes (or on timing). In the linked version there is no date, so I do not know to what extent this is new knowledge, but it might be that the vulnerable configurations include some that have been thought to be (reasonably) safe. Calls between VoIP softphones do not necessarily depend on what the providers support, as the encryption should be between the endpoints. Otherwise you are on the mercy of the providers, not only regarding possible configurations, but also regarding eavesdropping at the provider. The only things the providers are needed for are telling the address of the other party and mediating a connection if the callee or both parties are behind firewalls. No need for the provider to decrypt the voice data, as long as the endpoints are compatible with each other. --LPfi (talk) 16:42, 3 November 2017 (UTC)[reply]

Most of the protocols listed in the WP list are probably vulnerable (at least SRTP and TLS are), as they do not provide padding (the easiest countermeasure to the statistical attack), at least not by default. --LPfi (talk) 16:51, 3 November 2017 (UTC)[reply]

"Calls between VoIP softphones do not necessarily depend on what the providers support, as the encryption should be between the endpoints"? That depends on what you're trying to do. If both ends are running the same technology and connecting directly to each other, great. If VoIP is being used as a gateway to the public switched telephone network? That will never provide fully end-to-end encryption as the PSTN will be the Achilles heel. K7L (talk) 03:52, 8 November 2017 (UTC)[reply]

Calls to the PSTN is not "between softphones", but you have a point. Also if you are calling somebody who is using Skype there is a problem. But if both of you are using software that uses public protocols (SIP etc.), then it should be possible to choose codecs etc. quite freely, and the operator has no business messing with the voice data if you are using compatible codecs and encoding protocols. If one of you can poke a hole in his/her firewall then you can even dispense with the provider entirely as soon as the other party knows the IP address and that you want a conversation. You can thus even use software not supported by the operator for the call itself. --LPfi (talk) 09:16, 8 November 2017 (UTC)[reply]

Refer to Wikivoyage:Votes for deletion/January 2024#Internet telephony for the relevant VfD thread. --SHB2000 (talk | contribs | meta) 05:00, 8 January 2024 (UTC)[reply]

Quick consensus to keep. Pashley (talk) 12:59, 8 January 2024 (UTC)[reply]