WingNews logo WingNews GitHub [2]
top | item 9306198

Ghost Call – Secure, Encrypted, Anonymous Calling

91 points| tvirelli | 11 years ago |ghostcall.io | reply

71 comments

order
[+] patcon|11 years ago|reply
Hm. I'm not sure I get it. (from the Google cache)

> Q: Can I call any number I want?

> A: No. Ghost Call can only call other Ghost Call numbers.

> Q: How can we contact you?

> A: You can email us at [email protected], or Ghost Call us: (490)-628-2381

So it's a ZRTP SIP provider that uses regular phone number format as the identifier? It strikes me as rather much like OSTN/OSTel, but using a phone-number-looking identifier rather than a username... and if that's the case, the whole ostn stack is opensource/auditable and federated, so I'm unsure of the improvement here, aside from the branding. Heck, I would prefer if they used the OSTN chef cookbooks and contributed back.

EDIT: Nooo! I'm the downer top commenter! I have become all that I am mildly irritated by. To clarify, I like that this service was created, and commend the interest of the devs, regardless of my outstanding questions :)

[+] john8675309|11 years ago|reply
So the project was built for a hobby, I wanted an encrypted phone service. But I wanted every aspect of it to be encrypted, from the signaling to the RTP. I wanted to make sure that no unencrypted client could connect to the platform. I would be interested in peering with oslec though.
[+] chatmasta|11 years ago|reply
"You can do this with open source, X, Y and Z" is the classic initial criticism of successful companies. What critics forget to consider is that 99.9% of people do not enjoy doing complicated things. If private calls were as easy as public calls, why wouldn't someone make a private call?

I think there is even an XKCD for this phenomenon.

[+] wildster|11 years ago|reply
Seems better than Skype.
[+] chatmasta|11 years ago|reply
If you are going to recommend users connect to you via a proxy or Tor, don't recommend tor2web. The whole point of tor2web is that it's a non-anonymous way to access Tor. Your traffic goes through tor2web servers, which are not part of the onion routing.

Anyway, nice business. If I'm understanding correctly, you are basically an SIP hosting provider that assumes your clients will use Linphone to connect. Am I correct in this? If so, it's an interesting model, but I think you need to put more effort into clarifying that you are a host, not a security provider. Also, you might want to apply some of that hosting expertise to your website....

[+] xbryanx|11 years ago|reply
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

I used to use this quote all the time too...until I realized it originally meant something entirely different.

http://techcrunch.com/2014/02/14/how-the-world-butchered-ben...

[+] jessriedel|11 years ago|reply
I don't see how it means something entirely different. At most, Franklin and the other founding fathers had a more expansive notion of liberty than is now common. Both the sanctity of private property and the right to privacy are aspects of that sort of liberty.
[+] jfmercer|11 years ago|reply
It never ceases to amaze me how much the mythology surrounding the Founding Fathers really boils down to taxation.
[+] drussell|11 years ago|reply
Anonymity is quite the growing market segment. And the NSA is as unpopular as ever.

It's fascinating how the public responds to the government.

[+] amelius|11 years ago|reply
Is that true? I hear bitcoin is gaining market share, and it is the antithesis of anonymity.
[+] crypt1d|11 years ago|reply
Looks cool but the 'About' part might be 'too much' for the average Joe. I'd put it in layman terms if I were you, maybe make a simple diagram...etc
[+] KFW504|11 years ago|reply
Agreed - this is amazing, but speed to scale comes with clarity for the masses
[+] ncza|11 years ago|reply
Site seems dead.

Is it free software? What differentiates it from Signal/TS?

[+] tedks|11 years ago|reply
* It is free software, or rather, the client they recommend is Linphone, an existing open-source VoIP client. * Specifically, the value add is an introduction/routing layer over SIP. They recommend connecting via Tor. * The encryption is stock ZRTP.

In comparison, Signal/TS is free software, but uses novel crypto for text messages. I believe RedPhone/Signal voice is still just ZRTP. RedPhone/Signal will convert the SAS code to two frequently-amusing phrases, whereas LinPhone will just display the raw code.

There doesn't seem to be an easy way to use RedPhone with Tor, or to anonymously register with RedPhone, though I could be wrong.

[+] Squale|11 years ago|reply
Ok on Tor but no https so anyone could get your number/password and steal your identity

http://hc3sz3i2rb5dljqq.onion/

Edit: my bad it's late...of course there is no risk of mitm as it's a tor service, so no risk of bad exit node -_-' sorry guys

[+] tvirelli|11 years ago|reply
OK, we have moved to a server that can handle the load. It may take a bit for DNS to propagate for everyone!
[+] tvirelli|11 years ago|reply
We're moving it to a new server with lots more bandwidth!
[+] 0x006A|11 years ago|reply
how does it compare to OSTN/OSTel (https://ostel.co/)
[+] john8675309|11 years ago|reply
I have never personally used the service, but the design from the ground up on ghost call is encryption, using all open source phones/etc (I think ostel does this as well) I also wanted to prevent any unencrypted client from connecting either intentionally or by misconfiguration.
[+] john8675309|11 years ago|reply
Hey everyone, the site is having a hard time responding (obviously), I am working to get it back going, Thanks for hanging in there!
[+] kseistrup|11 years ago|reply
So by registrating I get (1) a number, (2) a password, and (3) a country code. What do I enter as username etc. in Linphone?
[+] patcon|11 years ago|reply
presumably the country code + phone number is your username... but I can't see the tutorial videos while the site is struggling
[+] kseistrup|11 years ago|reply
username = phone number (sans international prefix), domain = call.ghostcall.io, transport = tls.
[+] ericfontaine|11 years ago|reply
Will this be available on f-droid? Many people don't like having google play on their phone, especially those concerned with privacy and open-source. I know the user can always compile this themselves.
[+] patcon|11 years ago|reply
Peanut gallery here: It's just a service that will work with most any SIP client app that supports ZRTP -- csipsimple, linphone, etc :)
[+] dataker|11 years ago|reply
> A:During the beta period logs are kept for 24 hours, once beta is complete there will be no call log records.

Is there a particular reason to do so during their beta?

[+] iaw|11 years ago|reply
Not associated with Ghost Call but my expectation is that they'd use the logs for debugging major bugs during the beta period. Kind of hard to identify and reproduce transient issues without those logs.
[+] joepie91_|11 years ago|reply
If there are logs to be kept to begin with, I'd be very skeptical about any "anonymous" and "secure" claims. If it requires trust, then it isn't.
[+] DSMan195276|11 years ago|reply
If logs include useful call information, then it might be useful for debugging purposes. Without a log, you'd have no idea what happened.

That said, that's just a guess.

[+] MrSheen1812|11 years ago|reply
Have gone through the setup for Android, manage to make calls but they're not secured, TLS and ZRTP enabled, STUN server correct.....
[+] howtoplayhuman|11 years ago|reply
Hmmmm?

1st: Ghost Call recommends ZRTP media encryption

2nd: ZRTP hash allows a MITM (Man In The Middle) and creates a risk of decryption.

Why recommend it then? Am I missing something?

[+] tvirelli|11 years ago|reply
We updated the site with a video showing video chat!
[+] dataker|11 years ago|reply
Seems like a great project, but I'd argue governments would heavily try to undermine it.