Hi nmod,
> is linphone effected by the zrtp security vulnerabilities shown here: > http://blog.azimuthsecurity.com/2013/06/attacking-crypto-phones-weaknesses-in.html The issues are in the library itself, not in Linphone. As a consequence, if you use it, you should update libzrtpcpp with the fixed version. Zrtp is not activated on Android; we will activate it on next release. At that time we will update the zrtpcpp submodule. > are linphone conversations end-to-end encrypted? There are several choices: - TLS + srtp: the encryption is done using the certificate on the server; - ZRTP: the conversations are truly encrypted end-to-end and requires participants to check the SAS. > does the free sip service provide by linphone.org store conversations, > encrypted or otherwise? what information is logged about users? it would > be nice when you make a privacy policy!! We do not store RTP traffic (the media part). However we store the signaling (inclinding message texts). For image sending functionnality, the image is stored on the server, and is normally automatically deleted after 1 week. Note that text messages and pictures are not encrypted, even when using ZRTP. This might change in the long term by using other chat methods. Patches welcomed. As a consequence, even when using ZRTP you should still be using TLS signaling encryption. > is there a portable version of linphone that is self contained? On wich platform? Cheers, Guillaume Beraudo _______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
