Re: [liberationtech] secure voice options for china?
There are multiple ways available to secure voice option for china like, use of vpn tool is best option in all. I have some sources that you can use for this..Source: www.vpnranks.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
While we have no consensus, most of these options are using similar stuff at the encrypted layers. Realistically as long as the encryption is good, the Chinese gov't can only block stuff by host/IP/protocol, I think all the VPN providers listed are taking active steps to change IPs and obscure their protocol as needed. My pref of VPN is you aren't limited to just a voice communications services. --- -ITG (ITechGeek) i...@itechgeek.com https://itg.nu/ GPG Keys: https://itg.nu/contact/gpg-key Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook: http://fb.me/Jbwa.Net On Tue, Feb 17, 2015 at 7:17 PM, Seth David Schoen sch...@eff.org wrote: Tim Libert writes: thanks all for the many good suggestions! however, in absence of a clear consensus, I will advise my friend to avoid voice and stick to encrypted email. my understanding is that the new leadership in china isn’t f#cking around, so the risk/reward equation here suggests heightened caution - especially as I cannot make assumptions on technical know-how of parties involved. A countervailing point is that encrypted e-mail with the mainstream technologies used for that purpose never provides forward secrecy, while most voice encryption techniques do. So with the use of encrypted e-mail, there is an ongoing risk into the future (assuming that a recipient's private key still exists somewhere), while with the voice encryption, the risk may be time-limited -- assuming that the implementations were correct enough, and that the key exchange was based on a mathematical problem that will remain hard for an attacker. As a simple analogy, sometimes people prefer to have a phone call about sensitive matters because it doesn't create records, while writing a letters would make a paper trail. The technical reasons behind the analogy don't transfer at all, but there might still be something to the intuition that the encrypted phone call can be more ephemeral than the encrypted mail. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
thanks all for the many good suggestions! however, in absence of a clear consensus, I will advise my friend to avoid voice and stick to encrypted email. my understanding is that the new leadership in china isn’t f#cking around, so the risk/reward equation here suggests heightened caution - especially as I cannot make assumptions on technical know-how of parties involved. thanks again! - t -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
Tim Libert writes: thanks all for the many good suggestions! however, in absence of a clear consensus, I will advise my friend to avoid voice and stick to encrypted email. my understanding is that the new leadership in china isn’t f#cking around, so the risk/reward equation here suggests heightened caution - especially as I cannot make assumptions on technical know-how of parties involved. A countervailing point is that encrypted e-mail with the mainstream technologies used for that purpose never provides forward secrecy, while most voice encryption techniques do. So with the use of encrypted e-mail, there is an ongoing risk into the future (assuming that a recipient's private key still exists somewhere), while with the voice encryption, the risk may be time-limited -- assuming that the implementations were correct enough, and that the key exchange was based on a mathematical problem that will remain hard for an attacker. As a simple analogy, sometimes people prefer to have a phone call about sensitive matters because it doesn't create records, while writing a letters would make a paper trail. The technical reasons behind the analogy don't transfer at all, but there might still be something to the intuition that the encrypted phone call can be more ephemeral than the encrypted mail. -- Seth Schoen sch...@eff.org Senior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
You may want to try a solution based on webRTC, which establishes a TLS-like communication directly between computers. There's vline.com and talky.io, but I'm not sure how secure they are at server level My own app, PassLok, does webRTC audio-only chat if that's what you want. The initiator makes an encrypted invitation that is sent by email (can be disguised inside a picture or as normal text, Chinese works fine), and then only those able to decrypt it are able to connect to each other from inside the app. PassLok is open source and available at several places, including passlok.com. On Thu, Feb 12, 2015 at 10:45 AM, Tim Libert tlib...@asc.upenn.edu wrote: asking for a friend, can anybody suggest best ways to have a secure voice conversation with persons located in mainland china from outside china? threat model is interception by chinese authorities, other states/actors are not of significant concern. email alone is insufficient for task. thanks. tim -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Francisco Ruiz Associate Professor MMAE department Illinois Institute of Technology PL21ezLok=1iw+0_y5xyh_66nby_u12x1_hmdw8_iioou_6yhud_a8/i9_jd4fj_fvv6i_swkrn_u773t_jb7yr_+d9nn_/b4h6_880py_vtf4L_o4zwr_6207u_v/bdd=354ad_7836e_52c1a_2cae9=PL21ezLok https://www.youtube.com/watch?v=A0LtNkM2RSs https://www.youtube.com get the PassLok privacy app at: https://passlok.com http://passlok.com -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/12/2015 01:45 PM, Tim Libert wrote: to have a secure voice conversation with persons located in mainland china *** Here is something I'm looking at: Tox (https://tox.im/) The project is APLHA software aiming at replacing Skype. It probably has its burden of bugs and certainly lacks proper security at this point. It would certainly benefit from scrutiny. On the crypto side, they chose NaCL, not a bad choice. ;o) It also support going through Tor. The functionality is awesome, especially considering its *alpha* status (I repeat to insist on the fact that it's a potential solution, and probably one that needs to be audited, because as people discover it, they tend to use it). It provides voice, video (including desktop view), file sharing, chat with UTF-8 support. It runs from the terminal with Toxic, or in GUI with qTox and uTox, on GNU/Linux 32 and 64 bit, Android, Windows, and MacOSX. The Windows port is more alpha than the *nix ports. == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJU32HWXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9wFoQALnxMbnXGJAHOqxFEDDskmeN ziZGGvLA0EOYx6J0+4jhOpgNE3uedFWv3DuBdPd9f+DHjY0BWb5f4ND4/ajZdMnj 20IF2qOJgZRccGQ/1LFifZ6dp6ijo/+iPMHmbj9lQcG5Y4UITUytBrQfjToZyZqc s4XSK1/FkoQ+C4aH/aWgeTBL3/yLPSDPcutUvcfqzgLj661yH5gHcL2F7FCXTt/t YpsRffUcoOsBVLfLNkMQDpEe9d9nKeLufNvhPHnvExEdJ5VW3Rn+D6jFRNFB3ek4 6XgvLQgQsj67a28U2nWTvXVPxpNhT+TD/u+d12amBpzS9nne9M40ye5R1Rup/Dn4 GprGdHi6pj5fTU0rVk3vt6iNTVZtmfpq/h+09rIDnxy9dZwmQ2SsIf9WHFFY+1yC 0YVMAdhAmKIY8nkCLaCsx0KMYA3yg5QNq8FIGROVxIajXdu9SSkbeGMJudrBfGcq pKFlzyqcVpQ9bobvt+Rd90hnEuKIB5T+dE1YSTafw8sitOebyFvG08skbAwW3v4V pmgEk6MLiB7KYhkjWgne36RkooADVYKOTy/ZCdktMdXx6bzzs/h4swotC5B0t/42 s2RZKUvylwXReuE6+L76oYrfx1Np6onXbR105fd2v5dWrHBuy/GVR8a2mmV4zpA8 SSrQcYi4a4qWA6WJaAa/ =H7be -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
It looks nice, but I would wait before using it when the people you're trying to hide from can throw you in jail if found. I will say I like how they're also making it a plugin for existing IM clients Pidgin Adium. I also can't look at their bugs page cause they have HSTS enabled and the SSL cert doesn't validate because it is for *.tenderapp.com and the URL is https://support.libtoxcore.so/ It looks like support.libtoxcore.so is a cname for tox.tenderapp.com and someone probably just forgot to set-up the SNI cert. --- -ITG (ITechGeek) i...@itechgeek.com https://itg.nu/ GPG Keys: https://itg.nu/contact/gpg-key Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook: http://fb.me/Jbwa.Net On Sat, Feb 14, 2015 at 9:55 AM, hellekin helle...@gnu.org wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/12/2015 01:45 PM, Tim Libert wrote: to have a secure voice conversation with persons located in mainland china *** Here is something I'm looking at: Tox (https://tox.im/) The project is APLHA software aiming at replacing Skype. It probably has its burden of bugs and certainly lacks proper security at this point. It would certainly benefit from scrutiny. On the crypto side, they chose NaCL, not a bad choice. ;o) It also support going through Tor. The functionality is awesome, especially considering its *alpha* status (I repeat to insist on the fact that it's a potential solution, and probably one that needs to be audited, because as people discover it, they tend to use it). It provides voice, video (including desktop view), file sharing, chat with UTF-8 support. It runs from the terminal with Toxic, or in GUI with qTox and uTox, on GNU/Linux 32 and 64 bit, Android, Windows, and MacOSX. The Windows port is more alpha than the *nix ports. == hk -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQJ8BAEBCgBmBQJU32HWXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0 ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9wFoQALnxMbnXGJAHOqxFEDDskmeN ziZGGvLA0EOYx6J0+4jhOpgNE3uedFWv3DuBdPd9f+DHjY0BWb5f4ND4/ajZdMnj 20IF2qOJgZRccGQ/1LFifZ6dp6ijo/+iPMHmbj9lQcG5Y4UITUytBrQfjToZyZqc s4XSK1/FkoQ+C4aH/aWgeTBL3/yLPSDPcutUvcfqzgLj661yH5gHcL2F7FCXTt/t YpsRffUcoOsBVLfLNkMQDpEe9d9nKeLufNvhPHnvExEdJ5VW3Rn+D6jFRNFB3ek4 6XgvLQgQsj67a28U2nWTvXVPxpNhT+TD/u+d12amBpzS9nne9M40ye5R1Rup/Dn4 GprGdHi6pj5fTU0rVk3vt6iNTVZtmfpq/h+09rIDnxy9dZwmQ2SsIf9WHFFY+1yC 0YVMAdhAmKIY8nkCLaCsx0KMYA3yg5QNq8FIGROVxIajXdu9SSkbeGMJudrBfGcq pKFlzyqcVpQ9bobvt+Rd90hnEuKIB5T+dE1YSTafw8sitOebyFvG08skbAwW3v4V pmgEk6MLiB7KYhkjWgne36RkooADVYKOTy/ZCdktMdXx6bzzs/h4swotC5B0t/42 s2RZKUvylwXReuE6+L76oYrfx1Np6onXbR105fd2v5dWrHBuy/GVR8a2mmV4zpA8 SSrQcYi4a4qWA6WJaAa/ =H7be -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
I know a number of VPN providers have a mode for hiding their OpenVPN connections (the VPN provider I have calls it Chameleon and says it's proprietary and you have to use their software). The solution that I personaly think might be better, is using Mumble in half duplex mode over TOR. http://www.hacker10.com/computer-security/encrypted-voice-over-ip-chat-mumble-works-with-tor/ https://guardianproject.info/2013/01/31/anonymous-cb-radio-with-mumble-and-tor/ Also if you don't need a full time server, you can take Andrew's suggestion and use a pay by the hr provider such as Amazon EC2 or Rackspace Cloud Servers (although I think a number of other VPS providers have started doing pay by the hour plans) - That should also give the benefit of being able to change IPs more often and depending on the provider, being able to change datacenters. --- -ITG (ITechGeek) i...@itechgeek.com https://itg.nu/ GPG Keys: https://itg.nu/contact/gpg-key Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook: http://fb.me/Jbwa.Net On Thu, Feb 12, 2015 at 5:57 PM, Brian Behlendorf br...@behlendorf.com wrote: On Thu, 12 Feb 2015, The Doctor wrote: On 02/12/2015 01:06 PM, Brian Behlendorf wrote: And this is why even people who care about their privacy still use Skype. Bad actors go to extraordinary, stupid lengths to restrict access and put surveillance measures in place. Hours rivalling that of Silicon Valley startups are spent fine tuning each and every last measure to make sure that almost nothing sneaks past. There is no magick wand that the other side of the game can wave to bypass them like a gentle breeze. Circumvention and counter-net.surveillance are hard, and if the other side doesn't bring its A game to match, it's just not going to happen. We may as well roll over and show our bellies. Exactly. Which is why no one should feel satisfied with the answer that was given. Brian -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/ mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
On Thu, Feb 12, 2015, at 04:06 PM, Brian Behlendorf wrote: And this is why even people who care about their privacy still use Skype. Is it really that hard? 2-step process below. 1) Setup VPN Astrill and Express VPNs are both working in China, as of today. https://www.astrill.com/ https://www.expressvpn.com/ 2) Sign-up for Ostel.co (and use Jitsi or CSip) for desktop or mobile, or use Redphone / Signal for just mobile calling. https://guardianproject.info/howto/callsecurely/ Is that really so hard? Also, Facetime does work, so that is the most likely brain-dead Skype-replacement option, though Apple may be silently dropping the encryption without any indicator to comply with local law. (This is what Line does for instance in Thailand). -- Nathan of Guardian nat...@guardianproject.info -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
From anecdotal experience: Running your own OpenVPN endpoint on a cloud provider like digitalocean* seems to work really well as long as you wrap the OpenVPN connection in something else like obfsproxy or stunnel. Theoretically if a commercial provider implemented something besides pure openvpn then that'd work as well. And if you want to roll your own node there is a set of ansiable scripts/playbooks called streisand at https://github.com/jlund/streisand, which includes a version of OpenVPN that proxies through an Stunnel connection. *Some slight issues arose with running on Digitalocean, the user's account was locked completely at first and wanted extensive identification to unlock(passport), and the speed from China to node hosted anywhere but Singapore or LA was extremely slow. A VM hosted in singapore also seemed to be randomly slow, even to stuff that was hosted in Singapore. -Andrew On Thu, Feb 12, 2015 at 2:13 PM, Nathan of Guardian nat...@guardianproject.info wrote: On Thu, Feb 12, 2015, at 11:45 AM, Tim Libert wrote: asking for a friend, can anybody suggest best ways to have a secure voice conversation with persons located in mainland china from outside china? threat model is interception by chinese authorities, other states/actors are not of significant concern. email alone is insufficient for task. 1) Setup a VPN of some sort to defend against traffic filtering and blocking. Tor doesn't work with streaming audio (UDP) so it isn't an option this case, but there are still viable VPN solutions out there (ExpressVPN and others detailed here: http://www.greycoder.com/best-vpn-china/) 2) Use something like Ostel (https://ostel.co/) service to have an end-to-end encryption audio and/or video call using Jitsi or CSipSimple (Android) or Linphone (iOS/Android): https://guardianproject.info/howto/callsecurely/ You might also try using Signal (iOS), Redphone (Android), or SilentCircle apps for mobile, but I am not completely up to date on how well they work at the moment. +n -- Nathan of Guardian nat...@guardianproject.info -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
On Thu, Feb 12, 2015, at 11:45 AM, Tim Libert wrote: asking for a friend, can anybody suggest best ways to have a secure voice conversation with persons located in mainland china from outside china? threat model is interception by chinese authorities, other states/actors are not of significant concern. email alone is insufficient for task. 1) Setup a VPN of some sort to defend against traffic filtering and blocking. Tor doesn't work with streaming audio (UDP) so it isn't an option this case, but there are still viable VPN solutions out there (ExpressVPN and others detailed here: http://www.greycoder.com/best-vpn-china/) 2) Use something like Ostel (https://ostel.co/) service to have an end-to-end encryption audio and/or video call using Jitsi or CSipSimple (Android) or Linphone (iOS/Android): https://guardianproject.info/howto/callsecurely/ You might also try using Signal (iOS), Redphone (Android), or SilentCircle apps for mobile, but I am not completely up to date on how well they work at the moment. +n -- Nathan of Guardian nat...@guardianproject.info -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 02/12/2015 01:06 PM, Brian Behlendorf wrote: And this is why even people who care about their privacy still use Skype. Bad actors go to extraordinary, stupid lengths to restrict access and put surveillance measures in place. Hours rivalling that of Silicon Valley startups are spent fine tuning each and every last measure to make sure that almost nothing sneaks past. There is no magick wand that the other side of the game can wave to bypass them like a gentle breeze. Circumvention and counter-net.surveillance are hard, and if the other side doesn't bring its A game to match, it's just not going to happen. We may as well roll over and show our bellies. - -- The Doctor [412/724/301/703/415] [ZS] Developer, Project Byzantium: http://project-byzantium.org/ PGP: 0x807B17C1 / 7960 1CDC 85C9 0B63 8D9F DD89 3BD8 FF2B 807B 17C1 WWW: https://drwho.virtadpt.net/ It's better to burn out than it is to rust. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJU3SjBAAoJED1np1pUQ8RkjwkP/1hJi2rJz8cZWBZudIf/zeRO qjrJB2ijVY+Rhy2e2rGqASLgByeI/49C0duwQK4Bnc8LxQnhJTQaf/6YRPeJavkW ebTZzGEqdCIBLVZL+DryP8rv09JzvEqdzqli64YluzphiigMl+jRqGJZCJaqiO6y MEQ1lzhkznvQlcl+Uso8+5lDPvmgBSkz6h3kltp8Za9ylcyQ0VNz81S+xslZrXV9 7MDHRjGwUvQxHTYH3vdPpEhkJER5y9oCq2at7GufvLC84lj23ytjvX80yzVr6S0v Lg2Wo6rGIf4lZK8AdKIwUupyQmAcEH2hL3UKkybfJut68gch2juFlb0yj/DLVorO 8v1Zv8dvSqQuIjk39iHo2aa1SeC1K9bXQLfCGUigpK18EHoWmvEb4N6lBmd+RJjJ QBAZmGLLHIO+h4wYTBwccObFMiYbzOKYq9yWP7IgqnVSC6h0C96hmes9aUMyjAhP utMF58NPYPRX/nF26vVLK4z0sfmEo4v2MFjz/TmfvVRt6vhiImROR5AG4qrXWDu6 pL0mKES8t/+0FHRBvVcdnrwt2EfqYeS1PRDZUPv0UTDaMWTnBUqtbrchp/FeFE5T a+Z9p2iTjlN4Cmi8ofngZBdGBqw0Q5O6g0TKBpE5HTiZdt/FVkQgwMLHbQiEUPnG vSdpWfb7g1LDvPqWSikh =TnYi -END PGP SIGNATURE- -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
And this is why even people who care about their privacy still use Skype. Brian On Thu, 12 Feb 2015, Andrew Lewis wrote: From anecdotal experience: Running your own OpenVPN endpoint on a cloud provider like digitalocean* seems to work really well as long as you wrap the OpenVPN connection in something else like obfsproxy or stunnel. Theoretically if a commercial provider implemented something besides pure openvpn then that'd work as well. And if you want to roll your own node there is a set of ansiable scripts/playbooks called streisand at https://github.com/jlund/streisand, which includes a version of OpenVPN that proxies through an Stunnel connection. *Some slight issues arose with running on Digitalocean, the user's account was locked completely at first and wanted extensive identification to unlock(passport), and the speed from China to node hosted anywhere but Singapore or LA was extremely slow. A VM hosted in singapore also seemed to be randomly slow, even to stuff that was hosted in Singapore. -Andrew On Thu, Feb 12, 2015 at 2:13 PM, Nathan of Guardian nat...@guardianproject.info wrote: On Thu, Feb 12, 2015, at 11:45 AM, Tim Libert wrote: asking for a friend, can anybody suggest best ways to have a secure voice conversation with persons located in mainland china from outside china? threat model is interception by chinese authorities, other states/actors are not of significant concern. email alone is insufficient for task. 1) Setup a VPN of some sort to defend against traffic filtering and blocking. Tor doesn't work with streaming audio (UDP) so it isn't an option this case, but there are still viable VPN solutions out there (ExpressVPN and others detailed here: http://www.greycoder.com/best-vpn-china/) 2) Use something like Ostel (https://ostel.co/) service to have an end-to-end encryption audio and/or video call using Jitsi or CSipSimple (Android) or Linphone (iOS/Android): https://guardianproject.info/howto/callsecurely/ You might also try using Signal (iOS), Redphone (Android), or SilentCircle apps for mobile, but I am not completely up to date on how well they work at the moment. +n -- Nathan of Guardian nat...@guardianproject.info -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu. -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
Re: [liberationtech] secure voice options for china?
On Thu, 12 Feb 2015, The Doctor wrote: On 02/12/2015 01:06 PM, Brian Behlendorf wrote: And this is why even people who care about their privacy still use Skype. Bad actors go to extraordinary, stupid lengths to restrict access and put surveillance measures in place. Hours rivalling that of Silicon Valley startups are spent fine tuning each and every last measure to make sure that almost nothing sneaks past. There is no magick wand that the other side of the game can wave to bypass them like a gentle breeze. Circumvention and counter-net.surveillance are hard, and if the other side doesn't bring its A game to match, it's just not going to happen. We may as well roll over and show our bellies. Exactly. Which is why no one should feel satisfied with the answer that was given. Brian -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.
[liberationtech] secure voice options for china?
asking for a friend, can anybody suggest best ways to have a secure voice conversation with persons located in mainland china from outside china? threat model is interception by chinese authorities, other states/actors are not of significant concern. email alone is insufficient for task. thanks. tim -- Liberationtech is public archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu.