- Problem Description
- Proposed Solution
- Hands On
- Source Code
In a digital world, internet calls have become an alternative for global communications at low cost; they are used daily by millions of people. While the benefits of this technology are obvious, the implications related to privacy are unknown by most users. So, it is worth asking if someone could monitor, record or listen to these calls.
The threat model and the proposed solution for it will be explained in the first section. The traditional communication model versus an autonomous one is schematized through images. The use of the proposed solution is explained in a practical way in the second section of the article. Finally, the conclusions and recommendations are presented at the end.
Mumble : A client-server system that allows audio communications between two or more people through the Internet.
Tor: Tor is a distributed network that allows anonymity on the Internet. It is commonly used through their browser, which allows you to access websites anonymously. Additionally, Tor allows exposing TCP services that are accessible only within the Tor network known as Hidden Services or Onion Services.
VoIP: Voice over IP (VoIP) communication allows establishing voice calls through data networks, the most common use is through the Internet.
The following article is a conceptual proposal that has not been sufficiently tested yet, so it is recommended to use it at your own risk.
IP telephony services such as Skype, Hangouts, WhatsApp and others allow quick and cheap communications globally. While the benefits thereof are evident; there are also implications related to privacy. The aforementioned centralize the communications of billions of people. For example, Microsoft, in the case of Skype, or Google, in that of Hangouts, have full access to all communications that cross their servers, as can be seen in Image 1.
Image 1: Traditional VOIP scheme.
For this reason, if the communication is not end-to-end encrypted, these companies can spy on their users’ calls. If they were encrypted, providers would not be able to listen to the communications but would have access to their metadata. Which would allow them to know who communicates with whom, how long the call lasts, the members involved, their geolocation, their IP address, and so on.
The solution proposed in this article seeks to allow two or more people to communicate avoiding the risks stated above. For example, the communication would be carried out without anyone else knowing that it existed. To achieve this goal, the combination of Mumble systems and Tails will be used.
Tails is an operating system based on Linux and Tor that, among other things, allows instant messaging and encrypted mail. These technologies combined with the Tor anonymity network allow to hide the data and metadata of the communications; however, Tails does not provide the ability to have secret voice communications. Unlike text, voice ones usually work using the UDP protocol that is not compatible with Tor.
Mumble is an audio conference system used as a complement for online video games and meetings over the Internet. It has the feature of using low bandwidth and working well with low latency connections. In addition Mumble, unlike other VoIP solutions, is compatible with the TCP protocol, so it can work with Tor.
Bash scripts were developed to automate the installation of Mumble in Tails, both in persistent mode and in amnesia. These scripts also configure a Tor hidden service for the Mumble server. The name of the hidden service serves as the address to which the conversation participants will have to connect. As one of the participants will run the Mumble server, no one outside the conversation will know that the communication occurred, as can be seen in Image 2.
Image 2. Solution Mumble with Tails.
The scripts are described below:
- Update the apt repository.
- Install Mumble client and server.
- Configure the Hidden Service.
- Show in screen the Hidden Service address and copies it to the clipboard.
In persistence mode, copy all configurations of the Mumble server and the Hidden Service to the persistence folder.
- Removes the Mumble and Hidden Service configuration.
- Eliminates the packages for the mumble-server, mumble, and the dependencies that are not needed anymore.
- To be used only in persistence mode.
- Copies the configuration for Mumble and Hidden Service from the persistence volume to the respective location expected by these services.
- Restarts Tor to expose Mumble trough the Hidden Service.
- Shows in screen the Hidden Service address and copies it to the clipboard.
Boot Tails operating system and in the welcome screen configure a root password.
Image 3: Greeting Tails screen
Be sure to copy the shell scripts to an accessible place such as
In persistence mode, it is recommended to copy the scripts to
/home/amnesia/Persistent/mumble-scripts so that they would be accessible after reboot.
Open a console.
Become root using the sudo command.
Give execution permissions with the following command:
To configure the Mumble server run:
At the end of the command execution there would be an
.onion address shown in the screen, as it can be seen in the red box in the following image. The
.onion address is also copied to the clipboard so it could be easier to share.
Image 4: Execution of the setup-mumble.sh
It is important to notice that in image 4, the options Install Only Once and Install Every Time would be presented. The first option is useful if Mumble is going to be used only once; the second option is recommended if Mumble will be used on a recurring basis so it would always be accessible.
In the Applications menu, under the Internet section, the Mumble program is accessible as shown in image 5:
Imagen 5: Mumble execution.
Note: As an alternative, the command
mumble can be executed from the command line with an unprivileged user.
.onion address with other conference participants. For this, use the communication tools provided by Tails, such as, encrypted chat, secure mail or others.
The first time Mumble is executed, the voice configuration wizard will be launched. If headphones are not used, it is recommended to select “push to talk” option on the “Voice Activity” window as seen in image 6. This way, the microphone will be activated only when the push button is pressed and that will solve most of the echo problems that could happen.
Image 6: Select the push to talk option in Mumble.
Once the wizard has finished, a new connection should be configured. For this, select “add new” and setup the following information as seen in image 7.
Setup the connection configuration as follows:
- Label: Connection name.
- Address: The
- Port: Leave the default.
- Username: Put an user alias, it can be anything.
In the third step you should click on “connect”. After this, a certificated error message will be presented. This message can be ignored, as authentication with the server is managed by the Hidden Service.
Image 7: Configure Mumble connection.
Once these steps are finished, both Alice and Bob will be able to talk with each other as seen in image 15.
Image 8: Established connection and connected clients.
This solution uses the security, privacy and anonymity features of Tails, and combines them with Mumble to offer acceptable secure communications. If the local Internet provider tries to spy the communication, they could know Alice is using Tor, but not what for. Since there is no VoIP provider, that adversary is eliminated from the thread model.
This is not a perfect solution and there are some considerations that need to be taken into account. The use of Tor could delay the voice communication and this could make the conversations overlap. For this solution to work, it is important that only one person speaks at the same time.
The upload bandwidth should be taken into account because it is a full-duplex connection. This is a very important consideration for the person running the server as she would need to create n communication channels. If Alice is the person hosting the server with 4 people, then she would need to start 4 communication channels.
Basic Linux command line knowledge is necessary because this is not a complete solution, but a proof of concept. To improve the user’s experience, a future version should include a graphic interface as part of a packaged solution.
The Tails operating system offers secure communications for chat and email, but lacks a solution for real time VoIP. The scripts presented here could be used as an input for the Tails project to take into account for future versions.
In this section, we share the source code developed for this solution.