Encryption
Posted: 11/05/2020
I have been a user of Freephoneline for years and like the service overall, but I am concerned about privacy and security.
Whereas, much of the internet has shifted to using encryption over the internet in the past decade, VOIP telephone service providers including Freephoneline haven't kept up with the remainder of the industry. I think that it is time for Freephoneline to play catch up. Currently, there isn't encryption. This means our plain text SIP login information can be intercepted, our call meta data can be intercepted (e.g. information that the whistle was blown on the US government for illegally collecting), and our conversations aren't secure when transmitted to/from Freephoneline.
Requests:
-Adopt SIPS and SRTP functionality to securely transmit login/passwords, call metadata, and conversations to/from Freephoneline.
-Add functionality to Freephoneline's website to enable users to change the SIP password, which may be compromised due to being transmitted unencrypted.
-Add encryption to this forum. This is the only website with a login/password that I know of, which doesn't employ encryption.
Reference
https://www.pcmag.com/news/voips-big-se ... em-its-sip
Additional reference (example of financial risk to Freephoneline users if malicious parties were to use our accounts to call toll lines):
https://betanews.com/2020/11/05/hackers ... erability/
Whereas, much of the internet has shifted to using encryption over the internet in the past decade, VOIP telephone service providers including Freephoneline haven't kept up with the remainder of the industry. I think that it is time for Freephoneline to play catch up. Currently, there isn't encryption. This means our plain text SIP login information can be intercepted, our call meta data can be intercepted (e.g. information that the whistle was blown on the US government for illegally collecting), and our conversations aren't secure when transmitted to/from Freephoneline.
Requests:
-Adopt SIPS and SRTP functionality to securely transmit login/passwords, call metadata, and conversations to/from Freephoneline.
-Add functionality to Freephoneline's website to enable users to change the SIP password, which may be compromised due to being transmitted unencrypted.
-Add encryption to this forum. This is the only website with a login/password that I know of, which doesn't employ encryption.
Reference
https://www.pcmag.com/news/voips-big-se ... em-its-sip
Additional reference (example of financial risk to Freephoneline users if malicious parties were to use our accounts to call toll lines):
https://betanews.com/2020/11/05/hackers ... erability/