Ghost Call – Secure, Encrypted, Anonymous Calling (opens in new tab)

(ghostcall.io)

91 pointstvirelli11y ago71 comments

71 comments

49 comments · 16 top-level

xbryanx11y ago· 7 in thread

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

I used to use this quote all the time too...until I realized it originally meant something entirely different.

http://techcrunch.com/2014/02/14/how-the-world-butchered-ben...

jessriedel11y ago

I don't see how it means something entirely different. At most, Franklin and the other founding fathers had a more expansive notion of liberty than is now common. Both the sanctity of private property and the right to privacy are aspects of that sort of liberty.

usefulcat11y ago

I think the point is that the context is fundamentally different:

"In short, Franklin was not describing some tension between government power and individual liberty. He was describing, rather, effective self-government in the service of security as the very liberty it would be contemptible to trade. Notwithstanding the way the quotation has come down to us, Franklin saw the liberty and security interests of Pennsylvanians as aligned."

http://www.lawfareblog.com/2011/07/what-ben-franklin-really-...

1 more reply

afarrell11y ago

Is private property really still sanctified when so much of our wealth has come from robbery, slavery, and rents extracted under intimidation?

Strong property rights are very useful to a healthy economy, but sanctified?

2 more replies

slg11y ago

The biggest problem is the quote is now used to set up a false dichotomy between safety and liberty when it was originally more about balancing short and long term priorities. Franklin was simply making a quip about the legislature considering the deal from the Penn family. He meant something along the lines of "people who give up their rights to self governance for temporary safety don't deserve either to govern themselves or be protected" He was basically responding to the potential deal with "do you think we are stupid cowards?" or a slightly more eloquent version of "do you think I was born yesterday?"

1 more reply

afarrell11y ago

Is private property really still sanctified when so much of our wealth has come from robbery, slavery, and rents extracted under intimidation?

1 more reply

jfmercer11y ago

It never ceases to amaze me how much the mythology surrounding the Founding Fathers really boils down to taxation.

themartorana11y ago

Because all they knew of taxation was theft of the poor to line the pockets of the rich with no true benefit coming from taxes paid (other than avoiding prison).

Sound familiar?

ncza11y ago· 7 in thread

Site seems dead.

Is it free software? What differentiates it from Signal/TS?

tedks11y ago

* It is free software, or rather, the client they recommend is Linphone, an existing open-source VoIP client. * Specifically, the value add is an introduction/routing layer over SIP. They recommend connecting via Tor. * The encryption is stock ZRTP.

In comparison, Signal/TS is free software, but uses novel crypto for text messages. I believe RedPhone/Signal voice is still just ZRTP. RedPhone/Signal will convert the SAS code to two frequently-amusing phrases, whereas LinPhone will just display the raw code.

There doesn't seem to be an easy way to use RedPhone with Tor, or to anonymously register with RedPhone, though I could be wrong.

Canada11y ago

Redphone/Signal has its own signaling protocol for voice calls as well. This service uses SIP. The Redphone protocol is simple in design, while SIP is the opposite.

patcon11y ago

Agreed. Google cache: https://webcache.googleusercontent.com/search?q=cache:CoDOYa...

Squale11y ago

Ok on Tor but no https so anyone could get your number/password and steal your identity

http://hc3sz3i2rb5dljqq.onion/

Edit: my bad it's late...of course there is no risk of mitm as it's a tor service, so no risk of bad exit node -_-' sorry guys

lambada11y ago

That's not how Tor Hidden Services work. They're encrypted end-to-end (well, from your node to the host of the Hidden Service. So accessing via that address leaves no room* for anyone to get your number/password or steal your identity.

* (Usual caveats about that being the correct .onion address, about the encryption not flawed etc)

tvirelliOP11y ago

OK, we have moved to a server that can handle the load. It may take a bit for DNS to propagate for everyone!

tvirelliOP11y ago

We're moving it to a new server with lots more bandwidth!

patcon11y ago· 5 in thread

Hm. I'm not sure I get it. (from the Google cache)

> Q: Can I call any number I want?

> A: No. Ghost Call can only call other Ghost Call numbers.

> Q: How can we contact you?

> A: You can email us at info@ghostcall.io, or Ghost Call us: (490)-628-2381

So it's a ZRTP SIP provider that uses regular phone number format as the identifier? It strikes me as rather much like OSTN/OSTel, but using a phone-number-looking identifier rather than a username... and if that's the case, the whole ostn stack is opensource/auditable and federated, so I'm unsure of the improvement here, aside from the branding. Heck, I would prefer if they used the OSTN chef cookbooks and contributed back.

EDIT: Nooo! I'm the downer top commenter! I have become all that I am mildly irritated by. To clarify, I like that this service was created, and commend the interest of the devs, regardless of my outstanding questions :)

john867530911y ago

So the project was built for a hobby, I wanted an encrypted phone service. But I wanted every aspect of it to be encrypted, from the signaling to the RTP. I wanted to make sure that no unencrypted client could connect to the platform. I would be interested in peering with oslec though.

chatmasta11y ago

"You can do this with open source, X, Y and Z" is the classic initial criticism of successful companies. What critics forget to consider is that 99.9% of people do not enjoy doing complicated things. If private calls were as easy as public calls, why wouldn't someone make a private call?

I think there is even an XKCD for this phenomenon.

rakoo11y ago

In these situations I'm always reminded of this answer to the "Show HN: Dropbox" (https://news.ycombinator.com/item?id=9224):

For a Linux user, you can already build such a system yourself quite trivially by getting an FTP account, mounting it locally with curlftpfs, and then using SVN or CVS on the mounted filesystem. From Windows or Mac, this FTP account could be accessed through built-in software

wildster11y ago

Seems better than Skype.

unicornporn11y ago

"Better" is a broad claim. Have you compared SIP/Skype call quality and reliability.

dataker11y ago· 5 in thread

> A:During the beta period logs are kept for 24 hours, once beta is complete there will be no call log records.

Is there a particular reason to do so during their beta?

iaw11y ago

Not associated with Ghost Call but my expectation is that they'd use the logs for debugging major bugs during the beta period. Kind of hard to identify and reproduce transient issues without those logs.

john867530911y ago

You hit it on the head. I am not interesting in anything but calls not working. After that I have no need or want for the data.

1 more reply

joepie91_11y ago

If there are logs to be kept to begin with, I'd be very skeptical about any "anonymous" and "secure" claims. If it requires trust, then it isn't.

patcon11y ago

Every computer has logs. If you interact with a server, you can't avoid it. Until we have decentralized apps, trust on this is unavoidable.

ZRTP and the sign-up process means it will be hard to connect the little metadata they have, so they've narrowed down the amount they're trusted with by a large margin

1 more reply

DSMan19527611y ago

If logs include useful call information, then it might be useful for debugging purposes. Without a log, you'd have no idea what happened.

That said, that's just a guess.

kseistrup11y ago· 3 in thread

So by registrating I get (1) a number, (2) a password, and (3) a country code. What do I enter as username etc. in Linphone?

patcon11y ago

presumably the country code + phone number is your username... but I can't see the tutorial videos while the site is struggling

kseistrup11y ago

I've tried both with and without the country code, but the SIP client fails to register. The server could be overloaded, tough — perhaps I should try again tomorrow.

2 more replies

kseistrup11y ago

username = phone number (sans international prefix), domain = call.ghostcall.io, transport = tls.

drussell11y ago· 2 in thread

Anonymity is quite the growing market segment. And the NSA is as unpopular as ever.

It's fascinating how the public responds to the government.

amelius11y ago

Is that true? I hear bitcoin is gaining market share, and it is the antithesis of anonymity.

andrewchambers11y ago

I think you are confusing anonymity with something else. Bitcoin is entirely anonymous, but all transactions are public. You can create as many wallets and keys as you want, and you don't have to tell anyone you own them.

4 more replies

crypt1d11y ago· 1 in thread

Looks cool but the 'About' part might be 'too much' for the average Joe. I'd put it in layman terms if I were you, maybe make a simple diagram...etc

KFW50411y ago

Agreed - this is amazing, but speed to scale comes with clarity for the masses

0x006A11y ago· 1 in thread

how does it compare to OSTN/OSTel (https://ostel.co/)

john867530911y ago

I have never personally used the service, but the design from the ground up on ghost call is encryption, using all open source phones/etc (I think ostel does this as well) I also wanted to prevent any unencrypted client from connecting either intentionally or by misconfiguration.

ericfontaine11y ago· 1 in thread

Will this be available on f-droid? Many people don't like having google play on their phone, especially those concerned with privacy and open-source. I know the user can always compile this themselves.

patcon11y ago

Peanut gallery here: It's just a service that will work with most any SIP client app that supports ZRTP -- csipsimple, linphone, etc :)

doomrobo11y ago· 1 in thread

Could anybody explain what ZRTP hash is and why it's insecure?

KFW50411y ago

This might help: http://blog.cryptographyengineering.com/2012/11/lets-talk-ab...

chatmasta11y ago

If you are going to recommend users connect to you via a proxy or Tor, don't recommend tor2web. The whole point of tor2web is that it's a non-anonymous way to access Tor. Your traffic goes through tor2web servers, which are not part of the onion routing.

Anyway, nice business. If I'm understanding correctly, you are basically an SIP hosting provider that assumes your clients will use Linphone to connect. Am I correct in this? If so, it's an interesting model, but I think you need to put more effort into clarifying that you are a host, not a security provider. Also, you might want to apply some of that hosting expertise to your website....

john867530911y ago

Hey everyone, the site is having a hard time responding (obviously), I am working to get it back going, Thanks for hanging in there!

MrSheen181211y ago

Have gone through the setup for Android, manage to make calls but they're not secured, TLS and ZRTP enabled, STUN server correct.....

howtoplayhuman11y ago

Hmmmm?

1st: Ghost Call recommends ZRTP media encryption

2nd: ZRTP hash allows a MITM (Man In The Middle) and creates a risk of decryption.

Why recommend it then? Am I missing something?

tvirelliOP11y ago

We updated the site with a video showing video chat!

dataker11y ago

Seems like a great project, but I'd argue governments would heavily try to undermine it.

j / k navigate · click thread line to collapse

71 comments

49 comments · 16 top-level

xbryanx11y ago· 7 in thread

"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."

I used to use this quote all the time too...until I realized it originally meant something entirely different.

http://techcrunch.com/2014/02/14/how-the-world-butchered-ben...

jessriedel11y ago

usefulcat11y ago

I think the point is that the context is fundamentally different:

http://www.lawfareblog.com/2011/07/what-ben-franklin-really-...

1 more reply

afarrell11y ago

Is private property really still sanctified when so much of our wealth has come from robbery, slavery, and rents extracted under intimidation?

Strong property rights are very useful to a healthy economy, but sanctified?

2 more replies

slg11y ago

1 more reply

afarrell11y ago

Is private property really still sanctified when so much of our wealth has come from robbery, slavery, and rents extracted under intimidation?

1 more reply

jfmercer11y ago

It never ceases to amaze me how much the mythology surrounding the Founding Fathers really boils down to taxation.

themartorana11y ago

Because all they knew of taxation was theft of the poor to line the pockets of the rich with no true benefit coming from taxes paid (other than avoiding prison).

Sound familiar?

ncza11y ago· 7 in thread

Site seems dead.

Is it free software? What differentiates it from Signal/TS?

tedks11y ago

There doesn't seem to be an easy way to use RedPhone with Tor, or to anonymously register with RedPhone, though I could be wrong.

Canada11y ago

Redphone/Signal has its own signaling protocol for voice calls as well. This service uses SIP. The Redphone protocol is simple in design, while SIP is the opposite.

patcon11y ago

Agreed. Google cache: https://webcache.googleusercontent.com/search?q=cache:CoDOYa...

Squale11y ago

Ok on Tor but no https so anyone could get your number/password and steal your identity

http://hc3sz3i2rb5dljqq.onion/

Edit: my bad it's late...of course there is no risk of mitm as it's a tor service, so no risk of bad exit node -_-' sorry guys

lambada11y ago

* (Usual caveats about that being the correct .onion address, about the encryption not flawed etc)

tvirelliOP11y ago

OK, we have moved to a server that can handle the load. It may take a bit for DNS to propagate for everyone!

tvirelliOP11y ago

We're moving it to a new server with lots more bandwidth!

patcon11y ago· 5 in thread

Hm. I'm not sure I get it. (from the Google cache)

> Q: Can I call any number I want?

> A: No. Ghost Call can only call other Ghost Call numbers.

> Q: How can we contact you?

> A: You can email us at info@ghostcall.io, or Ghost Call us: (490)-628-2381

john867530911y ago

chatmasta11y ago

I think there is even an XKCD for this phenomenon.

rakoo11y ago

In these situations I'm always reminded of this answer to the "Show HN: Dropbox" (https://news.ycombinator.com/item?id=9224):

wildster11y ago

Seems better than Skype.

unicornporn11y ago

"Better" is a broad claim. Have you compared SIP/Skype call quality and reliability.

dataker11y ago· 5 in thread

> A:During the beta period logs are kept for 24 hours, once beta is complete there will be no call log records.

Is there a particular reason to do so during their beta?

iaw11y ago

john867530911y ago

You hit it on the head. I am not interesting in anything but calls not working. After that I have no need or want for the data.

1 more reply

joepie91_11y ago

If there are logs to be kept to begin with, I'd be very skeptical about any "anonymous" and "secure" claims. If it requires trust, then it isn't.

patcon11y ago

Every computer has logs. If you interact with a server, you can't avoid it. Until we have decentralized apps, trust on this is unavoidable.

ZRTP and the sign-up process means it will be hard to connect the little metadata they have, so they've narrowed down the amount they're trusted with by a large margin

1 more reply

DSMan19527611y ago

If logs include useful call information, then it might be useful for debugging purposes. Without a log, you'd have no idea what happened.

That said, that's just a guess.

kseistrup11y ago· 3 in thread

So by registrating I get (1) a number, (2) a password, and (3) a country code. What do I enter as username etc. in Linphone?

patcon11y ago

presumably the country code + phone number is your username... but I can't see the tutorial videos while the site is struggling

kseistrup11y ago

I've tried both with and without the country code, but the SIP client fails to register. The server could be overloaded, tough — perhaps I should try again tomorrow.

2 more replies

kseistrup11y ago

username = phone number (sans international prefix), domain = call.ghostcall.io, transport = tls.

drussell11y ago· 2 in thread

Anonymity is quite the growing market segment. And the NSA is as unpopular as ever.

It's fascinating how the public responds to the government.

amelius11y ago

Is that true? I hear bitcoin is gaining market share, and it is the antithesis of anonymity.

andrewchambers11y ago

4 more replies

crypt1d11y ago· 1 in thread

Looks cool but the 'About' part might be 'too much' for the average Joe. I'd put it in layman terms if I were you, maybe make a simple diagram...etc

KFW50411y ago

Agreed - this is amazing, but speed to scale comes with clarity for the masses

0x006A11y ago· 1 in thread

how does it compare to OSTN/OSTel (https://ostel.co/)

john867530911y ago

ericfontaine11y ago· 1 in thread

patcon11y ago

Peanut gallery here: It's just a service that will work with most any SIP client app that supports ZRTP -- csipsimple, linphone, etc :)

doomrobo11y ago· 1 in thread

Could anybody explain what ZRTP hash is and why it's insecure?

KFW50411y ago

This might help: http://blog.cryptographyengineering.com/2012/11/lets-talk-ab...

chatmasta11y ago

john867530911y ago

Hey everyone, the site is having a hard time responding (obviously), I am working to get it back going, Thanks for hanging in there!

MrSheen181211y ago

Have gone through the setup for Android, manage to make calls but they're not secured, TLS and ZRTP enabled, STUN server correct.....

howtoplayhuman11y ago

Hmmmm?

1st: Ghost Call recommends ZRTP media encryption

2nd: ZRTP hash allows a MITM (Man In The Middle) and creates a risk of decryption.

Why recommend it then? Am I missing something?

tvirelliOP11y ago

We updated the site with a video showing video chat!

dataker11y ago

Seems like a great project, but I'd argue governments would heavily try to undermine it.

j / k navigate · click thread line to collapse