News:

"The phone is a remarkably complex, simple device,
and very rarely ever needs repairs, once you fix them." - Dan/Panther

Main Menu

The end of POTS?

Started by Phonesrfun, March 20, 2011, 12:51:45 PM

Previous topic - Next topic

dhpnet

#255
At my house, I can sign up for Google Fiber, Comcast/Xfinity, or CenturyLink.

Google put their fiber line underground in the street. I haven't had any problems with them, and they are very nice. They only offer 1 GB or 2 GB internet and VoIP telephone. I got the 1GB plan and it is very fast, but it is a little expensive at $70/month. VoIP telephone is $10/month extra. 

Comcast/Xfinity still has the copper coax on the telephone pole behind my house. I can get gigabit internet on that wire, and it works very well. Comcast is notorious for constantly and endlessly raising their prices, so I dropped them for Google when the price went up again. It was over $120 per month just for gig speed internet without cable TV. I won't pay for TV when I can get over 100 channels for free with an antenna.  They also offer VoIP telephone for an extra charge. My neighbor said he pays them $40 per month for their phone service. They call it landline phone, but it is VoIP.

CenturyLink currently only has the original copper phone lines coming to my house. Telephone service is shockingly expensive. My neighbor said he pays over $70 per month. CenturyLink only offer DSL internet on that line. But, they are in the process of adding fiber optic in my neighborhood. They are just twisting the fiber optic cable around the old copper wire on the telephone pole. The worker said that they will probably disconnect the copper wires when they are done and telephone will require a VoIP box after the fiber is installed.

So, I will be able to continue having something that looks like Plain Old Telephone Service, but it will really be VoIP over the internet. The original POTS over copper wires will cease to exist soon. 



markosjal

Quote from: MMikeJBenN27 on January 12, 2023, 06:16:15 PMRegular phone is not dead.  Not yet.  I still have mine and refuse to get rid of it.  I DON'T WANT to place phone calls over the internet.  The internet is full of hackers, and it is Public Domain.  I still value my privacy.  I don't care about "changing times", as I am not a follower of trends.

Mike

Yea but most all VoIP services nowadays are encrypted and unless you are stupid enough to put a "man in the middle" like a VPN then your calls are pretty secure darn and still fall under all of the legal protections of phone calls. To decrypt a call you need to be at one end or the other or as I said "in the middle". Not too easy
Phat Phantom's phreaking phone phettish

AliceWonder

Quote from: markosjal on January 14, 2023, 12:55:31 AMYea but most all VoIP services nowadays are encrypted and unless you are stupid enough to put a "man in the middle" like a VPN then your calls are pretty secure darn and still fall under all of the legal protections of phone calls. To decrypt a call you need to be at one end or the other or as I said "in the middle". Not too easy

A VPN does not create a man in the middle but the VoIP provider itself often is itself a man in the middle.
It's still end to end between you and the VoIP company, or between you and the other endpoint if your phone really does negotiate a shared encryption secret with the other endpoint phone.

AliceWonder

#258
Note that for actual end-to-end encryption to work, both parties have to have non-revoked signed certificates and clients that either trust each other's certificates or trust certificate authorities that have signed each other's certificates.

Without that, you are vulnerable to MITM regardless of how the two endpoints are connected.

The reason for this is the clients sign the public data the two endpoints send each other that used to negotiate the shared secret.

One endpoint has "A" and "a" and the other has "B" and "b". The first sends "A" to the second and the second sends "B" to the first. The shared secret "s" can be derived from "Ab" and "Ba" but not from "AB", so the shared secret is never transmitted between them but both independently derive the same shared secret that is used to encrypt the message.

Look up DH key exchange to see how it works. ECDHE, which is more modern, is conceptually the same.

But the first has to know that "B" really came from the second and the second has to know that "A" really came from the first, or MITM is possible. That's where the signed certificates come in.

markosjal

Quote from: AliceWonder on March 28, 2023, 09:47:29 PMA VPN does not create a man in the middle but the VoIP provider itself often is itself a man in the middle.
It's still end to end between you and the VoIP company, or between you and the other endpoint if your phone really does negotiate a shared encryption secret with the other endpoint phone.

That is precisely what I mean. Many VPN companies have been purchased by questionable owners recently. The  VPN company itself or its partners becomes the man in the middle
Phat Phantom's phreaking phone phettish

AliceWonder

They can't become the man in the middle of an end to end encrypted connection because the shared secret is never transmitted, nor is the ability to generate it transmitted.

With DH key exchange (DHE), the number A is public and sent but a is private. B is public and sent but b is private. Via modular math, A*b = B*a and thus is the shared secret - but A*B is meaningless, so there is no way for a VPN (or anyone else) to break the encryption between the two endpoints (well, things like logjam attack exist, but that's only feasible with 1024-bit or smaller encryption).

End to End encryption is only vulnerable to an attacker that has access to one of the endpoints or is able to spoof one of the endpoints, but signed certificates and the PKI system makes that incredibly difficult unless the attacker has control of one of the endpoints.

A VPN doesn't give the magic security some think it does, all it really does is sometimes keep your IP address a secret (but it often doesn't even do that), but a VPN can not become a MITM between two parties communicating with DHE/ECDHE key exchange and a somewhat modern encryption algorithm.

They can however log all your activity through them and sell the data and yes, many have been caught doing just that.

MMikeJBenN27

One of the reasons I refuse to become an on-line freak.

Mike

markosjal

#262
Quote from: AliceWonder on March 29, 2023, 04:05:11 AMThey can't become the man in the middle of an end to end encrypted connection...

no idea where you get this info but it is the VPN server that generates said encryption key leaving the VPN server (VPN company) "in the middle" of the connection

https://security.stackexchange.com/questions/104486/does-using-a-vpn-completely-stop-mitm-man-in-the-middle-attacks-if-not-what

Phat Phantom's phreaking phone phettish

AliceWonder

The VPN encrypts everything between you and the VPN but when you connect to an encrypted endpoint (web server or end to end encryption, whatever) then what the VPN is encrypting and decrypting is an already encrypted message.

It's encrypted by your application client (web browser, phone, whatever) using a shared secret only your application client and the destination have. Then the encrypted message is further encrypted by your VPN client, using a shared secret (and often a different encryption algorithm) only your VPN client and VPN provider have.

Then when it gets to your VPN provider, the VPN encryption is decrypted but the original encryption is still there for the message being sent to the destination.

markosjal

Quote from: AliceWonder on March 30, 2023, 05:13:12 AMThe VPN encrypts everything between you and the VPN but when you connect to an encrypted endpoint (web server or end to end encryption, whatever) then what the VPN is encrypting and decrypting is an already encrypted message.

It's encrypted by your application client (web browser, phone, whatever) using a shared secret only your application client and the destination have. Then the encrypted message is further encrypted by your VPN client, using a shared secret (and often a different encryption algorithm) only your VPN client and VPN provider have.

Then when it gets to your VPN provider, the VPN encryption is decrypted but the original encryption is still there for the message being sent to the destination.

You are making a LOT of assumptions your first error is TRUSTING a 3rd party. (VPN Provider). What you say may be true on a PRIVATE VPN but not always on a commercial VPN. Need I say more?
Phat Phantom's phreaking phone phettish

tubaman

Quote from: markosjal on April 01, 2023, 04:02:01 AMYou are making a LOT of assumptions your first error is TRUSTING a 3rd party. (VPN Provider). What you say may be true on a PRIVATE VPN but not always on a commercial VPN. Need I say more?

Perhaps I'm missing something but I can't see where @AliceWonder said they trusted VPN providers. What has been correctly stated is that you are using an end-to-end (ie client to client) encrypted message system then the security or otherwise of the VPN you are using is of little relevance.

markosjal

#266
You need to read the thread. If you use a "VPN Provider" its a lot different than a "Private VPN" and that is my point . VPN providers should not be trusted for security. Go ahead and trust your VPN provider with your bank account and Login to your bank. Many Free VPNs SELL YOUR DATA (as yes they can see it).

With ANY VPN you put a "Man in the middle". The question is how trustworthy, or WHO is that man.

I do not care what anyone says,  there is more than enough evidence to support this statement.  ANY VPN provider has the ability to control or read encryption keys sent to both ends.

If anyone doubts this ASK GOOGLE, but it relates mostly Commercial VPN providers not PRIVATE VPNs as you yourself control that with PRIVATE VPN.

I am too out of breath to keep saying it. Done with this thread, believe what you want.
Phat Phantom's phreaking phone phettish

tubaman

Quote from: markosjal on April 01, 2023, 01:47:19 PMYou need to read the thread. If you use a "VPN Provider" its a lot different than a "Private VPN" and that is my point . ...

That I do agree with as most consumers use a VPN provider to disguise the source of their traffic, for example so someone in the UK can watch Netflix from the USA which would otherwise not work. It does also encrypt the traffic but that is not usually its primary purpose.
A private VPN is there to ensure the traffic is secured and cannot be tampered with en-route (ie by a man in the middle attack).

Quote from: markosjal on April 01, 2023, 01:47:19 PM... Go ahead and trust your VPN provider with your bank account and Login to your bank. Many Free VPNs SELL YOUR DATA (as yes they can see it).
...

As the connection to my bank is HTTPS encrypted then all the VPN provider would know is that I have connected to my banks website. They would not be able to work out whether I was just looking at their products or actually logging in and doing some banking.

markosjal

#268
Quote from: tubaman on April 02, 2023, 03:17:29 AM...A private VPN is there to ensure the traffic is secured and cannot be tampered with en-route (ie by a man in the middle attack)...

Do not forget ANY VPN Provider is "in the middle" (this includes in the middle of any and all encryption, and on the route used to exchange keys)

Done here, I guess some people just DO NOT GET IT!
Phat Phantom's phreaking phone phettish

Doug Rose

Quote from: markosjal on April 02, 2023, 04:27:03 PMDone here, I guess some people just DO NOT GET IT!
Thank you sir, May I have another
Kidphone