How Anonymous is VoIP?
Pop quiz: Which kind of call is easier for a called party to trace, a traditional phone call (phone to phone), or a VoIP call (Skype client to Skype client)?
The answer might surprise you...in some cases, the Skype call might be easier to trace. You can usually find the IP address of the sender of the Skype signaling and voice packets and at least trace the caller to the city of origin, and often even closer.
Contrast that with an anonymous PSTN caller using caller ID blocking and calling you up on your regular phone. The receiver of the anonymous call cannot trace the call on their own...if the call was a malicious call, they can only dial *57 and ask their service provider to trace the call for them, and even then it is only law enforcement authorities that are given the information. My bet is that 99% of the population doesn't know the star code for tracing calls in the first place, so in reality, tracing of anonymous calls is impractical for most people. And there is no "hack" you can do on your POTS phone to intercept some signaling that will reveal the identity of the caller, because nothing about the calling party is sent down the line to your phone.
So, in many cases, the good old PSTN does a better job of preserving the anonymity of calling parties than VoIP. And the issue isn't just limited to Skype.
Some VoIP providers will actually go to great lengths to mimic the "anonymous calling" capabilities of the PSTN, and will block the caller ID from being delivered to the calling party when requested. For example, the CableLabs PacketCable Application Spec for Residential SIP Telephony goes into great detail about how to block a caller ID, in Chapter 7.2. However, after the call is set up, the two VoIP clients do end up sending RTP packets directly to each other's IP addresses, so if the receiver of the call wanted to hack their VoIP Phone or trace their local ethernet, they could discover the IP address of the caller. Once you know the IP address, you can find out lots of interesting bits of information, like what city the caller was likely in, and what service provider they used. So, while the caller's identity remains anonymous, an enterprising called party has a lot more clues about the caller than a similar PSTN called party would have.
Of course, there is one way to truly preserve a caller's identity, and that is to use a Session Border Controller or a Conference Bridge up in a service provider network to do "selective topology hiding," only for calls that require complete anonymity. Most service providers I've talked with aren't contemplating going to these kinds of superhuman lengths to finish the job of providing anonymous calling features for their subscribers.
In fact, most subscribers don't care about remaining anonymous, so this VoIP limitation won't bother them a bit. But if you are really, really private, and want to make sure you remain anonymous, then you might want to stick with POTS. If you really, really want to use VoIP and want to remain anonymous, then you might want to check out an anonymizer service, like www.findnot.com. These services charge you a monthly fee to use VPN technology to hide your real IP address.
Steve, what you are saying is true as it regards eavesdropping...it is easier to easedrop on POTS than on VoIP. However, this post is not about eavesdropping...it is about Caller ID blocking and hiding the identity (or at least clues to the identity) of the caller from the called party. It turns out this is easier to do in the PSTN than in VoIP.
Posted by: Ike Elliott | December 06, 2007 at 06:46 AM
Ike, these are good points from the standpoint of the receiver. On the other hand, I know many people who don't have a clue how "insecure" a POTS phone call is. Anyone with two alligator clips can listen into a POTS call if they have access to the line or the phone closet.
Secondly, most folks don't realize that all of their cell phone calls are less secure than VoIP. In an age of ubiquitous cell phones (which are just radio transmitters/receivers) it really seems like VoIP security isn't most people's biggest security issue.
I know VoIP has gotten a bad rep, but I don't think it is inherently any less secure than POTS and it is more secure than wireless.
Posted by: Steve Branch | December 06, 2007 at 06:13 AM
Ike, these are good points from the standpoint of the receiver. On the other hand, I know many people who don't have a clue how "insecure" a POTS phone call is. Anyone with two alligator clips can listen into a POTS call if they have access to the line or the phone closet.
Secondly, most folks don't realize that all of their cell phone calls are less secure than VoIP. In an age of ubiquitous cell phones (which are just radio transmitters/receivers) it really seems like VoIP security isn't most people's biggest security issue.
I know VoIP has gotten a bad rep, but I don't think it is inherently any less secure than POTS and it is more secure than wireless.
Posted by: Steve Branch | December 06, 2007 at 06:12 AM