Differences

This shows you the differences between two versions of the page.

--- audio_and_video [2019/08/04 15:25] – neil
+++ audio_and_video [2021/07/06 09:26] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-===== Secure audio and video services ====
+===== Secure audio and video services =====
-==== Be careful where you speak ====
+====Key points: ====
-You can have the most secure, highly encrypted, voice communications system available, but it is of little use if you are going to have a conversation loudly or in a public place.
+  * [[#Technical options|Technical options]]
+    * [[#Signal|Signal]]
+    * [[#WhatsApp|WhatsApp]]
+    * [[#Jitsi|Jitsi]]
+    * [[#Nextcloud|Nextcloud]]
+  * [[#Behavioural issues|Behavioural issues]]
+    * [[#Phone calls: do not trust the number on screen|Phone calls: do not trust the number on screen]]
+    * [[#Be careful where you speak|Be careful where you speak]]
+    * [[#Be aware of fake technical support calls|Beware of fake technical support calls]]
+  * [[#Safety and security for group calls|Safety and security for group calls]]
+    * [[#Add a password|Add a password]]
+    * [[#Create a unique ID for each meeting|Create a unique ID for each meeting]]
+    * [[#Reserve moderator / admin functions for yourself|Reserve moderator / admin functions for yourself]]
+    * [[#Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins|Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins]]
-====Encrypted voice ====
+====Technical options ====
-https://www.ncsc.gov.uk/searchtype/product?f%5B0%5D=field_product_certifications%253Afield_assurance%3A226&f%5B1%5D=field_product_type%3A210
-====Signal====
+===Signal===
-====Phone calls: do not trust the number on screen ====
+Signal's mobile app offers end-to-end encrypted voice and video, without you needing to do anything.
+It requires the other person to also have Signal.
+You need a mobile phone number to set up Signal but, if you do not have a mobile phone, or do not want to give our your actual mobile phone number, you could [[https://www.aa.net.uk/voice-and-mobile/voip-information/|rent a mobile phone number]] and use that to set up Signal. You should keep renting that phone number for as long as you use Signal with it.
+You can download it [[https://signal.org/download/|here]].
+=== WhatsApp ===
+If you don't mind giving data to Facebook, WhatsApp offers simple end-to-end encryption.
+Like Signal, it offers group messaging.
+As well as text-based messaging, you can share files, and make encrypted audio and video calls.
+You need a mobile phone number to set up WhatsApp but, if you do not have a mobile phone, or do not want to give our your actual mobile phone number, you could [[https://www.aa.net.uk/voice-and-mobile/voip-information/|rent a mobile phone number]] and use that to set up WhatsApp. You should keep renting that phone number for as long as you use WhatsApp with it.
+You can download it [[https://www.whatsapp.com|here]].
+===Jitsi===
+Jitsi is an online encrypted audio and video conferencing platform, suitable for multiple simultaneous users. Unlike Signal or WhatsApp, which offers a telephony-like experience, Jitsi is more suited to scheduled meetings, where everyone dials-in to a conference bridge.
+You can either use Jitsi's own hosted instance, [[https://meet.jit.si|meet.jit.si]], or you can [[https://jitsi.org/downloads/|download]] and run it on your own server.
+It can be used with Firefox and Chrome browsers without installing any additional software, and there are [[https://jitsi.org/downloads/|iOS and Android apps]] for use on mobile devices.
+Each meeting can have a unique URL, to prevent someone from trying to join (maliciously or by accident), and you can configure it to require someone to enter a password before "opening" the room.
+If you have a SIP phone system, you can integrate it with your Jitsi installation and enable phone dial-ins, to offer a completely self-hosted conferencing system.
+For conferences with more than two parties, it offers encryption between each person's browser and your server, meaning that someone spying on your, or their, Internet connection cannot listen in to your call. It is not end-to-end encrypted, and so interception on your server would be possible — because of this, you need to be confident of the security of your installation.
+I find I get better performance by disabling p2p mode: it places more of a load of the server, but the resulting experience is better.
+===Nextcloud ===
+If you are using [[email_alternatives#Nextcloud|Nextcloud]] for file synchronisation or sharing (as an alternative to email), it also offers encrypted audio and video chat.
+I find the interface less pleasant to use that Jitsi, but you might find it works for you.
+====Behavioural issues ====
+Not all cybersecurity advice is technical. There are some behavioural tips and tricks which can help keep you, and your firm, more secure.
+===Phone calls: do not trust the number on screen ===
 When you receive a phone call, you'll often be shown the number of the person calling you. If that matches a number in your address book, you'll probably be shown the name of the person in your address book, rather than the number.
@@ Line 17: / Line 75: @@
 There's nothing you can do about this at the moment (although some work is under way to try to improve the current insecurities), other than to be mindful that a call from your boss, or your client, or your finance team, may not actually be from them.
-==== Beware of fake technical support====
-Someone calls up from technical support, claiming that there is a problem on your computer.
-If it is apparently your own IT support team, you might want to go over and see them, and check. I’d hope that they’d welcome your security-aware stance, rather than seeing you as a nuisance.
+=== Be careful where you speak ===
+It should go without being said, but here we go: you can have the most secure, highly encrypted, voice communications system available, but it is of little use if you are going to have a conversation loudly or in a public place.
+Trains, coffee shops, the Law Society's Reading Room... no matter how good your cryptography is, if you can be overheard, you're vulnerable.
+=== Be aware of fake technical support calls===
+A reasonably common scam is someone calling up, pretending to be from a technical support team, claiming that there is a problem on your computer. They want to get access to your computer, and then either install malware, or else find a (non-existent) problem and try to bill you to fix it.
+Don't get into a discussion with them, or try to lead them on or waste their time. Just put the phone down.
+If it's actually, genuinely your IT support team, they'll appreciate your security-aware stance.
+If you think you have been scammed in this way, or are in the process of being scammed, get off the phone, disconnect your computer from the Internet quickly — pull out your Ethernet cable, or turn off the Wi-Fi adapter — and get your machine checked.
+====Safety and security for group calls ====
+===Add a password ===
+If the system you are using permits it, add a unique password to each call, and ask invitees to keep it private.
+===Create a unique ID for each meeting ===
+Some systems let you choose your own meeting ID. Do not use anything common, or containing identifying information. Instead, use a long meeting ID which is unlikely to be guessed or generated. Since most people are going to click on a link rather than try to type it in by hand, it is unlikely to matter how long or complicated it is.
+You could use a "UUID", which is a string like EF2B283C-3E5E-445C-8CC4-2BB363C00EA. You can either generate them on your computer (e.g. by running uuidgen if you use macOS) or else use a [[https://www.uuidgenerator.net|free online service]].
-Some people like to play these callers along, pretending to do things, to tie them up, to stop them calling others, or else proudly say “I’m sorry, I don’t run Windows, I run [and whatever they might be running on their computer”].
+Alternatively, you could use a sequence of random words (such as bodiment-semifloscule-hapteron-praesternal).
-My feeling is that it is better to simply put the phone down: certainly don’t give them more information about your system, which they might use, or give others to use, against you in the future.
+===Reserve moderator / admin functions for yourself ===
-And if you think you have been scammed in this way, or in the process of being scammed,  get off the phone, disconnect your computer from the Internet quickly — pull out the cable, or turn off the Wi-Fi adapter — and get your machine checked.
+If you can, reserve moderator / admin functions — such as the ability to mute people, or kick people out of a call — to yourself.
-==== Secure video ====
+Not all services support this, so you might want to establish some ground rules at the beginning.
-Jitsi: I find that disabling p2p mode increases performance, at the cost of extra load on your server.
+===Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins ===
-FaceTime? Signal?
+You wouldn't carry on an offline meeting if someone unknown walked into the room, so don't do it online. If someone joins, and you don't know who they are, pause the meeting, and find out. If you are still not comfortable or satisfied, postpone the meeting.