🔒 Cybersecurity for lawyers

User Tools

Site Tools

Trace:
audio_and_video

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
audio_and_video [2019/08/06 18:00] – neilaudio_and_video [2021/07/06 09:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 ===== Secure audio and video services ===== ===== Secure audio and video services =====
 +
 +====Key points: ====
 +  * [[#Technical options|Technical options]]
 +    * [[#Signal|Signal]]
 +    * [[#WhatsApp|WhatsApp]]
 +    * [[#Jitsi|Jitsi]]
 +    * [[#Nextcloud|Nextcloud]]
   * [[#Behavioural issues|Behavioural issues]]   * [[#Behavioural issues|Behavioural issues]]
     * [[#Phone calls: do not trust the number on screen|Phone calls: do not trust the number on screen]]     * [[#Phone calls: do not trust the number on screen|Phone calls: do not trust the number on screen]]
     * [[#Be careful where you speak|Be careful where you speak]]     * [[#Be careful where you speak|Be careful where you speak]]
     * [[#Be aware of fake technical support calls|Beware of fake technical support calls]]     * [[#Be aware of fake technical support calls|Beware of fake technical support calls]]
 +  * [[#Safety and security for group calls|Safety and security for group calls]]
 +    * [[#Add a password|Add a password]]
 +    * [[#Create a unique ID for each meeting|Create a unique ID for each meeting]]
 +    * [[#Reserve moderator / admin functions for yourself|Reserve moderator / admin functions for yourself]]
 +    * [[#Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins|Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins]]  
  
-====Key points: ====+====Technical options ====
  
 +===Signal===
  
-====Encrypted voice ==== +Signal's mobile app offers end-to-end encrypted voice and video, without you needing to do anything.
-https://www.ncsc.gov.uk/searchtype/product?f%5B0%5D=field_product_certifications%253Afield_assurance%3A226&f%5B1%5D=field_product_type%3A210+
  
-====Signal====+It requires the other person to also have Signal.
  
 +You need a mobile phone number to set up Signal but, if you do not have a mobile phone, or do not want to give our your actual mobile phone number, you could [[https://www.aa.net.uk/voice-and-mobile/voip-information/|rent a mobile phone number]] and use that to set up Signal. You should keep renting that phone number for as long as you use Signal with it.
  
 +You can download it [[https://signal.org/download/|here]].
 +
 +=== WhatsApp ===
 +
 +If you don't mind giving data to Facebook, WhatsApp offers simple end-to-end encryption.
 +
 +Like Signal, it offers group messaging.
 +
 +As well as text-based messaging, you can share files, and make encrypted audio and video calls.
 +
 +You need a mobile phone number to set up WhatsApp but, if you do not have a mobile phone, or do not want to give our your actual mobile phone number, you could [[https://www.aa.net.uk/voice-and-mobile/voip-information/|rent a mobile phone number]] and use that to set up WhatsApp. You should keep renting that phone number for as long as you use WhatsApp with it.
 +
 +You can download it [[https://www.whatsapp.com|here]].
  
 ===Jitsi=== ===Jitsi===
  
-I find that disabling p2p mode increases performanceat the cost of extra load on your server.+Jitsi is an online encrypted audio and video conferencing platformsuitable for multiple simultaneous users. Unlike Signal or WhatsApp, which offers a telephony-like experience, Jitsi is more suited to scheduled meetings, where everyone dials-in to a conference bridge.
  
-FaceTime? Signal?+You can either use Jitsi's own hosted instance, [[https://meet.jit.si|meet.jit.si]], or you can [[https://jitsi.org/downloads/|download]] and run it on your own server. 
 + 
 +It can be used with Firefox and Chrome browsers without installing any additional software, and there are [[https://jitsi.org/downloads/|iOS and Android apps]] for use on mobile devices. 
 + 
 +Each meeting can have a unique URL, to prevent someone from trying to join (maliciously or by accident), and you can configure it to require someone to enter a password before "opening" the room. 
 + 
 +If you have a SIP phone system, you can integrate it with your Jitsi installation and enable phone dial-ins, to offer a completely self-hosted conferencing system. 
 + 
 +For conferences with more than two parties, it offers encryption between each person's browser and your server, meaning that someone spying on your, or their, Internet connection cannot listen in to your call. It is not end-to-end encrypted, and so interception on your server would be possible — because of this, you need to be confident of the security of your installation. 
 + 
 +I find I get better performance by disabling p2p mode: it places more of a load of the server, but the resulting experience is better. 
 + 
 +===Nextcloud === 
 + 
 +If you are using [[email_alternatives#Nextcloud|Nextcloud]] for file synchronisation or sharing (as an alternative to email), it also offers encrypted audio and video chat. 
 + 
 +I find the interface less pleasant to use that Jitsi, but you might find it works for you.
  
 ====Behavioural issues ==== ====Behavioural issues ====
Line 47: Line 89:
  
 If you think you have been scammed in this way, or are in the process of being scammed, get off the phone, disconnect your computer from the Internet quickly — pull out your Ethernet cable, or turn off the Wi-Fi adapter — and get your machine checked. If you think you have been scammed in this way, or are in the process of being scammed, get off the phone, disconnect your computer from the Internet quickly — pull out your Ethernet cable, or turn off the Wi-Fi adapter — and get your machine checked.
 +
 +====Safety and security for group calls ====
 +
 +===Add a password ===
 +
 +If the system you are using permits it, add a unique password to each call, and ask invitees to keep it private.
 +
 +===Create a unique ID for each meeting ===
 +
 +Some systems let you choose your own meeting ID. Do not use anything common, or containing identifying information. Instead, use a long meeting ID which is unlikely to be guessed or generated. Since most people are going to click on a link rather than try to type it in by hand, it is unlikely to matter how long or complicated it is.
 +
 +You could use a "UUID", which is a string like EF2B283C-3E5E-445C-8CC4-2BB363C00EA. You can either generate them on your computer (e.g. by running uuidgen if you use macOS) or else use a [[https://www.uuidgenerator.net|free online service]].
 +
 +Alternatively, you could use a sequence of random words (such as bodiment-semifloscule-hapteron-praesternal).
 +
 +===Reserve moderator / admin functions for yourself ===
 +
 +If you can, reserve moderator / admin functions — such as the ability to mute people, or kick people out of a call — to yourself.
 +
 +Not all services support this, so you might want to establish some ground rules at the beginning.
 +
 +===Keep an eye on the number of people in the meeting, and pause the meeting if an unexpected person joins ===
 +
 +You wouldn't carry on an offline meeting if someone unknown walked into the room, so don't do it online. If someone joins, and you don't know who they are, pause the meeting, and find out. If you are still not comfortable or satisfied, postpone the meeting.
audio_and_video.1565114432.txt.gz · Last modified: 2021/07/06 09:26 (external edit)