The fundamental right to privacy, guaranteed by the Fifth and Fourteenth Amendments to the U. S. Constitution, protects against unwarranted invasions of privacy by federal or state entities, or arms thereof.

I came upon ineresting article on russian habr.ru and desided to translate abit.

Torfone came as a result of seven years research of voice over Tor. Common position is - that it's nearly impossible to do that, because

1) Voip works over UDP and Tor using TCP

2) Tor transport traffic through many hops and this produces big latency.

Since 2012 - many people including Fil Zimmerman ( author of PGPFone ) criticized the project and didn't believe in it's future. But with some technological progress in network speed and contemporary tools some of the greatest problems were minimized.

Nowdays Torfone consists of 4 main parts, which communicate with each other via 36 b packets. They are - transport module, that works with sockets, cryptographic and sound module, storage module , and UI module.

Source code was written in C  and absolutely crossplatform ( exept embed sound parts , that differ for each platform ).  Noise reduction is based on NPP7 algorithm , that is used in military standart STANAG-4591.

Main functionality was designed to face common problems of messenger in our days and threats that they are facing.

Modes of work:

1 Anonymous voice calls on Tor service ( via onion link ) Those calls sare maximally protected , but delay is also the biggest.

2 Switching to direct UDP connection  ( passing NAT ) after connecting through Tor. Session private keys inside Tor insure privacy, but IP adress is visible to members of conversation.

3 Direct calls via IP-addr ( or dns name) and TCP port. For reciving such calls you have to obtain "white " ip adress  or forwarding of TCP port on router. Direct calls can be handled in private network ( private Wifi, LAN ) For such scenario we don't need internet connection. The Torfone doesn't use server which is a potential threat for downtime , atacks and collecting metadata.

Nowdays many people ask themself if TOR is so secure and private? Famous  messenger TorChat didn't use additional security layers , believing that tor itself is secure enough. But some vulnerabilities that were discovered - like SPECTRE and MELTDOWN and many 0day exploits are in fact can be used as a main wearpons for special forces and goverments. So Torfone recieved additional layer of authentification and encryption for more security =)

Main concept is to make anonymous calls with unknown users and then sharing keys to be able to communicate again. Special attention was focused towards protecting user IDs. So, calling user knows who is he calling and have to tell him his ID ( but only that 1 user , no one else!) Even if the connection is intersepted by third person and later all private keys were uncovered, there is no way to obtain IDs of participants in every probe or in intersepted session in the past.

So to conclude here are main features of this App:

1. TORFone is an open source project, therefore it indicates no "backdoors" and allows quick fixing of potential vulnerabilities.

2. TORFone is fully portable (it can be run from a flash carrier or virtual TrueCrypt-disk and leaves no residue in the system) and works with all versions of Win32 from Windows 98, has very low system requirements (above PI 233 MHz 32M RAM). It saves bandwidth (required from only 2 kbit/s each side using low-bitrates codecs).

3. TORFone is decentralized, i.e. it does not use an external server and does not require pre-registration number.

4. TORFone provides full confidentiality (by using DH-4096 to match the session key, AES-256-OCB to encrypt the voice traffic and PKDF2+HMAC for autentification). The attacker who mirrors the traffic is unable to listen to the conversation and is not able to decode it later even if he gains access to the computers of participants.

5. Caller and callee are completely anonymous to each other and to outside observers (a call is made on Tor hidden service user).

6. Calls using TORFone are hidden to the outside observer because the TORFone can use the Tor network as a transport layer. Since Tor can simulate usual HTTPS-connections using Tor bridges, the same level of indistinguishability may be provied also for TORFone traffic. If TORFone is used without anonymity by making direct connection thorugh Internet, it still may be resistant against some type of DPI because TORFone uses its own protocol (not RTP/ZRTP), which can work over both TCP and UDP connection.

I think now that TORFone is one of the most anonymous and confidential tools for the Internet telephony. The payment for anonymity is voice latency up to 2-4 seconds (because traffic goes through a chain of few nodes located around the world). If anonymity is not required TORFone can work as a direct connection "point to point" using IP-adress / domain name which fully keeps the privacy. Can be used a direct TCP or UDP connection. Furthermore, first Tor may be used as SIP-server to connect to the hidden service of subscriber, and then for NAT traversal and installation secure UDP direct connection. TORFone also provides subscriber voice authentication to avoid attack "man in the middle" and authenticated using a preset phrases with the silent notification under pressure. Also TORFne can be used to exc3ange by personal data (such as files or short text7messaging) safely.

Torfone provides its own level of obfuscation, encryption and authentication using modern cryptography. Our protocol is not standard so you can ignore its presence fully trusting Tor. Nevertheless it provides reliable protection on primary direct connecting mode using the IP address and port as the destination of subscriber:

  • Connecting is performed in two physical TCP sessions with random time interval (for some DPI protecting).
  • Exchange Elligator2 key representations with random padding during first session (against censorship).
  • Authenticate encrypting and random padding for all transcripts in second session with key derived in first session (for some DPI protecting)
  • Proof of job required in second session (for protecting against scanners).
  • Encrypting and decrypting symmetric keys derives with only DH and not depends from authentication (allowed unauthenticated sessions).
  • DH secret is unpredictable due commitment (allowed comparing short secret’s fingerprints: SAS)
  • Zero knowledge mutual authentication by application public keys (Triple DH extended with SPEKE secret for zero knowledge property)
  • KCI resistance (for leak of long term public keys)
  • Deniability for using private key (in the case of other party communicate with Judge after session)
  • Forward deniability (in the case of other party communicate with Judge before session to known participant)
  • Protecting of originator’s ID against passive and active attacks (interrupted probes and interceptions) with PFS.
  • Automatic receiving any keys send by other party saved with generated names (for deniability of having the key).
  • Zero knowledge comparing of pre-shared secrets during unauthenticated session (like SMP in OTR but uses SPEKE) Authentication of caller’s onion address based on Hidden Service security (as in TorChat)

Alpha version for Android is now available for testing allowing to estimate the latency of calls in the Tor network:http://torfone.org/download/Torfone.apk

Project is still in development but, if you want to find out more about this project

visit it's git page - https://github.com/gegel/torfone

Project page  http://torfone.org/index.html

see android howto - http://torfone.org/download/Torfone_Android_howto.pdf