DataStoragePolicy
Version 43 (Adrian Georgescu, 09/28/2013 11:57 pm)
1 | 41 | Adrian Georgescu | h1. Usage patterns |
---|---|---|---|
2 | 40 | Adrian Georgescu | |
3 | 43 | Adrian Georgescu | You may use this service for reasonable purposes related to having a SIP device and calling your contacts. You may use any media type supported as long you do not abuse the service. The platform is fine-tuned to accommodate residential users traffic patterns. If your traffic has a different pattern, like having a high density of calls, using a PBX with many extensions, calling from multiple devices located in different locations at the same time, using automatic diallers, you may want to chose a different service that is more fine tuned for the purpose. |
4 | 41 | Adrian Georgescu | |
5 | 40 | Adrian Georgescu | h1. Data Privacy and Storage Policy |
6 | 1 | Adrian Georgescu | |
7 | 7 | Adrian Georgescu | SIP2SIP server infrastructure relays and stores information provided by end users. If you are concerned about privacy of your own data and how it is used inside the platform, read below. |
8 | 1 | Adrian Georgescu | |
9 | 29 | Adrian Georgescu | h2. General |
10 | 29 | Adrian Georgescu | |
11 | 39 | Adrian Georgescu | As any Internet server based infrastructure, you can forget your information staying private when using any server. Everything that goes through a server is subject to forces outside the control of the clients using it. So you may safely assume all data exchanged through the server is compromised by design. If you care about privacy of your data you should find clients that reveal as less data as possible, then encrypt all the data that is possible to encrypt and never share the private key used to encrypt data with anyone. Still, no matter what client technique you are using, it is impossible when using a server to completely hide when communication takes place, between which account takes place and the source IP addresses of the end-points. |
12 | 28 | Adrian Georgescu | |
13 | 1 | Adrian Georgescu | h2. SIP Accounts |
14 | 1 | Adrian Georgescu | |
15 | 20 | Adrian Georgescu | SIP accounts and related information are stored in the platform database. SIP account and SIP Settings web page passwords are stored in an encrypted form in the database. There is a salt involved but in case of the database being completely compromised the salt can be also retrieved. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks. |
16 | 1 | Adrian Georgescu | |
17 | 20 | Adrian Georgescu | h3. Account Deletion |
18 | 14 | Adrian Georgescu | |
19 | 22 | Adrian Georgescu | You may request deletion of your account. If no commercial services have been purchased we will delete the account from the server database. If anything has been purchased, we will not delete the data as we are forced by law to keep records of all monetary transactions for up to seven years after purchase. |
20 | 14 | Adrian Georgescu | |
21 | 9 | Adrian Georgescu | h2. SIP Signaling |
22 | 2 | Adrian Georgescu | |
23 | 16 | Adrian Georgescu | Signaling can be done in clear text using UDP and TCP protocols. You may use TLS for encrypting data between the end points and platform SIP servers. There is no guarantee that encryption will work end-to-end, the SIP signaling part of the platform provides only hop-by-hop signaling security, any intermediate hop may decide to switch from TLS to a non-encrypted transport like UDP. |
24 | 2 | Adrian Georgescu | |
25 | 9 | Adrian Georgescu | h3. Sessions |
26 | 1 | Adrian Georgescu | |
27 | 31 | Adrian Georgescu | All SIP signaling for session establishment (INVITE/BYE/CANCEL/PRACK/ACK SIP methods and their replies) relayed by the platform SIP servers are stored in cleartext for several days in the platform databases. Both end-users and platform operator have access to this information for troubleshooting purposes. |
28 | 1 | Adrian Georgescu | |
29 | 9 | Adrian Georgescu | h3. Registration |
30 | 9 | Adrian Georgescu | |
31 | 16 | Adrian Georgescu | No registration information (SIP REGISTER method) is stored in the platform. |
32 | 9 | Adrian Georgescu | |
33 | 16 | Adrian Georgescu | h3. Subscriptions |
34 | 1 | Adrian Georgescu | |
35 | 21 | Adrian Georgescu | No presence dialogs (SUBSCRIBE/NOTIFY methods) and related XML payloads are not stored in the server databases. Short logs about which device or subscriber changes its presence state are stored for up to thirty days for troubleshooting purposes. |
36 | 9 | Adrian Georgescu | |
37 | 1 | Adrian Georgescu | h2. Call Detail Records |
38 | 1 | Adrian Georgescu | |
39 | 32 | Adrian Georgescu | Call Details Records (CDRs) are stored for up to several months in clear text format in platform databases. CDRs contain metadata information about who called whom and what time and for how long. The IP addresses used for signaling and media are also stored in the CDRs. |
40 | 1 | Adrian Georgescu | |
41 | 23 | Adrian Georgescu | h2. Offline Messaging |
42 | 23 | Adrian Georgescu | |
43 | 23 | Adrian Georgescu | h3. Text Messages |
44 | 1 | Adrian Georgescu | |
45 | 13 | Adrian Georgescu | Messages sent using SIP MESSAGE method that cannot be delivered to local users of the platform are stored for later delivery in cleartext format in the platform database. |
46 | 16 | Adrian Georgescu | |
47 | 16 | Adrian Georgescu | h3. Voicemail |
48 | 16 | Adrian Georgescu | |
49 | 20 | Adrian Georgescu | Voicemail message are sent un-encrypted over email as attachments and stored un-encrypted on the server voicemail server (optional). Voicemail can be enabled/disabled for each SIP account. |
50 | 1 | Adrian Georgescu | |
51 | 9 | Adrian Georgescu | h2. RTP Media |
52 | 1 | Adrian Georgescu | |
53 | 13 | Adrian Georgescu | RTP streams are relayed by platform RTP media relays. Actual data is not stored anywhere. You may encrypt your data using sRTP but the encryption key is available in the SIP signaling. Whomever has access to the signaling plane (and the server always has access to it) will be able to decrypt any sRTP encrypted stream. If your end-points supports zRTP, is much safer than sRTP as the decryption key is known only by the end-points. |
54 | 2 | Adrian Georgescu | |
55 | 9 | Adrian Georgescu | h2. MSRP Media |
56 | 1 | Adrian Georgescu | |
57 | 9 | Adrian Georgescu | h3. Chat Messages |
58 | 9 | Adrian Georgescu | |
59 | 2 | Adrian Georgescu | MSRP chat sessions are done over TLS connections via the platform MSRP relay servers. The content of the messages is not logged or stored anywhere. |
60 | 2 | Adrian Georgescu | |
61 | 2 | Adrian Georgescu | Blink users can replicate the chat messages between multiple instances configured with the same account. The replicated chat messages are stored for 60 days in encrypted form in platform databases. The encryption key is not known by the server, only Blink clients posses the encryption and decryption key. If you are concerned about privacy you may disable chat replication in Blink. |
62 | 2 | Adrian Georgescu | |
63 | 9 | Adrian Georgescu | h3. File Transfers |
64 | 2 | Adrian Georgescu | |
65 | 2 | Adrian Georgescu | MSRP file transfer sessions are done over TLS connections via the platform MSRP relay servers. The content of the files is not logged or stored anywhere. |
66 | 2 | Adrian Georgescu | |
67 | 6 | Adrian Georgescu | h2. XMPP Gateway |
68 | 1 | Adrian Georgescu | |
69 | 25 | Adrian Georgescu | All chat messages and presence payloads are relayed through the SIP/XMPP gateway. Message content is not stored anywhere. |
70 | 6 | Adrian Georgescu | |
71 | 24 | Adrian Georgescu | h2. Protecting Data and Privacy |
72 | 1 | Adrian Georgescu | |
73 | 36 | Adrian Georgescu | To minimise the chance of your SIP sessions and media being exposed do the following: |
74 | 1 | Adrian Georgescu | |
75 | 37 | Adrian Georgescu | * Use SIP addresses that do not reveal your real name |
76 | 36 | Adrian Georgescu | * Use ICE NAT traversal in both end-points, this way RTP streams can flow most of the time peer to peer without passing through the server media relays that can be tapped |
77 | 36 | Adrian Georgescu | * Use zRTP encryption, this way you will know about men in the middle attacks trying to intercept and decrypt your data |
78 | 36 | Adrian Georgescu | * Don't use SIP MESSAGE method for chat messages as all message go through the signalling, which is always compromised by design when a server is in the middle |
79 | 36 | Adrian Georgescu | * Use end-to-end encryption mechanisms like OTR when using MSRP chat |
80 | 36 | Adrian Georgescu | * Use anonymization services to protect/spoof the real IP source of the client. This howvere just adds one level more of obfuscation, somewhere in the anonymization network the real IP used can be traced |
81 | 1 | Adrian Georgescu | |
82 | 36 | Adrian Georgescu | h3. Illegal Intercept |
83 | 36 | Adrian Georgescu | |
84 | 27 | Adrian Georgescu | To protect your data against being exposed over the Internet (like IP tapping), do the following: |
85 | 1 | Adrian Georgescu | |
86 | 36 | Adrian Georgescu | * Use TLS for SIP signaling (this will encrypt signaling between client and server) |
87 | 35 | Adrian Georgescu | * Use zRTP for audio and video media if your end-points support it otherwise use sRTP |
88 | 1 | Adrian Georgescu | * Use TLS for MSRP media |
89 | 36 | Adrian Georgescu | * Use OTR for Chat media |
90 | 35 | Adrian Georgescu | |
91 | 1 | Adrian Georgescu | These would protect your data against those who try to illegally sniff your network traffic (like breaking into your LAN WiFi) but have no access to the client or server software. These measures will not protect your data privacy against legal intercept measures if enforced and applied to the server infrastructure that relays the messages (you will likely not know if and when this happens). |
92 | 35 | Adrian Georgescu | |
93 | 35 | Adrian Georgescu | h3. Legal Intercept |
94 | 35 | Adrian Georgescu | |
95 | 38 | Adrian Georgescu | In case any entitled government agency requires access to the meta-data stored by SIP2SIP infrastructure, all SIP account data stored on the server can be considered compromised. Use client side encryption and anonymisation tools to mitigate this risk. SIP2SIP service operates within the European Union and obeys to the rules forced by EW law. |
96 | 25 | Adrian Georgescu | |
97 | 25 | Adrian Georgescu | h3. Feeback |
98 | 25 | Adrian Georgescu | |
99 | 25 | Adrian Georgescu | If you want to provide feedback please go to |
100 | 25 | Adrian Georgescu | |
101 | 25 | Adrian Georgescu | http://wiki.sip2sip.info/news/61 |