What's the procedure to cancel the service, just call the main number and say i want to cancel?
I'm not terribly impressed with customercare@vonage.com. I had some valid security concerns that I brought up with them, and yet... All I get is an automated response... I find it highly disturbing that phone personnel state that vonage is just as secure if not more so than a standard POTS line. Sure, telephones can be tapped, but there are procedures to go about doing it when the tap is done within the POTS cloud. with Vonage, any person that knows what a sniffer is, can fire up ethereal, or other capture utilities and rebuild the voice conversations, or snoop and see what phone numbers you are calling. I've brought this up in the forum, and contacted vonage support... the only response I got was from the forum admin, who is by far the most responsive and knowledgable individual i've run into with Vonage.
If you click on my name, and view the post count and content, you'll see at first I was really gung-ho about this; very excited to work with this technology... then it all tapered off... Sure it's more expensive to have broadband AND telephone service, but at least you don't have to worry about your ISP sniffing your phone conversations, or keeping tabs on you. Yes, I'm paranoid; I do this for a living, and know what happens when sniffers and intrusion detection systems are in place... Privacy is invaded.
I thought Vonage would be able to save me money, and offer a similar level of security as a hard-wired phone. It turns out it can save you money, but at the cost of your privacy. These concerns can only be addressed either by setting up a lightly encrypted tunnel that the voice and SIP information can travel, OR switch the entire system over to SRTP instead of RTP.
Last edited by GardRailz on Thu Feb 17, 2005 5:01 pm; edited 2 times in total
Anyone taking the time and energy to rebuild and listen to my conversations is going to be sadly disappointed.
That's where you're mistaken, if vonage is your only service, or you mistakenly communicate credit card or other privacy-act information via it's service. Yes, there's a lot of data that is sent, but depending on the amount of conversation that happens, one minute of conversation is ~ 1MB of raw captured data. With hard-disk storage technology and compression, hundreds of minutes of conversation can be captured and reviewed at a later date.
Better yet, it could be triggered based on the phone call... if you call your bank, someone could kick off an automated capture and gather information about your banking habits, or what not.
What if you call a company to order PC parts, or other equipment via the phone. You have to provide a method of payment which typically includes a credit card number, expiration date, and potentially the code on the back of the credit card (the security number).
With all that information, and the ability to actually play back your voice providing that information, who is to stop individuals from making fraudulent purchases with your financial data?
Why do you think banks require https encryption for that data, should not voice communications go through the same process? I do this for a living, I know what I'm talking about. I'm not taking this personally, I'm just trying to make sure people are aware of the dangers associated with unencrypted data communications.
Heck I can demonstrate how easy it is to capture conversations, or decode AIM messages, or even to show you how easy it is to decode your webpages you surf and display them via a simple perl script, and tcpdump (or other libpcap compatable capture program).
This is a serious matter that vonage needs to consider if they want to continue to grow, and compete with traditional telephone service.
Like I said. While this may be a concern for you, anyone that expends the time and energy to listen to my phone conversations is going to be sadly disappointed.
Do any VoIP companies encrypt their service? Is it possible? How would that affect QoS?
Maybe Maxwell Smart could loan you "The Cone Of Silence"
Seriously, if security is very important to you mabe POTS is better for you.
As VOIP is still fairly new, I'm sure that in the future encrypted lines will be avaiable. ( For more $)
Maybe Maxwell Smart could loan you "The Cone Of Silence"
Seriously, if security is very important to you mabe POTS is better for you.
As VOIP is still fairly new, I'm sure that in the future encrypted lines will be avaiable. ( For more $)
True, and I'd be willing to pay more money. The thing that really pisses me off is an operator told me it was secure.
Edit:---
Oh, and by the way, when you access your banks website, do you want to do it over http, or https? They can charge an additional fee for that ssl certificate you know
Last edited by GardRailz on Thu Feb 17, 2005 2:21 pm; edited 1 time in total
vonagebest Vonage Forum Senior
Joined: Jan 23, 2005 Posts: 86
Location: Edison, New Jersey
Like I said. While this may be a concern for you, anyone that expends the time and energy to listen to my phone conversations is going to be sadly disappointed.
Do any VoIP companies encrypt their service? Is it possible? How would that affect QoS?
I'm busily surrounding my house with lead and searching for hidden microphones. Maybe if I build a helmet of tin-foil, I can keep the aliens from reading my thoughts.
I agree with you, Martlet, most of us just don't care. I order anything I want using SSL on my PC. Never give my account numbers over the phone anyway.
I guess I'm just not paranoid enough to suit everyone. I personally feel there is a much smaller chance of someone listening in on VOIP than nosey phone people or government representatives tapping the wires of POTS. The imperial Federal Gov't will listen to whatever they want, if they want to, so why give a care. If someone is paranoid enough that their VOIP call will be listend to, stay with POTS or stick to in-person communication.
As far as I know it is secure...You have SIP which initiates the call and then RTP stream carries the call and is supposed to be encrypted.
You might be able to get the data, but piecing it back together might take a long time. The social security issue might get resolved first.
If you'd like, i can provide a step by step demonstration of how easy it is utilizing free tools on the web... RTP is not encrypted, SRTP is the secure protocol.
after issuing that command, I dialed the number, and listened on the line for ~ 6 seconds. I then killed the capture, and downloaded it to my local XP laptop.
After installing the latest version of ethereal, obtained from http://www.ethereal.com (http://www.ethereal.com/distribution/win32/ethereal-setup-0.10.9.exe) I opened the capture file by double clicking it....
After opening the file, the SIP protocol could be clearly seen, within the SIP protocol there's a handshake process, where the local device 'invites' the remote peer. This invitation looks like this:
Code:
No. Time Source Destination Protocol Info
8 3.728364 172.31.31.251 216.115.25.57 SIP/SDP Request: INVITE sip:13017979797@atlas4.atlas.vonage.net:5061, with session description
Both phone numbers can be clearly seen and is unencrypted. (this re-enforces my previous statement about individuals being able to capture based on phone numbers dialed) I could paste the actual text data contained in the RTP packets, but that would be useless considering it's audio data. This is how one would decode the data if one were to 'obtain a capture'.
1.) open up the capture file
2.) select the first RTP packet listed in the upper window (the window where a summary of the packets are listed) then click statistics in the menu bar, then select 'RTP' which is the fourth entry from the bottom. That menu will then expand into two additional options "Show All Streams, and Stream Analysis". Select stream analysis.
3.) Another window will pop up, with the name "Ethereal: RTP Stream Analysis", don't worry about the data contained in the window. Just look at the buttons down at the bottom of that window. Select the "Save Payload..." button, and specify a file name like "c:\file.au".
At this point, just double click the file (which is at the top of your C drive) and listen.
Congratulations, you just accessed unencrypted data, and have the ability to listen to any conversation you capture.
Here's a thread of an individual asking how to do what I just described: vonage-forum.com/ftopic2705-0-asc-20.html" target="_blank">http://www.vonage-forum.com/ftopic2705-0-asc-20.html
and here's a url on ethereal's website which describes what to do with the capture once you obtain it:
http://wiki.ethereal.com/RTP
If you'd like, i can provide a step by step demonstration of how easy it is utilizing free tools on the web... RTP is not encrypted, SRTP is the secure protocol.
If you'd like, I can take you to the cross-box and show you how to put your butt-set on a pair of wires and listen. We know its un-encrypted. We know our POTS voice lines are unprotected. For every technology, there is some way to break it. Encrypted or not.
This is pointless to argue. Vonage CS personnel are not network engineers and I don't expect them to know about all this. You clearly do so why berate them about it?
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
All times are GMT - 5 Hours
Vonage Service Plans
Vonage VoIP Members
Members New vipseober New Today 3 Yesterday 6 Total 56038 Who Is On Site Visitors 233 Members 1 Total 234
High-speed Internet required. Unlimited calling subject to normal residential use. Excludes certain call types such as calls to cell phones depending on the destination. Vonage 911 service operates differently than traditional 911. See www.vonage.com/911 for details. Alarms, TTY and other systems may not be compatible.
Thinking of signing up for Vonage but have questions? Business and Residential customers can call Toll Free 24 hours a day at: 1-888-692-8074 No Vonage Promotional Codes or Coupon Codes are required at www.vonage.com.
The Vonage Forum provides the Vonage Free
Month sign up Best Offer Promotion Deal as a means to offset
our cost. If you are considering signing up for Vonage and have found our Vonage
News, Customer Reviews, Forums & all other parts of this site useful, please
use our Vonage Free Month sign up offer Deal Coupon.
Vonage VoIP Phone Service is redefining communications by offering consumers & small business VoIP Internet phones, an affordable alternative to traditional phone service.
The Vonage VoIP Forum Generated This Page In: 0.54 Seconds and 136 Pages In The Last 60 Seconds The Vonage VoIP Forum
I'm busily surrounding my house with lead and searching for hidden microphones. Maybe if I build a helmet of tin-foil, I can keep the aliens from reading my thoughts. 
Members
New 
New Today 3
Yesterday 6
Total 56038
Who Is On Site
Visitors 233
Members 1
Total 234
-0.02