Secure Global Open Source Calling and Message Tools

Posted on by David Wallace

Risk versus reward? Open source versus packaged? Security or flexibility? All of these decisions matter deeply when considering personal safety for international travelers. Because today's cell phones send a signal beacon that identifies your location, network, and movement, companies are turning to more secure open source applications to protect phone conversations and hide the email trail in places from police, other official organizations, or phone companies.

Any risk assessment has to examine the real likelihood of a catastrophe and how to reduce the chances of that worst case scenario. In the case of data loss, can you save copies or store secured copies in real time? If someone overhears or intercepts a conversation or message exchange, what could go wrong? Then explore whether open source tools, or other options, are the best defense. Some of these applications were on display at RSA Conference in San Francisco this year.

Often, choosing which tool depends on the location. For instance, Thailand's mobile carriers have encrypted WiFi, but 3G networks are not encrypted—so knowing the networks or systems can be an advantage.

Another edge is in understanding that the risks are shared—it's not all about you. People you call or correspond with overseas may also be targets for crime, political, or economic threat. Knowing the potential impact of your actions on others is a critical part of global business or even the most innocent-seeming leisure travel. That's another reason open source options are growing, as journalists, businesspeople, nonprofit agencies, and other users go global.

Connecting to a network anywhere is like leaving footprints. Just ask the Harvard University student who used the school's network to submit an emailed bomb threat during 2013 finals week. Although he used an online anonymizing site to disguise the email itself, his network connection from an on-campus site quickly sent police all the clues they needed.

Security Options

Whatsapp is a cross-platform anonymous messaging program serving most major phone makers, including iPhone, BlackBerry, Android, Windows Phone, and Nokia. It can send text, video, images, audio, or other small files. Free calls, text messages, and photo sharing is the promise at Viber, which also includes a desktop client. is another devoted to short burst messages.

Even more security comes from knowing that your correspondents are just as safe as you. That's the idea behind, a secure online voice encryption that offers a membership model where people can securely call other members—like a super-secure version of Skype.

One security tip is to use a new device that has no browser or other history in its memory. That can be tricky now that people are identified by their mobile numbers or existing email addresses. So that led to virtual phone numbers that use VoIP to forward calls worldwide. Encrypted email using Eudora or Hushmail can be another basic tool.

The Guardian Project, based in Brooklyn, NY, helps create apps and secure video or data content. The group's director Nathan Freitas says anyone now can act much like activists or freelance journalists, documenting their movements and activities, and should be careful about collecting, transferring, and storing photos, video, messages, and calls.

People have been identified from the background of group Twitter or Instagram photos, he adds, making privacy and security more challenging. So just creating a fresh ID or using a brand-new phone or tablet might not be enough.

Stepping up and choosing a browser that doesn't store cookies in memory or keep contacts in a second, secure off-network device can be ways of staying safer. The convenience of having a camera, phone, contact manager, email device, and web browser all-in-one needs to be balanced with the threat of loss, theft, or running afoul of local law. For example, government duties in Egypt are high on electronics and cameras. Tourists may be asked to register even personal devices on arrival in the country. It's always better to know before you go and to keep your security in mind when traveling internationally.


unmanaged devices mobile security

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs