• The Paladins

VOIP without numbers

This is the fourth in a series of articles about secure messaging using different mobile phone Applications. The first was about WhatsApp. The second was about Telegram. The third was about Signal. Once you have read them all, you will realise that articles like the following (from a reputable source, in summer 2022) are complete rot.

Equally, there is no aeven-point scale (or any other sort of scale) for measuring the relative reliability and security of different mobile telephone messaging applications. Each one has to be assessed in a specific context, in light of the risk factors the communicating parties assess as appropriate to themselves.

All the most secure messaging Applications involve the creation of an account that is not linked to a telephone number. This is for the obvious reason that governments and others use telephone numbers to trace people; therefore if you use an Application not linked to a mobile number you will make it all the more difficult for governments to find your account, still less listen in on your conversations.

You may not be aware that communications surveillance technology (Signals, as it is known in the industry) is at the point where different telephones with different SIM cards can all be associated with one another and with the same user, because governments keep records of the triangulation histories of mobile phones with mobile telephone masts using mobile telephones' SIM cards; and by tracing patterns of the variation in triangulation they can link both phone numbers and telephone numbers that are apparently diverse and even not from the same country to a single user. One of the phones will be hacked, and thrn the government authority will be able not just to associate diverse telephones with one-another but also with a single person.

This means that there is no point, if you are interested in security, in having more than one 'phone or more than one number or SIM card. By the simple running of a computer algorithm, the government surveillance authority can connect them all together and connect them with you. You'd might as well save yourself the bother. Even if you dispose of your phone and SIM card every month and replace them both, you will still be tracked. Indeed this will make it more likely, because the computer algorithms are designed to latch onto unusual behaviour.

It is a safe assumption that governments can break into any mobile phone messaging system if (a) they decide to devote resources into your case (i.e. they think you are a very bad person or you are an intelligence asset of peculiar sensitivity); and (b) they can find your phone and messaging account. The advantage of using a messaging account not attached to a specific mobile phone number is that it takes a government determined to root out your communications longer to find which account is associated with you. Where an account is associated with a mobile telephone number, it really is rather easy to find your messaging account; you just go through the address books of each Application to find accounts associated with the collared collection of mobile phone numbers / SIM cards associated with you. Then you. Use Pegasus or similar software to download a comprehensive spying took onto the mobile phone in question. Then you find the account and rwd the messages in real time. Or you just use one of the Application manufacturer provided backdoors.

Note that the imagined :trick of installing a messaging App on a phone with a SIM card in it but then removing the SIM card is entirely useless. The authorities can still find the account associated with the number, and the mobile phone in which the SIM was once inserted, by reason of the historical triangulation records - collation of records exercise that modern Signals intelligence government centres can deploy.

So a messaging system not associated with a mobile telephone number ever - you just have a username or codename to identify yourself with the account - are substantially better than software such as WhatsApp, Telegram and Signal, but they are not failproof. Eventually a determined government Signals department will Pegasus your mobile phone (and all mobile phones associated with you), find what non-number related secure messaging accounts you have on your phone, and one way or another they will get into them.

All that having been said, here are the best known secure messaging services that don't associate themselves with a mobile phone number.

  1. Wickr

  2. Session

  3. Threema

  4. Skype

We should discard Skype immediately. It is not secure.

Wickr is incredibly secure. It is a US Government product originally designed to convey military orders to US aircraft carrier strike groups and other battle fleets and US armour and positions across the world. Indeed it is probably the most secure messaging App there is, particularly if you instal it on a desktop computer which does not take a SIM card. (That is the standard way of Pegasus protection - don't download WhatsApp and don't have a SIM card at all in your device, ever,so you will not be able to receive SMS or MMS messages.

Of course the problem with Wickr is that there is one party who definitely can read all your communications: the US Government. So if you are trying to evade detection by them, then Wickr is possibly the worst messaging system you could use.

Threema is basically an updated version of Session, an old product which is rather, clunky, giving you a 32-digit hexadecimal username. Both parties have random strings of letters or hexidecimal characters (in the case of Session) as their account usernames.. of course the real problem with messaging services like this is that you may really not have the slightest clue who you are communicating with. Your interlocutor might control the account and then give it away to someone else; and there is no obvious way you would know this. Indeed this happens all the time in the intelligence community. Indeed it is one of the very premises of intelligence community information distribution: you want someone else to be reading your communications, not the person you are ostensibly sending them to; and intelligence services are set up to ensure diversion of communications in such cases.

That is really it as far as contporsry mobile phone messaging technology goes. We have three final observations:

  1. Never forget the possibility of using SMS, as it is totally unencrypted but for that reason a lot of government authorities overlook monitoring it.

  2. Be aware of good old fashioned open land line calls. The art of phone tapping is now largely lost in favour of all this modern stuff. A lot of governments have substantially lost their capacities for phone tapping. They may have a residuary capacity; but it may take a while to dust off in any particular case.

  3. Email using a browser sent from a laptop or desktop that does not take a SIM card (so not a tablet) is generally more secure than anything using a mobile telephone.

  4. Create a lot of traffic, because it will exponentially increase the resources required effectively to monitor you.

  5. Swiss Protonmail ro Protonmail with both parties using a ToR browser and a desktop, is exceptionally difficult to hack.

This is a constant game between those who want privacy and those who want to engage in surveillance. Any technology breakthrough on the one part will be matched by corresponding researxh to attempt breakthrough on the other. It is like the cyclical race between ballistic missiles and surface to air missiles intended to knock them out. Any advance on one side just triggers increased research on the other side to counteract the other side's perceived advance. In all likelihood this cycle will continue forever, as it always has since the time of carrier pigeons; and hence an essay like this can never be up to date and complete. Someone will come along tomorrow and change the rules.