Anybody know the technical details of SIP/Voip traffic regarding privacy and logging by your ISP? I'm not so much concerned about call content wiretapping, I know it's not encrypted unless using Zphone, SRTP etc. and I know without a VPN there will be a connection on a sip port to my sip provider logged. I am concerned about automatic logging/data retention of the source and destination numbers by the ISP. For example, if I use a sip client with no VPN on my computer or maybe an iphone/iPod touch (via wifi) and use a third party SIP provider in say, Panama or Switzerland, would my account/DID and the destination phone number be easily logged by the ISP? Or would those details only be normally available at the SIP provider? Same question for an incoming call from a landline to my SIP number. Thanks.
Well, it's not just for me I'm asking, so let's say it's the worst case, probably the UK or any of those in deep red on the Cryptohippie map. I'm asking generally, what is likely to be logged automatically in an environment of data retention. For example, if you go to an https webpage they will log the domain and first page but probably not every page thereafter at the same domain (I think). Whereas with an http connection every page request is open, part of another URL request and therefore logged. I know there's no encryption with sip but is it the same to any degree? ie. they see you log in to the sip provider and log that, but is the DID number - origin and/or destination - equally part of a connection request, or would it require more - packet sniffing and wiretapping into the actual content of the connection. In other words, is logging the origin and destination voip numbers connected via a third party sip provider something that would require extra effort above normal, not covered under EU data retention and therefore unlikely in normal voip usage even though insecure?
These deep red areas don't use just data retention, and may not use that at all. They may use a system called target escalation, such as in the US, where they have live feeds of everyones traffic and they start intercepting information, including voip, and see if you say or do anything interesting. If you are already interesting, or you have been in contact with someone interesting, then all your traffic is going to be spied on since you are now an escalated target. That means *all* your traffic. Financial, ISP, all protocols, Instant messaging, VOIP, email, etc. The point is they know who you are. If you are interesting, you are a target, and when you are a target, they slurp up all your data for analysis.
So then, unless you are targeted, your ISP as standard is going to be logging your connection to the sip provider, but not every call like your sip provider will. Right?
Ok, I have found some tech info for the EU if anyone is interested here: http://barometer.interoute.com/papers/EU_DATA_RETENTION_COMMENTARY.pdf According to page 8 an ISP only has to log it's own voip services. I'm still interested in what a 'SIP URL' actually consists of and reveals. I also wonder if the UK has a more zealous version: http://www.telegraph.co.uk/sciencea...Internet-records-to-be-stored-for-a-year.html Also worthy of note, according to page 2 of this: http://barometer.interoute.com/papers/PSSC_software.pdf - 'Loud-Listener Pro' software will be able to record up to 100 concurrent sip/rtp calls and a more basic version will be publicly available.