Okay, so the bottom line is I absolutely and utterly detest mobile phones. There’s no doubt about it. Thus, I have a small dilemma (yes you guessed it, I don’t own a mobile). To communicate I mostly use email and various internet chat programs on my linux laptop, but sometimes I still have to make classic phone calls becasue hey, not every company offers Matrix/IRC/Jabber/Skype/Viber/Teamspeak/Whatsapp/Teams//etc. Like, if you want to make an appointment with your dentist, you have to make a phone call. For that task I currently use a shared landline in my appartment, but since I’ll likely be moving somewhat soon, I thought about getting my own landline number.
Unfortunately, landlines are often sold by ISP’s as a fixed service that can be only accessed from the location the phone was originally installed at. This is true unless you are using a different type of landline that works over the internet (which technically isn’t a landline, but still behaves like one). I’m talking about the VoIP services that allow you to make phone calls over the internet into the public switched telephone network (PSTN) and vice-versa. A special hardware IP phone (like Grandstream or Gigaset) is required to use the service, but it can also work on a desktop computer or laptop by using a program called softphone. These devices will connect over the internet to a PBX installed at the provider’s location and communicate over the SIP protocol. Thus the service is often called “SIP trunking”, and it works pretty much anywhere so long as internet access is available. The SIP trunking service is typically sold to companies and is very often unavailable for private persons. It took me a while to locate a local provider which was willing to sell access to private users.
But anyway, the questions. I was wondering how is the security of this setup like when compared to calls over classic landline or mobile. I know the internet traffic can be encrypted, and the IP phones or softphones offer encryption like SIPS/SRTP/TLS. I’m not really worried about governments trying to decrypt it because I know the traffic is automatically decrypted at the PBX and then forwarded to the PSTN unencrypted, so they can just listen in on the unencrypted traffic, same story with landline and mobile. Public phone is not secure against state actors (if I want that type of security, I’ll use a different communication method). My threat model focuses on the devices that I use and the connection between me and the service provider. Are there any IP phone brands to avoid? With known firmware vulnerabilities? I was looking to maybe get a Grandstream GXP1450 HD IP phone, which will always be at home behind a NAT router, but I’ll be also using my laptop with a softphone on travels. How decent is this SIPS/SRTP/TLS thing against local eavesdroppers?
Does anyone have any experience with this?
P.S. I’m from EU.