I know calls made over the cellular network aren’t likely to be secured. The threat from a Stingray is real. What do you guys think of using WiFi calling behind a secured router with a VPN on? My understanding is that WiFi calling uses encryption and yes, the carrier is involved, but if the government wants to spy, then at the very least they’ll seek a warrant rather than letting a Stingray as a solution around getting a warrant to tap my connection. I can’t use Signal for everything like calling a restaurant or a store.

WiFi calling should only be viewed as a call quality booster. Privacy security wise it should be treated identically to a regular phone call.

If you’re concerned about privacy then WiFi calling just makes it easier. That’s just a warrant asking for all internet use in a geographical area. No hardware like a stingray involved.

But I’ll be using it within a VPN. How could it be worse than placing a normal call where a Stingray will intercept it? I get that it’s still not as good as Signal, but as I said in my example, I can’t call a restaurant with Signal.

Wi-Fi Calling is significantly nore secure than cell towers. It is totally different. My answer would be YES.

Government? A government is not your enemy - it’s the developers. Even if a government allows something, a developer can technically prevent it. Developers are the enemies.

Read all new and old Karsten Nohl security documentation.

VoWiFi has no security benefits over VoLTE, they both get routed over an IPSec tunnel to the carrier.

VoWiFi will not route over your VPN, it will bypass it.

VoWiFi has the privacy downside that it allows the carrier to learn the IP addresses of the hotspots you use.

VoWiFi’s sole benefit is just calling when indoors with poor cell reception.

If you want actual privacy benefits you need to use something else like Signal or XMPP for calls.

Bro, I really do appreciate your response, but did you read the OP? The point of this thread isn’t whether WiFi call is as secured as Signal nor why am I not using Signal. I am.

did you read the first 80% of my response which answers your questions?

If you force LTE only mode you will strictly only have calls placed over VoLTE. VoWiFi has zero security benefits over VoLTE in that regard. But VoWiFi does have privacy downsides.

To re-iterate what I said before: VoWiFi will NOT go over your VPN.
Even if you set the VPN at the router level instead of the phone level, the privacy is still broken because there is no distinct state isolation between other clients/connections through that router.

To further clarify this here is a detailed breakdown:

Cell phone usage without WiFi, with or without VoWiFi enabled:

• connections to carrier services have your carrier IP and are associated with your SIM/identity
• connections to websites which load trackers can be correlated to your SIM/identity if your carrier sells this information

Cell phone usage with WiFi or a VPN, without VoWiFi enabled:

• connections to carrier services have your carrier IP and are associated with your SIM/identity
• connections to websites which load trackers can’t be correlated to your SIM/identity since they have no direct access to that traffic

Cell phone usage with WiFi, no VPN, and VoWiFi enabled:

• phone calls would be correlated with your WiFi IP address and is associated with your SIM/identity
• other carrier services connections would have your carrier IP and are associated with your SIM/identity
• connections to websites which load trackers can be correlated to your identity
• connections from others on the shared network can also be potentially linked

Cell phone usage with WiFi, a VPN, and VoWiFi enabled:

• phone calls would be correlated with your WiFi IP address and is associated with your SIM/identity
• other carrier services connections would have your carrier IP and are associated with your SIM/identity
• connections to websites which load trackers can’t be correlated to your SIM/identity since they have no direct access to that traffic
• connections from others on the shared network can also be potentially linked

My recommendation: force LTE only or LTE/5G only, keep VoWiFi disabled, use Tor or a VPN always

they often do not need a warrant, please take a look at their official manual, page 73 onward: https://s3.documentcloud.org/documents/21088576/march-2019-fbi-cast-cellular-analysis-geo-location-field-resource-guide.pdf

Or Threema (Switzerland)

• Bitcoin Payment (only Android OS)
• Allows access via Tor or VPN
  Messenger Comparison – Threema
• Threema Calls

Threema Calls

Threema Calls are based on WebRTC, an open IETF Standard. WebRTC uses the ICE, STUN and TURN protocols to establish a secure peer-to-peer connection. Media streams are en-crypted with the SRTP protocol, with DTLS-SRTP being used for the key exchange. DTLS version 1.2 is enforced.

The DTLS ciphersuites offered by the Threema app are (in that order):
• TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

The SRTP ciphersuites offered by the Threema app are (in that order):
• SRTP_AEAD_AES_256_GCM (0x0008)

Ibex encryption is suspicious and others have agreed with me on this:

See also this trash:

Switzerland here. My country, my ppl are suspicious?

General Data Protection Regulation. GDPR

They have to pay a fine of 10 million Euros if they arbitrarily violate data protection rules. Signal USA have no rules. Swiss citizens have no rights in the USA.

I did, but I addressed the last part of your post. I have no idea why it needs to be said when that wasn’t what I was asking nor would it help address the use case.

Thx for your help.

He never said that. He was discussing encryption. Attack the argument if you have an issue with it.

I had no idea VoLTE is more secure. When making a phone call and having a VPN, how do I know the call is VoLTE and not otherwise?

I’m actually surprised that WiFi calling can get around a VPN whether at the OS or even router level. How is it able to do that? I find this fascinating as all other traffic will stay within the VPN, but WiFi calling has this ability to get out of the VPN.

Just trying to learn and understand, but if I use a public hotspot to use WiFi calling even with a VPN, what do I need to be concerned about with privacy and security? The reason why this scenario may happen is when I’m travelling and my carrier lets me use WiFi calling to call numbers back in my country like as if I’m there.

I always write my responses broadly because others will read it and it is an important point in this context to clarify it.

Most carrier services bypass VPN on OS level. They cannot bypass VPN on router level if they are WiFi routed, but they do have downsides as stated above.

You should see an HD symbol somewhere on the call screen.

I had actually assumed VoWiFi was more secure, glad to have that assumption corrected.

Dumb question, what about FaceTime audio?

I see that in the call log. How do I ensure that voice calls always happen with VoLTE and disable any non-VoLTE calls?

That’d be classed the same as Signal or others if you trust Apple.

Set your phone to LTE only or LTE/5G only.
Traditional PSTN calls cannot be processed on LTE or higher.