DataStoragePolicy

Version 28 (Adrian Georgescu, 08/29/2013 04:17 pm)

1 5 Adrian Georgescu
h1. SIP2SIP Data Privacy and Storage Policy
2 1 Adrian Georgescu
3 7 Adrian Georgescu
SIP2SIP server infrastructure relays and stores information provided by end users. If you are concerned about privacy of your own data and how it is used inside the platform, read below.
4 1 Adrian Georgescu
5 28 Adrian Georgescu
6 1 Adrian Georgescu
h2. SIP Accounts
7 1 Adrian Georgescu
8 20 Adrian Georgescu
SIP accounts and related information are stored in the platform database. SIP account and SIP Settings web page passwords are stored in an encrypted form in the database. There is a salt involved but in case of the database being completely compromised the salt can be also retrieved. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks.
9 1 Adrian Georgescu
10 20 Adrian Georgescu
h3. Account Deletion
11 14 Adrian Georgescu
12 22 Adrian Georgescu
You may request deletion of your account. If no commercial services have been purchased we will delete the account from the server database. If anything has been purchased, we will not delete the data as we are forced by law to keep records of all monetary transactions for up to seven years after purchase.
13 14 Adrian Georgescu
14 9 Adrian Georgescu
h2. SIP Signaling
15 2 Adrian Georgescu
16 16 Adrian Georgescu
Signaling can be done in clear text using UDP and TCP protocols. You may use TLS for encrypting data between the end points and platform SIP servers. There is no guarantee that encryption will work end-to-end, the SIP signaling part of the platform provides only hop-by-hop signaling security, any intermediate hop may decide to switch from TLS to a non-encrypted transport like UDP.
17 2 Adrian Georgescu
18 9 Adrian Georgescu
h3. Sessions
19 1 Adrian Georgescu
20 16 Adrian Georgescu
All SIP signaling for session establishment (INVITE/BYE/CANCEL/PRACK/ACK SIP methods and their replies) relayed by the platform SIP servers are stored in cleartext for the last thirty days in platform databases. Both end-users and platform operator have access to this information for troubleshooting purposes.
21 1 Adrian Georgescu
22 9 Adrian Georgescu
h3. Registration
23 9 Adrian Georgescu
24 16 Adrian Georgescu
No registration information (SIP REGISTER method) is stored in the platform.
25 9 Adrian Georgescu
26 16 Adrian Georgescu
h3. Subscriptions
27 1 Adrian Georgescu
28 21 Adrian Georgescu
No presence dialogs (SUBSCRIBE/NOTIFY methods) and related XML payloads are not stored in the server databases. Short logs about which device or subscriber changes its presence state are stored for up to thirty days for troubleshooting purposes.
29 9 Adrian Georgescu
30 1 Adrian Georgescu
h2. Call Detail Records
31 1 Adrian Georgescu
32 1 Adrian Georgescu
Call Details Records (CDRs) are stored for up to six months in clear text format in platform databases. CDRs contain metadata information about who called whom and what time and for how long. The IP addresses used for signaling and media are also stored in the CDRs. 
33 1 Adrian Georgescu
34 23 Adrian Georgescu
h2. Offline Messaging
35 23 Adrian Georgescu
36 23 Adrian Georgescu
h3. Text Messages
37 1 Adrian Georgescu
38 13 Adrian Georgescu
Messages sent using SIP MESSAGE method that cannot be delivered to local users of the platform are stored for later delivery in cleartext format in the platform database.
39 16 Adrian Georgescu
40 16 Adrian Georgescu
h3. Voicemail
41 16 Adrian Georgescu
42 20 Adrian Georgescu
Voicemail message are sent un-encrypted over email as attachments and stored un-encrypted on the server voicemail server (optional). Voicemail can be enabled/disabled for each SIP account.
43 1 Adrian Georgescu
44 9 Adrian Georgescu
h2. RTP Media
45 1 Adrian Georgescu
46 13 Adrian Georgescu
RTP streams are relayed by platform RTP media relays. Actual data is not stored anywhere. You may encrypt your data using sRTP but the encryption key is available in the SIP signaling. Whomever has access to the signaling plane (and the server always has access to it) will be able to decrypt any sRTP encrypted stream. If your end-points supports zRTP, is much safer than sRTP as the decryption key is known only by the end-points.
47 2 Adrian Georgescu
48 9 Adrian Georgescu
h2. MSRP Media
49 1 Adrian Georgescu
50 9 Adrian Georgescu
h3. Chat Messages
51 9 Adrian Georgescu
52 2 Adrian Georgescu
MSRP chat sessions are done over TLS connections via the platform MSRP relay servers. The content of the messages is not logged or stored anywhere.
53 2 Adrian Georgescu
54 2 Adrian Georgescu
Blink users can replicate the chat messages between multiple instances configured with the same account. The replicated chat messages are stored for 60 days in encrypted form in platform databases. The encryption key is not known by the server, only Blink clients posses the encryption and decryption key. If you are concerned about privacy you may disable chat replication in Blink.
55 2 Adrian Georgescu
56 9 Adrian Georgescu
h3. File Transfers
57 2 Adrian Georgescu
58 2 Adrian Georgescu
MSRP file transfer sessions are done over TLS connections via the platform MSRP relay servers. The content of the files is not logged or stored anywhere.
59 2 Adrian Georgescu
60 6 Adrian Georgescu
h2. XMPP Gateway
61 1 Adrian Georgescu
62 25 Adrian Georgescu
All chat messages and presence payloads are relayed through the SIP/XMPP gateway. Message content is not stored anywhere.
63 6 Adrian Georgescu
64 24 Adrian Georgescu
h2. Protecting Data and Privacy
65 1 Adrian Georgescu
66 24 Adrian Georgescu
h3. Illegal Intercept
67 1 Adrian Georgescu
68 25 Adrian Georgescu
We do our best to store your data securely and not expose it unless necessary for the operations of the platform. You can also help in this process.
69 25 Adrian Georgescu
70 12 Adrian Georgescu
To protect your data against being exposed over the Internet (like IP tapping), do the following:
71 2 Adrian Georgescu
72 1 Adrian Georgescu
 * Use TLS for SIP signaling
73 1 Adrian Georgescu
 * Use zRTP for audio and video media if your end-points support it otherwise use sRTP
74 1 Adrian Georgescu
 * Use TLS for MSRP media
75 26 Adrian Georgescu
 * Us OTR for Chat
76 1 Adrian Georgescu
77 19 Adrian Georgescu
These would protect your data against those who try to illegally sniff your network traffic (like breaking into your LAN WiFi) but have no access to the client or server software. These measures will not protect your data privacy against legal intercept measures if enforced and applied to the server infrastructure that relays the messages (you will likely not know if and when this happens).
78 13 Adrian Georgescu
79 13 Adrian Georgescu
h3. Legal Intercept
80 12 Adrian Georgescu
81 27 Adrian Georgescu
In case any entitled government agency requires access to the meta-data stored by SIP2SIP infrastructure,  all SIP account data stored on the server can be considered compromised.
82 18 Adrian Georgescu
83 18 Adrian Georgescu
To minimize the chance of your SIP sessions and media being exposed in case of legal intercept has been enforced do the following:
84 12 Adrian Georgescu
85 12 Adrian Georgescu
 * Use ICE in both end-points, this way RTP streams can flow most of the time peer to peer without passing through the server media relays
86 12 Adrian Georgescu
 * Use zRTP encryption, this way you will know about men in the middle attacks trying to intercept and decrypt your data
87 12 Adrian Georgescu
 * Don't use SIP MESSAGE method
88 1 Adrian Georgescu
 * Don' use MSRP media unless you have a client that has additional media encryption where the key is not known by the network
89 25 Adrian Georgescu
90 25 Adrian Georgescu
h3. Feeback
91 25 Adrian Georgescu
92 25 Adrian Georgescu
If you want to provide feedback please go to
93 25 Adrian Georgescu
94 25 Adrian Georgescu
http://wiki.sip2sip.info/news/61