DataStoragePolicy
Version 12 (Adrian Georgescu, 06/04/2013 01:29 pm) → Version 13/52 (Adrian Georgescu, 06/04/2013 01:32 pm)
h1. SIP2SIP Data Privacy and Storage Policy
SIP2SIP server infrastructure relays and stores information provided by end users. If you are concerned about privacy of your own data and how it is used inside the platform, read below.
h2. SIP Accounts
Accounts information is stored in the platform database. SIP account and SIP Settings web page passwords are stored in encrypted form in the database. There is a salt involved but in case of database being compromised the salt can be also retrieved. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks.
h2. SIP Signaling
Signaling can be done in clear text using UDP and TCP protocols. You may use TLS for encrypting data between the end points and platform SIP servers. There is no guarantee that encryption will work end-to-end, the SIP signaling part of the platform provides only hop-by-hop signaling security.
h3. Sessions
All SIP signaling for session establishment (INVITE/BYE/CANCEL/PRACK/ACK methods and their replies) relayed by the platform SIP servers is stored in cleartext for the last 30 days in platform databases. Both end-users and platform operator has access to this information for troubleshooting purposes.
h3. Registration
No information is stored in the platform.
h3. Presence
Presence dialogs (SUBSCRIBE/NOTIFY methods) and related XML payloads are not stored in the server databases.
h2. Call Detail Records
Call Details Records (CDRs) are stored for up to six months in clear text format in platform databases. CDRs contain metadata information about who called whom and what time and for how long. The IP addresses used for signaling and media are also stored in the CDRs.
h2. Offline Short Messaging
Messages sent using SIP MESSAGE method that cannot be delivered to local users of the platform are stored for later delivery in cleartext format in the platform database.
h2. RTP Media
RTP streams are relayed by platform RTP media relays. Actual data is not stored anywhere. You may encrypt your data using sRTP but the encryption key is available in the SIP signaling. Whomever has access to the signaling plane (and the server always has access to it) will be able to decrypt any sRTP encrypted stream. If your end-points supports zRTP, is much safer than sRTP as the decryption key is known only by the end-points.
h2. MSRP Media
h3. Chat Messages
MSRP chat sessions are done over TLS connections via the platform MSRP relay servers. The content of the messages is not logged or stored anywhere.
Blink users can replicate the chat messages between multiple instances configured with the same account. The replicated chat messages are stored for 60 days in encrypted form in platform databases. The encryption key is not known by the server, only Blink clients posses the encryption and decryption key. If you are concerned about privacy you may disable chat replication in Blink.
h3. File Transfers
MSRP file transfer sessions are done over TLS connections via the platform MSRP relay servers. The content of the files is not logged or stored anywhere.
h2. XMPP Gateway
All chat messages and presence payloads are relayed through the SIP/XMPP gateway. Message content is not stored anywhere.
h2. Protecting Privacy
h3. Ilegal Network Tapping
To protect your data against being exposed over the Internet (like IP tapping), do the following:
* Use TLS for SIP signaling
* Use zRTP for audio and video media if your end-points support it otherwise use sRTP
* Use TLS for MSRP media
These would protect your data you against those who try to illegally sniff your network traffic (like breaking into your LAN WiFi) but have no access to you either the client or server software. These measures will not protect your data privacy against legal intercept measures if enforced and applied to the server infrastructure that relays the messages (you will likely not know if and when this happens).
h3. Legal Intercept
To minimize the chance of your media data being exposed in case of legal intercept has been enforced do the following:
* Use ICE in both end-points, this way RTP streams can flow most of the time peer to peer without passing through the server media relays
* Use zRTP encryption, this way you will know about men in the middle attacks trying to intercept and decrypt your data
* Don't use SIP MESSAGE method
* Don' use MSRP media unless you have a client that has additional media encryption where the key is not known by the network
SIP2SIP server infrastructure relays and stores information provided by end users. If you are concerned about privacy of your own data and how it is used inside the platform, read below.
h2. SIP Accounts
Accounts information is stored in the platform database. SIP account and SIP Settings web page passwords are stored in encrypted form in the database. There is a salt involved but in case of database being compromised the salt can be also retrieved. It is advisable to use strong passwords that cannot be guessed by dictionary brute force attacks.
h2. SIP Signaling
Signaling can be done in clear text using UDP and TCP protocols. You may use TLS for encrypting data between the end points and platform SIP servers. There is no guarantee that encryption will work end-to-end, the SIP signaling part of the platform provides only hop-by-hop signaling security.
h3. Sessions
All SIP signaling for session establishment (INVITE/BYE/CANCEL/PRACK/ACK methods and their replies) relayed by the platform SIP servers is stored in cleartext for the last 30 days in platform databases. Both end-users and platform operator has access to this information for troubleshooting purposes.
h3. Registration
No information is stored in the platform.
h3. Presence
Presence dialogs (SUBSCRIBE/NOTIFY methods) and related XML payloads are not stored in the server databases.
h2. Call Detail Records
Call Details Records (CDRs) are stored for up to six months in clear text format in platform databases. CDRs contain metadata information about who called whom and what time and for how long. The IP addresses used for signaling and media are also stored in the CDRs.
h2. Offline Short Messaging
Messages sent using SIP MESSAGE method that cannot be delivered to local users of the platform are stored for later delivery in cleartext format in the platform database.
h2. RTP Media
RTP streams are relayed by platform RTP media relays. Actual data is not stored anywhere. You may encrypt your data using sRTP but the encryption key is available in the SIP signaling. Whomever has access to the signaling plane (and the server always has access to it) will be able to decrypt any sRTP encrypted stream. If your end-points supports zRTP, is much safer than sRTP as the decryption key is known only by the end-points.
h2. MSRP Media
h3. Chat Messages
MSRP chat sessions are done over TLS connections via the platform MSRP relay servers. The content of the messages is not logged or stored anywhere.
Blink users can replicate the chat messages between multiple instances configured with the same account. The replicated chat messages are stored for 60 days in encrypted form in platform databases. The encryption key is not known by the server, only Blink clients posses the encryption and decryption key. If you are concerned about privacy you may disable chat replication in Blink.
h3. File Transfers
MSRP file transfer sessions are done over TLS connections via the platform MSRP relay servers. The content of the files is not logged or stored anywhere.
h2. XMPP Gateway
All chat messages and presence payloads are relayed through the SIP/XMPP gateway. Message content is not stored anywhere.
h2. Protecting Privacy
h3. Ilegal Network Tapping
To protect your data against being exposed over the Internet (like IP tapping), do the following:
* Use TLS for SIP signaling
* Use zRTP for audio and video media if your end-points support it otherwise use sRTP
* Use TLS for MSRP media
These would protect your data you against those who try to illegally sniff your network traffic (like breaking into your LAN WiFi) but have no access to you either the client or server software. These measures will not protect your data privacy against legal intercept measures if enforced and applied to the server infrastructure that relays the messages (you will likely not know if and when this happens).
h3. Legal Intercept
To minimize the chance of your media data being exposed in case of legal intercept has been enforced do the following:
* Use ICE in both end-points, this way RTP streams can flow most of the time peer to peer without passing through the server media relays
* Use zRTP encryption, this way you will know about men in the middle attacks trying to intercept and decrypt your data
* Don't use SIP MESSAGE method
* Don' use MSRP media unless you have a client that has additional media encryption where the key is not known by the network