Thursday, February 20, 2014

Install Chrome Web Store Plugins In Chromium Or SRWare Iron

If you use Iron, the version of Chrome that is privacy enhanced by default, you can install plugins from the official Chrome Webstore.

Proxy Switchy for example, uses this URL for browsing from the webstore:

But this is the actual installation URL for the CRX file:

Note the parameter after the id%3D in the url. Once you find the extension you'd like to install in the Webstore, simply replace the red text in the installation URL with the portion of the Webstore URL that looks like random letters and numbers such as the gobbledygook below, and paste the url into the iron or chromium "OneBar", then it should install the extension.


These ID's are thirty-two characters long and made up of lowercase letters.

There's a page on the Gentoo Linux Wiki that explains this as well.

Febuary 4, 2015 Update:
It appears that this method no longer works for some reason.

Wednesday, February 12, 2014

Android Anonymous VoIP Calls with TOR

There are good reasons to be able to make anonymous VoIP calls:

Report potential terrorists without you yourself being put on the homeland stupidity/FBI watchlist.

Report crimewatch tips with impunity and anonymity. What if a corrupt policeman is running the crime watch lines and keeps the caller id data?

These are just a few of the many reasons to be able to make anonymous phone calls.

To make anonymous sip calls from an android phone, your phone must be rooted so that orbot can transparently intercept the VoIP apps data and reroute the data through the TOR proxy network. How to root your mobile phone is outside the scope of this post. This was tested on a 4.0 ICS os.

Here's the list of steps:

Install orbot, the android version of TOR which is in the app market.

Install Smslisto (I have tested this with Smslisto, but the other finarea voip apps should work as well)

Setup orbot with the default options. On the settings menu, under transparent proxying, clock Select Apps, and then select Smslisto or your VoIP app then close it.

You can now start orbot by pressing down the robot for two seconds (this is also called a long-tap). Once it starts, you can then start Smslisto and login with your web username and password. Select "VoIP call" to make a data call.

Please note that I am not running a sip server at the moment, so I am not sure if the registration or RTP/UDP audio stream is actually routing through TOR, or it merely seems like it is (this could be proven by running csipdroid in this fashion and testing it against your own sip server and then, once proven, registering to I don't have the time to test this at the moment, so consider this post as conceptual. I do know, however, that the call had a delay of a few seconds, whereas a normal data call has very little delay at all on a 4G LTE connection.

Also another caveat is that you can't anonymously put money into a VoIP account, as no internet sip provider that I know of allows bitcoin deposits. Perhaps an entrepreneur out there could start a bitcoin-accepting VoIP service, but considering all of the VoIP telephone fraud that goes on, I'm sure the FBI would be knocking on your door soon. I strongly suggest having a hidden .onion server for stronger anonymity and then using sips/srtp/zrtp for registering to the trunking service. Without srtp, however, all call data (the phone number called and the call audio) would NOT be encrypted from the TOR exit node to the sip trunk. Also you would be using the same exit node for the duration of the call, otherwise the calls udp/TCP session would end and the call would drop.

A better idea is to use i2p for its superior bulk data/UDP stream support, but i2p is a totally separate world from TOR (for example it doesn't have exit nodes per se).

I support the NSA's data collection policies and believe it to be keeping us safer. I am OK with them recording all phone calls as well. As Bill Gates recently stated, its important to know just what they are recording, for how long, who can access it, etc.... There should be oversight, otherwise what prevents the NSA from collecting pin numbers, account numbers and some rogue agent infiltrating bank accounts? I surmise that the NSA has been recording VoIP calls already, even domestic calls. I'm guessing that all efax services that traverse the public internet are being stored as well.