Little did I know this morning that I was onto something when it came to Fonality having more up their sleeve than has been announced.
If I read between the lines of Marcelo’s post today there is clearly more to it than meets the eye with Fonality and what they mean to the enterprise.
Marcelo who has the skills and chops of a fine investigative journalist first before he was an editor of major market tier one newspapers clearly has sniffed out some issues and features with Fonality that many of us have not been aware of. His concerns about the security approach is to say the least, alarming.
Lots of people criticize Skype for being a potential network security issue and praise Asterisk as being something that has no issues like Skype. That said, Skype at least keeps the callers call secure with encryption, but if what Marcelo alleges is true, then privacy is out the window with Fonality. I hope that is not the case
Stay tuned to this one as it will be a hot one!
Andy,
Hi there. I wanted to nip Marcelo’s blog in the bud as most of what he reports is not quite true, and the part that actually *is* accurate is a bit over-dramatized.
So, I am going to post a comment to his blog, but in case it doesn’t end up showing, I decided a more formal response on Garret Smith’s blog would be appropriate. So, here is my formal reply to Marcelo’s suppositions: Fonality’s Reply
But, Andy, I wanted to reach out to you personally, because you seemed to expand on his post in your blog with your comment when you wrote:
“That said, Skype at least keeps the callers call secure with encryption, but if what Marcelo alleges is true, then privacy is out the window with Fonality.”
As you know in the blogosphere, things can spiral pretty quickly once bloggers start expounding upon what other bloggers wrote without checking in with the source.
So, let’s be *really* clear. All calls that Fonality customers make are point-to-point. The audio does *not* pass through our data center in any way shape or form. These calls originate and terminate on the customer premise exactly like any premise-based PBX.
So, when you mention encryption it just is not relevant, or at least not any more relevant than any other PBX provider. I am sure we will embrace SRTP (secure RTP) when the rest of the industry does, but none of this has anything to do with privacy. Our managed VPN is only for moves, adds, and changes and running call reports.
It does not monitor audio at all.
Furthermore, you can disconnect our VPN easily. Most of what this VPN does is simply shuttle text files to the local customer PBX. These text files are the MACS (moves/adds/changes) and the shuttling only occurs when the customer makes a change to their PBX (such as their IVR or extensions).
In fact, Sangoma is a Fonality customer and they do exactly that. Why? Well, they are a publicly held firm up in Canada and they have some kind of esoteric law that they felt our VPN might breach. So, they simply disconnect it when they are not doing a move, add, or change on their PBX (which is 99% of the time).
About the only real thing you lose when you unplug our VPN is our centralized reporting engine for running reports. Big deal. All those CDR (call detail records) are still stored on the customer’s local PBXtra, so they can run any premise-based-reporting engine that they wish. They just shouldn’t be surprised if running big reports impacts the performance of your PBX. We found it sometimes did, so we centralized it for our customers.
—
Chris Lyman
Fonality CEO & Janitor
http://www.fonality.com