I'd like to start videoconferencing with some of my clients. Ideally,
the method would work cross platform between Macintosh OS X and
Windows XP. Earlier versions of Macintosh OS and Windows would be
Here's the rub. My professional association requires that these
conferences be reasonably secure from eavesdropping by hackers. The
association doesn't consider the usual methods of internet
communication -- email for example -- sufficiently secure. Encrypted
email is okay.
I know hacker-eavesdropping on AIM is very easy. It seems likely this
is true on ICQ, though I'm not certain.
So... I'd like to figure out some easy way of encrypting
videoconferences. At minimum, I'd need to encrypt text and audio.
Encrypted video would be good, too, but it's less critical, because
the video will be mostly talking heads in my case. No "private"
Encryption might not be necessary if the videoconferencing protocol
made it *very* difficult for hackers to eavesdrop, so this is an
alternate solution. Peer to peer conferences might be better if they
offered adequate security. We might find each other's IP addresses,
via a server, then switch to P2P.
I realize that video encryption probably is less likely to be
available and might put a heavy load on the CPU.
I've found a few possibilities, and some disappointments. The latest
version of AIM allows encryption, but I think it only encrypts text.
There's a new product called Skype that encrypts audio for Voice over
IP phone calls. It also offers a voice- and text-encrypted
Instant Messaging product.
So, I could connect to my client simultaneously with, say Skype for
the audio and text portion with ICQ or AIM for the video.
Another possibility -- I could talk on the telephone with my client
for the audio portion while using ICQ or AIM just for the video.
Unencrypted telephone calls are okay. (I don't care about the cost of
the telephone call., so VOIP is irrelevant to my needs.)
VPN encryption or ssh tunneling have been suggested. These would work,
but they would be too technically demanding for my clients.
If there's a simple, idiot-resistant way to do this, it might be an
option. I'd like to know about that. I don't know how. I could figure
it out, but my clients are going to be less geeky than me. These will
be non-technical users, on the whole. I can presume they have
successfully videoconferenced before, for personal use, but that's
I don't need multi-party encryption. These would be one-on-one video conferences.
These all seem like Rube Goldberg solutions.
My question -- and I do have one -- well, a few related questions--
1--Does any commonly-used videoconferencing app offer a combination of
text, audio and video, with encryption of the audio and text at least,
and maybe the video, too?
2--Is there a third party utility that adds encryption capability to
ICQ, AIM, or whatever? Does it encrypt audio, video, both?
3--What I'd *really* like to find is a third party utility that would
intercept the USB audio on the local machine and encrypt it, then send
it along the audio channel to the videoconferencing app, and decrypt
it on the other end in a similar way. Both users would need the same
utility of course. It would have to work in real time, and processing
delay would have to be acceptably short. (This might be the most
convenient solution, but other methods -- as described above -- would
That way, I could use any convenient videoconference application. The
audio (and maybe the video) would be encrypted before it reached the
conferencing application, and after it left the conferencing
application on the other end,
I don't need any heavy duty encryption. 40 bit would be fine. 11025
khz mono sampling rate for the audio would be fine. USB-audio-only
would be okay. Public key isn't necessary. The user and I could have a
prior agreement on a password, and both type it in when we were
connected and ready to conference. Overly heavy encryption might cause
too much delay in the audio signal or bog down the CPU too much. Video
encryption might cause similar problems. I dunno.
Compatible utilities would have to be available for Macintosh and Windows.
I'd consider an external hardware device for the same purpose, but it
would have to be cheap and easy to use because each of my clients
would have to buy one also.
Oh, yeah... I did find a standalone encrypted videoconferencing
product, but it was very expensive. It looks like it's intended for
major corporations and government agencies. This would not be a
realistic solution for me.
I am reasonably competet with Google searches. I've looked around.
What I found is described above. I was surprised I couldn't find what
I am looking for. It seems technically simple, and there's an obvious
need for such a product. I wonder if I overlooked something.
I know there are some problems with malware getting spread around over
AIM and that sort of thing. That is not my concern today.
If no products of this nature exist, I'd be interested to know why, or
if any are on the horizon. I'd also be interested in an opinion from a
seasoned video-conferencer about the optimum hybrid solution.
Help will be much appreciated.
Clarification of Question by
22 Sep 2004 08:01 PDT
It's me again.
I talked this over with a moderately geeky acquaintance last night.
She said she thought that the kind of audio and/or video encryption I
am looking for would bog down the CPU and also overwhelm the bandwidth
of something like a DSL connection.
That would explain why I can't find what I'm looking for. It seems
reasonable, though I'm not certain it's correct.
I believe there is a difference between encryption and scrambling.
With scrambling, both users enter the same agreed password. Encryption
usually implies public key encryption. With public key, the users have
different passwords and neither user needs to know the other user's
password. This kind of encryption is normally more secure than most
scrambling methods. However, it demands a lot of the CPU and
drastically increases the bandwidth required by the audio and/or
So, maybe I'm looking for "scrambling" rather then "encryption"
capability. I recall that I use Timbuktu for file transfers and remote
control of one computer with another. Timbuktu says it "scrambles" its
video, based on security passwords, but does not encrypt it.
Scrambling would likely demand much less of CPU and bandwidth. For
example, remote control of one machine by another on Timbuktu slows
the machine very little, and works reasonably well over dialup.
If encryption is not possible, what about scrambling?
My friend adds that many external encryption devices are available,
but they are expensive and used for highly specialized purposes.
I don't think I'm going to find what I originally asked for.
Nevertheless, more information or suggestions that haven't occurred to
me would be helpful.