I’ll speak to the council of wizards about this and get back to you as soon as I can.
Hope to get a reply ASAP
I’m interested in that too
When voice encryption is being enabled we use AES-256-EAX to encrypt the voice traffic. For key exchange we use ECDH with ed25519 as curve. Both sides generate a new keypair on every connect and exchange them. There is also a identity validation that is based on ECDSA with prime256v1 as curve.
thank you for your reply
How do I verify that I didn’t connect to a malicious server if I’ve never connected to a specific server address before? TeamSpeak only detects MITM attacks if I’ve already connected to that server in the past.
When will you encrypt file transfer? What encryption do you use for text chat?
You are right, there is no MITM protection on the first connect, only on following connects. Adding a PKI would probably be overdoing it. We use the same encryption (AES-256-EAX) for the text chat like we use for voice chat, except that it is not optional.
There are internal plans for adding encryption to the filetransfer, but these will probably be part of a mayor overhaul of the filetransfer that will not be backward compatible. There is currently no time tables for these changes.
I know this is a feature request, but it affects the privacy and security, so I’ll send that to you. Please remove the ability to disable voice encryption because a lot of the ts providers charge extra money to use voice encryption. This is like a webhoster charging extra money for https. Since a lot of the users do not want to pay extra money for that, their traffic will stay unprotected. It is not acceptable to have the most intimate and private conversations exposed to ISP, backbone providers, police etc. Especially in more restrictive countries like china, etc., users privacy is the highest good.
@maximilian.muenchow Thanks for the detailed explanation
I very much understand your sentiment, the voice encryption had been made optional because of the cpu load it generates. Since the ts3server is still being used on sometimes rather weak hardware, i do not think we can remove disabling the voice encryption. What i think that is realistic is that we can change the defaults for new servers, so that voice encryption is being enabled per default going forward.
For that i will have to talk with a few people internally if they are okay with it, so no promises
Well the thing is that cpu power is definitely not a problem for teamspeak hosting providers. Maybe you could at least force them to encrypt the traffic.
On this point, I think HTTPS is now more of a give in.
You would have to give a reason to not want HTTPS…
Especially with Cloudflare providing free cloud to client HTTPS
Quick idea regarding that: (might be stupid since I don’t know the technicalities of TS)
Would it be possible to implement some sort of certificate like used for HTTPS in browsers?
We probably won’t need to go as far as building an entire certification-structure with root-certs etc. since we’re “only” talking about one closed-source program, but the ability to create child-certificates might be useful for hosting providers in that regard (so they have their primary cert that you could approve on your client to trust all child-certificates used on servers hosted by them).
You would have to give reason to not want your voice traffic encrypted
It simply is default to encrypt everything that you send through the internet because this is the only way to make sure that no one is spying on you.
You should ask that someone who has more knowledge of IT security, all I can do is speculate or tell what i personally think
I am a Teamspeak User since almost 2015, and I am very interested in encryption. I believe data privacy and security is a concern for all of us. So, I am interested into how secure is the voice data encryption, which you can enable in server settings?
Is this kind of encryption end-to-end so nobody, excepting the client you are talking to, can decrypt the voice data? How secure is the encryption?
Thanks for reading.
Hey, a Post with your question already exist
watch here: How secure is encrypted voice chat? - #7 by Marchlie
Thank you. I completely overlooked this article. I apologize.