27. Install Roundpin

by Cover Tower - Updated October 19, 2021

Roundpin is a fully featured browser phone that connects to an Asterisk server and implements audio/video calls, text messaging and video conferencing by using SIP over WebSocket and WebRTC. For calls to and from mobile and landline phone numbers, a ‘telnyx.com’ or ‘localphone.com’ account is needed and a real phone number acquired from one of the two providers.

Roundpin allows users to have text, audio and video conversations with other extensions configured on the same Asterisk server and to make and receive audio phone calls to/from any phone number in the world. It also implements video conferencing. Users can initiate video conferences with other extensions configured in Asterisk but also with external users who don’t have Roundpin accounts. All they need to participate in a conference is a browser and the link to the conference (supposing they use a device with a video camera).

Roundpin logs recent phone calls and their duration, it allows pausing/muting and transferring phone calls as well as using an IVR configured on the underlying Asterisk server. The Asterisk server can be used to implement advanced PBX features, such as voicemail, queue management, music on hold, number blacklisting, call recording, etc. If you followed and applied the instructions of all the previous chapters of this guide, you already have Coturn installed on your server. As explained before, Coturn can be used as a STUN server to assist Roundpin in connecting users who are behind routers. So, a complete installation of Roundpin is made up of Asterisk + Coturn + Roundpin. Since we already described how to install Asterisk and Coturn in the respective chapters, all it remains is to explain how to install and configure Roundpin.

Please note that all the details presented in the ‘Install Asterisk’ chapter, including the dial plans for the 4 scenarios, are applicable to both Roundpin and SIP Trip Phone. The main difference between the two applications is that SIP Trip Phone is not a standalone application (it has to be installed inside Nextcloud) and it can only be used for audio phone calls, while Roundpin can be used for text/audio/video conversations and also for video conferences, including video conferences with external users. You can see SIP Trip Phone as a backup application for Roundpin. The two applications can be used in turn or simultaneously (using different Asterisk extensions).

If you have Debian installed on your laptop/desktop, please note that conference calls don’t work as expected in Firefox ESR, which is the default browser for Debian and similar distributions. To have all the Roundpin functionalities work, you will have to install the last stable version of Firefox by following these simple steps:

  • Download the last stable Firefox version from the official website (https://www.mozilla.org/en-US/firefox/).

  • Uncompress the archive and move the resulting firefox directory to the /opt directory, for a system-wide installation

  • Create the firefox-stable.desktop file in the /usr/share/applications directory, having the following content:
[Desktop Entry]
Name=Firefox Stable
Comment=Web Browser
Exec=/opt/firefox/firefox %u
  • Right-click on the newly created firefox-stable.desktop file and choose ‘Copy to’ > ‘Desktop’, to create a Firefox shortcut on the Desktop.

If you install Firefox in this way and in ‘Edit’ > ‘Preferences’ > ‘General’ > ‘Firefox Updates’, you select ‘Check for updates but let you choose to install them’, Firefox will show a notification in the upper right corner when there is a new update available, so that you can go to ‘Help’ > ‘About Firefox’ and click on the ‘Update to …’ button. When you will click on that button, the new version will be downloaded and then you will have to click on it again to restart Firefox, to complete the update. If the ‘About Firefox’ pop-up window informs you that the update cannot be done directly, by using the ‘Update to …’ button, you can perform the update by downloading the latest Firefox version from the official website (https://www.mozilla.org/en-US/firefox/), then uncompressing the archive and moving the resulting firefox folder to the /opt directory, which will overwrite the old firefox folder.

To install Roundpin, first download it from its official web page, then create a new directory for it in the /var/www directory:

mkdir /var/www/roundpin.example.com

where example.com is your main domain. Then upload all Roundpin files in the /var/www/roundpin.example.com directory and change ownership and permissions:

chown -R www-data:www-data roundpin.example.com
find /var/www/roundpin.example.com -type d -exec chmod 750 {} +
find /var/www/roundpin.example.com -type f -exec chmod 640 {} +

If you remember, when we described how to install Nextcloud, in the Obtain a Let’s Encrypt SSL certificate chapter, we explained how to obtain a Let’s Encrypt SSL certificate for both cloud.example.com and roundpin.example.com, so that you can connect to Asterisk, simultaneously, both SIP Trip Phone and Roundpin. Since you have a SSL certificate that is valid for both cloud.example.com and roundpin.example.com, you don’t need to obtain a new certificate for roundpin.example.com. You just have to mention that certificate in the Nginx configuration file, as we’ll show below. Please note that Roundpin can only be installed over HTTPS. It will refuse to install over plain HTTP.

27.1. Configure Nginx for Roundpin

Replace the temporary server block for roundpin.example.com set up earlier, with the following blocks:

server {
    listen  80;
    listen [::]:80;
    server_name roundpin.example.com;
    return  301 https://roundpin.example.com$request_uri;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name roundpin.example.com;
    root /var/www/roundpin.example.com;
    index index.php;

    ssl_certificate /etc/letsencrypt/live/cloud.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cloud.example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/cloud.example.com/chain.pem;
    ssl_dhparam /etc/nginx/ssl/dhparam.pem;

    ssl_session_timeout 4h;
    ssl_session_cache shared:SSL:40m;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;

    ssl_stapling on;
    ssl_stapling_verify on;
    add_header Strict-Transport-Security "max-age=63072000" always;
    add_header X-Content-Type-Options nosniff;
    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
    fastcgi_hide_header X-Powered-By;

    location = /robots.txt {
       allow all;

    location ^~ /.well-known/acme-challenge {
       root /var/www;

    location / {
       try_files $uri $uri/ /index.php?$args;

    location ~ \.php$ {
       try_files $uri =404;
       fastcgi_split_path_info ^(.+\.php)(/.+)$;
       include fastcgi_params;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       fastcgi_param HTTPS on;
       fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;

    location /restr {
       deny all;

    access_log /var/log/sites/roundpin.example.com/access.log;
    error_log  /var/log/nginx/roundpin.example.com.error.log notice;

Replace example.com with the main domain hosted on your server. Create the access log directory:

mkdir -p /var/log/sites/roundpin.example.com

Restart Nginx:

systemctl restart nginx

27.2. Configure logrotate to rotate Roundpin logs

Configure logrotate to rotate the new access log:

nano /etc/logrotate.d/nginx

Add the following section at the bottom of the file:

/var/log/sites/roundpin.example.com/access.log {
	rotate 10
	create 0640 www-data adm
	size 2M
		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
			run-parts /etc/logrotate.d/httpd-prerotate; \
		fi; \

                [ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`

Replace example.com with the main domain hosted on your server.

27.3. Run the web-based installation

Use phpMyAdmin to create a MariaDB database (for example roundpindb), a user (for example roundpindbuser) and a password.

Then copy the roundpin-setup.php_sample file as roundpin-setup.php to begin the installation:

cd /var/www/roundpin.example.com
cp roundpin-setup.php_sample roundpin-setup.php

Next, use a browser to navigate to:


You will see the following screen:

Enter the database name, database user and database user password, then click ‘Next’.

In the second installation screen enter the credentials of the superadmin: username, password, email address. Then click ‘Submit’. The third screen will inform you that the installation is complete.

After the installation, the roundpin-setup.php file will become inaccessible. If you want to access it again in the browser and run the setup process again, you will have to manually edit the /var/www/roundpin.example.com/install-signup-check.php file, and change the $installcheck parameter from false to true. Once the installation is completed it’s recommended to delete the roundpin-setup.php file:

rm /var/www/roundpin.example.com/roundpin-setup.php

Next, navigate to https://roundpin.example.com/roundpin-signup.php and register:

Enter your email address, username, password and role (Regular User or Superadmin), then click ‘SIGN UP’. The difference between Superadmin and Regular User is that the Superadmin will be able to create video conference links and give them to external users, so that they can participate in video conferences without having a Roundpin account. The video conference links can be created in the ‘Settings’ window, ‘Audio & Video’ section, under ‘External Video Conference Users’, as we’ll explain further down below. The Regular Users won’t see the ‘External Video Conference Users’ section, so, they won’t be able to create such links.

In general, only a single person is a Superadmin: the person who installs Roundpin. Yet, Roundpin allows multiple Superadmins to register, in case in certain situations, the person who installs Roundpin will need multiple users with full privileges.

After registration, you will receive a confirmation email to the email address you have provided. Click the link in that email to confirm your email address. Then you can log in to Roundpin at https://roundpin.example.com using the username and password set up at registration.

After the registration of all the Superadmins and Regular Users, you can disable the ‘SIGN UP’ tab on the login form by editing the /var/www/roundpin.example.com/install-signup-check.php file and changing $signupcheck = true; to $signupcheck = false; Then, if you want to give other users the opportunity to register, you can re-enable the ‘SIGN UP’ tab.

27.4. Move the roundpin-config.php file outside the web root

Since the /var/www/roundpin.example.com/roundpin-config.php file contains sensitive information, it’s recommended to move it outside the web root by running:

cp /var/www/roundpin.example.com/roundpin-config.php /srv/scripts/roundpin.php

Then change ownership and permissions for the /srv/scripts/roundpin.php file:

cd /srv/scripts
chown www-data:root /srv/scripts/roundpin.php
chmod 400 /srv/scripts/roundpin.php

Then replace the content of /var/www/roundpin.example.com/roundpin-config.php like this:

cd /var/www/roundpin.example.com
cat /dev/null > roundpin-config.php
nano roundpin-config.php

Enter the following content inside this file:

<?php include('/srv/scripts/roundpin.php'); ?>

27.5. Configure Fail2ban to protect Roundpin against brute-force attacks

First add a new filter in the /etc/fail2ban/filter.d directory:

nano /etc/fail2ban/filter.d/roundpin.conf

Add the following content inside this file:


failregex = ^<HOST> .* \"POST /roundpin-login.php HTTP/2.0\" 200 724 .*$
ignoreregex = 

Then edit the /etc/fail2ban/jail.local file:

nano /etc/fail2ban/jail.local

Add the following block right before the [phpmyadmin] block:

enabled  = true
filter   = roundpin
logpath  = /var/log/sites/roundpin.example.com/access.log
port     = 80,443
findtime = 3600
maxretry = 4
bantime = 604800

Replace example.com with the main domain hosted on your server. Reload Fail2ban:

systemctl reload fail2ban

27.6. Using Roundpin

When you log in for the first time to Roundpin, the ‘Settings’ pop-up window will show up, inviting you to enter your credentials, so that Roundpin can register you to the underlying Asterisk server, to be able to make and receive phone calls:

In the ‘Connection Settings’ section, enter the following credentials:

WebSocket Domain : roundpin.example.com

WebSocket Port: 8089

WebSocket Path: /ws

Display Name: The name that you want to associate with your extension, for example John Smith

SIP Username: Your extension number configured in Asterisk (as explained in the ‘Install Asterisk’ chapter), for example 601

SIP Password: The password for the extension entered in the previous field, as it is configured in the /etc/asterisk/pjsip.conf file

STUN server domain or IPv4 address, and port number: If you have configured Coturn as a STUN server as we explained in the Install Coturn chapter, enter the IPv4 address of your server followed by the port number used by Coturn, like this:

where is the IPv4 address of your server.

After you fill out the fields mentioned above, Roundpin will be able to connect to the Asterisk server. Yet, it’s recommended to also review the settings in the ‘Audio & Video’ section:

Here it’s recommended to leave the Speaker, Ring Device and Microphone sections as they are and to leave ‘Auto Gain Control’, ‘Echo Cancellation’ and ‘Noise Suppression’ checkboxes checked. Under Camera you should select the camera that you want to use with Roundpin, in case you have multiple cameras attached to your computer. Under ‘Frame Rate (per second)’ it’s recommended to select 30, under ‘Quality’ select ‘HD’, under ‘Image Orientation’ select ‘Normal’, under ‘Aspect Ratio’ select ’16:9′. You could experiment with different values in these fields, but the values that we mentioned usually work best.

Under ‘Video Conference Extension’ enter the extension that you configured in the /etc/asterisk/extensions.conf file for video conference purposes, as explained in the ‘Conference Calls’ subchapter of the ‘Install Asterisk’ chapter.

Under ‘Percent of screen width that the video conference windows will have’ enter the percent from the total screen width that you want the width of the video conference windows to represent. For example, if you want each video conference window to have a width which represents 32% of the total screen width, enter 32. If you don’t enter any value, the default of 32 will be applied.

In the ‘Profile Picture’ section you can upload your picture or an avatar, to have it displayed next to your name when you log in.

It’s also recommended to check the ‘Enable Onscreen Notifications’ checkbox in the ‘Notifications’ section.

If you followed the Install the mail server chapter and installed a complete mail server, and you want to integrate Roundcube with Roundpin, to be able to open a new email window with one click, to easily send emails to your Roundpin contacts, and to be able to check incoming emails from inside Roundpin, you should also fill out the fields in the ‘Email Integration’ section (please note that to be able to integrate Roundcube with Roundpin, you will need to enable the ‘autologon’ and ‘autologout’ plugins in Roundcube, as explained in the Enable the ‘autologon’ and ‘autologout’ plugins chapter):

Check the ‘Enable Roundcube email integration’ checkbox, in the ‘Roundcube domain’ field enter mail.example.com, where example.com is the main domain hosted on your server, in the ‘Roundcube user’ field enter the email address that you use to login to Roundcube (Eg: admin@example.com), in the ‘Roundcube password’ field enter the password for the mentioned Roundcube user. If you have enabled HTTP basic authentication for the mail.example.com domain, in the ‘Roundcube basic authentication username’ and ‘Roundcube basic authentication password’ enter the user and password respectively that you use for basic authentication on mail.example.com.

You can use the ‘Change Password’, ‘Change Email’ and ‘Close Account’ sections to change the password you use to log in to Roundcube, to change the email address associated with your Roundpin account, that you entered when you registered, and to close your Roundpin account, respectively.

To save the changes, click the ‘Save’ button. You can always re-open the ‘Settings’ window and change your settings by clicking on the ‘Settings’ wheel which can be seen in the lower right corner of this image:

If you click on your picture, you will see the following menu:

You can use this menu to auto-answer all incoming calls, to set the ‘Do Not Disturb’ status, which will make all incoming calls to fail (all incoming calls will be automatically ended, you won’t hear any ringing but you will see the notice ‘You missed a call (Busy Here)’ on the call log displayed on the right panel when you click on the name of the contact who called); you can also set the ‘Call Waiting’ status, which is the default status, you can refresh registration on the Asterisk server, you can add a contact and you can log out. To add a contact click on the ‘Add Contact’ option. You will see the ‘Add Contact’ pop-up window:

The only mandatory field is the ‘Display Name’. Yet, you should enter as many contact details as you have for each contact. If the contact has an extension configured on the underlying Asterisk server, like 602, 603, etc., enter it in the ‘Extension (Internal)’ field. If the contact is an external user, leave the ‘Extension (Internal)’ field empty and enter just the other details. When finished, click ‘Add’. You will see the contact’s name on the left panel. If you have a picture of the newly added contact, you can add it by clicking on the contact’s picture placeholder, which will open the ‘Edit Contact’ pop-up window:

In the ‘Edit Contact’ window you can add a picture but you can also edit all the other contact details.

After you have added an extension as a contact, if that extension is online, you will see a green status circle below its picture. If you click on its name, the right panel will open and there you can initiate a text conversation:

You can add emoticons to your text messages and you can send files to your interlocutor. To send a file click the ‘Send File’ button at the right end of the text editing field, then click the ‘Select File’ button on the horizontal bar above the text editing field, to choose a file from your computer and attach it to your message:

Once you click the ‘Send Message’ button, both the text message and the file will be sent:

Both the sender and the receiver are able to download the file by clicking on its link, in the chat history panel. If you installed the ClamAV antivirus, as explained in the Install ClamAV and integrate it using clamav-milter chapter, any file sent in this way will be automatically scanned with clamav-daemon, so that only the files free from viruses or other types of malware can get through.

All text messages are encrypted twice: apart from TLS encryption, each message is encrypted using asymmetric cryptography (1024 bit RSA keys). Every time a user reloads the page, a new private – public key pair is generated for that respective user.

Please note that currently you can only send short text messages. Text messages larger than about 20 words will not get through because Asterisk has a hard-coded limit for the maximum size of simple SIP messages. We are working to increase that limit.

If you hover over the name of an extension on the left panel, you will see two small buttons, one for the audio and the other for the video call. If both you and the other person have functioning microphones and speakers detected by the browsers and you click on the ‘Audio Call’ button, you can initiate an audio call:

During an audio call you can mute your microphone, record the conversation, transfer the call to another extension, pause the call or hang up, by pressing the respective buttons.

If both you and the other person have functioning microphones, speakers and cameras detected by the browsers and you click on the ‘Video Call’ button, you can initiate a video call:

You can have text/audio/video conversations with other extensions configured in Asterisk. With contacts that are not extensions, you can have only audio conversations. Yet, if contacts are not extensions but they have a device with a browser and Internet access, you can have a video conversation with them by using a special feature of Roundpin that allows you to initiate video conferences with external users; they only need a link to participate in a video conference, as we explain in the Video Conferences with external users chapter, further down below.

If you installed a complete mail server as explained in the Install the mail server chapter and you enabled Roundcube integration as explained above, when you click the envelope shaped ‘Email’ button on the logo bar, you will be automatically logged in to Roundcube and your Inbox will be displayed on the right panel:

If a contact has an email address in its saved data and you hover over its name on the left panel, you will see a small envelope shaped button next to the ‘Audio Call’ button. When you click that button, a new ‘compose’ window will open on the right panel, with the contact’s email address already entered in the ‘To’ field. All you will have to do is to enter a subject, the text of the email, then press ‘Send’, to send the email:

27.6.1. Dial any number

As explained earlier, Roundpin can be used like a real phone, to call any real phone number in the world. To dial a number, click on the ‘Dial Number’ button located below your name. This will open the dial pad:


Any phone number that you enter has to be preceded by the country calling code. For example, if you want to call the German phone number 1212121212, you will dial 491212121212, where 49 is the country calling code of Germany. There is no need to add a + sign or 00 in front of the country calling code.

A similar dial pad can be seen if during a phone conversation you click the ‘Show Key Pad’ button located alongside the ‘Mute’, ‘Start Call Recording’, ‘Transfer Call’, ‘Hold Call’ and ‘End Call’ buttons. That dial pad is used to press specific keys when listening to the IVR prompts.

27.6.2. Regular video conferences

Below your Roundpin display name, next to the ‘Dial Number’ button, there is the ‘Launch Video Conference’ button. By clicking on it, you can enter the video conference configured for the extension that you entered earlier in the ‘Settings’ window, ‘Audio & Video’ section, ‘Video Conference Extension’ field. You can be the first who enters the conference, or you can be the second, third, etc., in case other Roundpin users, have already initiated the conference. The width of the video window for all participants will be the one that you have set up in the ‘Percent of screen width that the video conference windows will have’ field.

While in a video conference, if you hover over your video window (the leftmost on the first row), you will see a bar with several controls at the upper right corner of the window.


Using these controls you can open a dial pad (to enter the pin of the conference, if required), mute your audio stream, mute your video stream, share your screen or any open window on your screen, return to video camera sharing, set the video window in fullscreen mode.

While in a video conference, if you click on the small arrow located at the top of the screen, the Hangup/Fullscreen bar will open:

You can set the entire screen in fullscreen mode by clicking the ‘Fullscreen’ button. When you want to exit the video conference you can click the ‘Hangup’ button. This will end the conference call for you, while the other participants can continue to participate in the conference.

27.6.3. Video Conferences with external users

If you are a superadmin, in the ‘Settings’ window, at the bottom of the ‘Audio & Video’ section, you will see the ‘External Video Conference Users’ section. Here you can enter a special extension that you have configured in Asterisk: the extension that would allow external users to access a video conference without having a Roundpin account. Let’s say that you choose 789 as the special extension. Edit the /etc/asterisk/pjsip.conf file:

nano /etc/asterisk/pjsip.conf

Add the following blocks right above the [publish-extension-state] block:

; External video conference user





where Y24bE9vtt4wL2szK9q is a strong password and is the public IP of your server. Restart Asterisk to apply the changes:

systemctl restart asterisk

Next, in the ‘External Video Conference Users’ section mentioned above, in the ‘Extension’ field enter 789, in the ‘SIP Password’ field enter the password set up in Asterisk for extension 789, Y24bE9vtt4wL2szK9q in our example, then click the ‘Save’ button. A pop-up message will announce you that the data has been saved successfully. The page will refresh itself automatically and when you will open the ‘Settings’ window again, the ‘External Video Conference Users’ section will look like below:

As you can see, the ‘Link’ field has been populated with an automatically generated link, that you can copy to clipboard by clicking the ‘Copy link to clipboard’ icon. You can then send that link to any user by email or by other means and they can access the conference as extension 789, without the need for a Roundpin account. All they need is the link and a device with a browser and Internet access.

Please note that the link doesn’t contain the plain text SIP password for extension 789. It doesn’t even contain the SIP password in an encrypted form. All it contains is the domain of the server, roundpin.example.com, and the extension number (789) and the Roundpin username of the superadmin who generated the link (john_doe , for example), both the extension number and the username being encrypted with a strong encryption algorithm.

You can set up multiple extensions for external users (790, 791, 792, etc.) in the same way as you did for 789. In this way, you can create multiple links for external access to video conferences. Please note that although many different users can enter a video conference simultaneously using the same generated link (and the same Asterisk extension), it’s recommended to generate and give different links to different external users.

All the generated links will be functional as long as they exist. After a video conference takes place and one or multiple external users have used the links that you have sent them in advance, you can remove those links by clicking on the X sign next to the ‘Edit’ button. If at least one link associated with your username exists in the database, when you click ‘Log Out’, you will see a pop-up message informing you that there are links saved in the database that can give external users access to the video conferences and that you can remove all the links saved to the database associated with your username. If you click OK, all the links will be automatically removed from the database and thus will become non-functional.

27.6.4. In-browser call recording

Please note: if you want to record an audio or video call by pressing the ‘Start Call Recording’ button that appears alongside the ‘Show Key Pad’, ‘Mute’, ‘Transfer Call’, ‘Hold Call’ and ‘End Call’ buttons while in a conversation, you will have to have browser history enabled in your browser. In Firefox, in ‘Privacy & Security’ > ‘History’, you should select either ‘Remember history’ or ‘Use custom settings for history’ and check ‘Remember browsing and download history’. Otherwise, pressing the ‘Start Call Recording’ button will not work. Also, please note that it would be fair-play to warn the other party of your intention to record the conversation before starting recording. If you just press the ‘Start Call Recording’ button, your interlocutors will not know that they will be recorded. This is why the best method of implementing call recording is at the level of Asterisk, which involves playing a warning message before starting the recording, as explained in the Call recording subchapter of the Install Asterisk chapter. Also, at the moment, the in-browser call recording functionality can be used only in one-to-one audio/video calls and not in video conference calls. If you need to record a video conference, the best method for the moment is to use OBS Studio, installed on your local computer.

27.7. Upgrading Roundpin

First archive the /var/www/roundpin.example.com folder and include the date in the name of the archive:

cd /var/www
tar czf roundpin.example.com-2020-5-21.tar.gz roundpin.example.com

Store the archive in a safe place as backup.

Next, export Roundpin’s database using phpMyAdmin. Once logged in to phpMyAdmin click on the name of the database on the left panel (roundpindb in our example), then click on Export in the upper bar, then click on ‘Go’. After you save the sql file on your computer, rename it to include the date, then place it in a safe location, along with the archive created above.

Next, download the new version of Roundpin from the official web page and upload it to the /var/www/roundpin.example.com folder, overwriting the old files with the new ones. Change ownership and permissions:

cd /var/www
chown -R www-data:www-data roundpin.example.com
find /var/www/roundpin.example.com -type d -exec chmod 750 {} +
find /var/www/roundpin.example.com -type f -exec chmod 640 {} +

27.8. Privacy of phone conversations

As mentioned, if you use Roundpin, when you make audio/video calls or have text conversations with other extensions configured on your Asterisk server, the data transfer between a user’s browser, the server and the other user’s browser, is TLS encrypted. This is also true for video conferences. In addition, all text messages are encrypted with RSA keys regenerated on each page load. We can call this end-to-end encryption.

However, if you make phone calls to mobile or landline phone numbers, all data will pass through Telnyx or Localphone servers and through other servers of different phone carriers, downstream. This means that the audio calls to regular phone numbers will only be encrypted on the ‘browser – to – server’ leg of the journey, but not on the ‘server – to – Telnyx/Localphone – phone carriers – receivers’ journey. This also applies to phone calls to/from regular phone number made with SIP Trip Phone, and to SMS messages sent/received with SMS Relentless and faxes sent/received with Pax Fax, although in the case of SMS messages and faxes, the path between your server and Telnyx/Plivo/Phaxio servers is also encrypted, since the data is transferred via requests over HTTPS. (The incoming SMS messages and faxes are also signed, and this allows SMS Relentless and Pax Fax respectively, to verify the authenticity of all the incoming SMS messages and faxes.)

Also, you have to be aware that even the providers that we recommend (Telnyx, Localphone, Plivo, Phaxio) as well as all the other similar providers, can use, and in general do use, the hosting services of tech giants like Google, Microsoft, Amazon, IBM, while the phone carriers that allow the phone calls, SMS messages, faxes to reach their final receivers, can also use the hosting services offered by the mentioned companies. This is something that you cannot control, since regular phone calls, SMS messages and faxes are not encrypted and they normally pass through the servers of various companies spread around the globe, depending on the destination of the phone calls/SMS messages/faxes. Nobody can convince all the SIP providers and phone carriers in the world to strictly avoid the hosting services of the mentioned tech giants. This means that when you use the applications included in RED SCARF Suite to make/receive phone calls to/from regular phone numbers, or to send/receive SMS messages, or to send/receive faxes, you have to be aware that only a part of the data transfer is encrypted, and that in many cases, this transfer is made via the servers of the big tech giants which we fight against.

The solution to this privacy issue is to avoid transmitting sensitive data by means of regular phone calls or SMS messages or faxes. If you want to transmit sensitive data, a more secure way is to use encrypted emails, as we describe in the Install Thunderbird and use it to encrypt/decrypt emails chapter. Yet, you have to be aware that no type of digital encryption is 100% secure due to various factors that are associated with it, like operating system or application vulnerabilities, social factors, etc. Therefore, if you want to transmit highly sensitive data, we recommend using the ‘Ben Laden method’, which means to avoid any type of digital technology and convey the message face to face or, if that is not possible, via trusted persons.

You can send your questions and comments to: