Ooma Hysteria

I received e-mails from a number of bloggers this morning linking to their stories about ooma, the latest p2p VoIP scheme promising free long distance to the masses. The difference between ooma and other p2p solutions like Skype is the ooma solution utilizes phone lines of existing customers to terminate calls in local areas.
 
A call placed on the ooma network from San Francisco to the 203 area code would be terminated on an ooma box in someone’s house in the 203 area code. The question worth asking (and I have not had a briefing from the company as of yet) is what security measures are used to ensure I am not listening in on other callers.
 
If that caller from San Francisco is calling their broker they most likely won’t be thrilled to have me listening to their phone call.
 
To be fair, this is pretty obvious and I imagine the company has a solution to this problem. But I am just not able to figure out how the call could be sent to the PSTN from my house while keeping me from tapping in quite easily. More to come.
 
Thoughts from:
 

  • Mike
    July 28, 2007 at 3:17 am

    When you write about OOMA:
    “If that caller from San Francisco is calling their broker they most likely won’t be thrilled to have me listening to their phone call.
    “To be fair, this is pretty obvious and I imagine the company has a solution to this problem. But I am just not able to figure out how the call could be sent to the PSTN from my house while keeping me from tapping in quite easily.”
    The answer to me is obvious. It’s completely impossible for OOMA to have a solution to this problem, since the land-line that I would be listening in on (my own) is completely outside of their control. It is the exsiting pair of wires in my house that connects their box to the phone company. It is completely impossible for OOMA (or anyone) to prevent me from listening in on it.
    And I strongly suspect that no court in the country would consider such eavesdropping to be illegal.
    Yet another reason why what OOMA has announced must be the dumbest idea yet.

  • Jeff Peck
    August 1, 2007 at 8:41 pm

    ooma has proprietary technology that monitors the line and prevents you from listening-in to calls you did not originate.
    the network is designed from the bottom up to provide quality and security.

  • Mike
    August 2, 2007 at 7:11 pm

    I am quire sure that what they are doing is:
    The Hub monitors the voltage across the line they are using and, if it sees a sudden drop in that voltage, assumes that a directly connected, regular phone has gone off-hook. The hub can then break the audio path between the orginal calling and called parties. This is not “proprietary”. Answering machines have been doing this for years to stop the recording if you answer an extension.
    But what happens with OOMA? The phone that went off hook is now connected, and can talk, to the original called party, much to their confusion. And the original calling party gets a prematurely disconnected call – something that is considered very bad in the telephony industry,
    However, any electronics amateur can rig up the simple, high DC impedance circuitry to monitor the audio on the line without being detected by the hub, since it does not cause a voltage drop. I did it 40 years ago. One can also rig up circuits to detect and display the called party number (DTMF) and to start a tape recorder whenever the line is being used.
    There is nothing the OOMA hub can do to stop this eavesdropping, since it is on the phone line itself completely outside of the OOMA hub’s control.
    It’s hard for me to believe that the OOMA engineers don’t understand this.

  • Mike P
    August 9, 2007 at 5:51 pm

    Hot off the press. Just found this on home.businesswire.com:
    August 9, OOMA announces Pre-sales. The announcement includes the following two statements:
    1. “This announcement contains forward-looking statements … Actual results may differ significantly from management’s expectations.”
    2. “Purchasers during the promotional period will have this no monthly charge service for at least three years.”
    You can interpret these anyway you want, but to me they mean:
    1. OOMA is making wild claims and, if they don’t work, don’t blame us.
    2. “Free service for life” is only guaranteed to be 3 years.
    Anybody willing to bet $400 on those terms?

  • John F
    September 11, 2007 at 9:28 pm

    Mike you bring up good points about the security of this device. Looking around the internet, I have not seen anyone from Ooma give a real answer about how the Ooma hub will protect you from the things you talk about, in particular an induction phone tap.
    I suspect this is because they don’t have an answer at all. Responses like the following from Jeff Peck, don’t really mean anything without some concrete explanation of how it actually works.
    “ooma has proprietary technology that monitors the line and prevents you from listening-in to calls you did not originate.
    the network is designed from the bottom up to provide quality and security”
    I think people need to wake up and demand some answers about their privacy from Ooma before people trust their phone conversations to some untested device.
    Hey Mike, what happen to your site ooma-revealed.info?

  • Mike P
    September 13, 2007 at 9:11 am

    Thank for the comment John F.
    Ooma execs called me twice about the web site. The first call was nice and she said they would have engineers look at it and get back to me about what was incorrect. She offered me a White Rabbit, which I refused, because of the security problems I detailed. Can’t connect one of those to my phone line.
    The second call, from their CFO, threatened legal action because of the “slanderous” things I said. I believe that their technical people couldn’t find anything wrong so they decided to take a different approach.
    Anyway, it doesn’t matter to me. Ooma will fail without my comments (on a web site).
    You’re right, they have just made silly claims about how they prevent eavesdropping, like something about a proprietary mathematical algorithm”. Such obvious untruths. I remember one commenter referred to it as “snake oil”.

  • Seze One
    October 18, 2007 at 6:28 pm

    I’ve been doing alot of research on ooma because i use packet8 and don’t wantt to pay monthly fees…this guy Mike is in every blog bashing on ooma w/out even trying it…whats the deal?

  • Jeff Peck
    October 19, 2007 at 5:40 pm

    For many years, people said “you cannot stand an egg on its end” and they had the empirical evidence to support that argument. Then Columbus (allegedly) comes along and does it… These days we know many ways to get an egg to stand on its end, from high viscosity atomspheres, to zero-g orbitals, to vibrating tables.
    When people say “it can’t be done” that may simply mean *they* don’t know how to do it.
    Jeff Peck
    Chief Technologist
    ooma, Inc.

  • Mike P
    October 19, 2007 at 10:58 pm

    Good question. I’ll tell you what’s the deal. I’ve worked in the telephony industry for many years and understand how it works. It’s true that I haven’t tried Ooma, although I was offered a free unit to test. The security concerns that I have detailed prevent me from allowing such a device to be connected to my phone line, which would let other, unknown people use my telephone line to complete their calls, what Ooma calls “distributed termination”. (I designed the system for MCI which did this 30 years ago, even though it did not use the Internet, but they used their own lines, not someone elses.)
    Let me detail one of the major problems that can occur when you let others use your line. Ooma claims that they protect you by blocking Calling Line ID (yours) from being delivered to the destination. This blocking works for calls to most regular subscribers, but if the call is to a business that has a Primary Rate ISDN interface, your telephone number may be delivered to them anyway. (Check American National Standard T1.625 for this service, which, incidentally, lists my name as one of the authors.) This is well known to telephony experts. The business thinks you called, and, even if you’ve signed up on the Do Not Call list, they now have the right to pester you with solicitation calls.
    What if the call is a bomb threat to a school that can see your ID?
    Or, even when your ID really is not delivered to the destination, suppose the call is to a drug dealer who is being monitored by the FBI. They can find out who called, even when Calling Line ID is blocked, and may then place a wiretap on your line (or come knocking on your door).
    The sad thing is that Ooma continues to deny that the above can happen and just keeps making statements that their engineers have worked night and day to prevent this, although experienced telephony experts know that is impossible.
    No, Jeff, Ooma can’t do it because it’s part of how the telephone system works, and Ooma doesn’t have the power to change that.

  • Rich Tehrani
    October 20, 2007 at 5:06 pm

    Thank you all for the great comments. To Jeff Peck, I haven’t tried your service and indeed you are right — I haven’t thought of a way to connect calls to the PSTN without allowing phone taps from the customer’s house.
    To be honest, in addition to making an egg stand on its end, I have trouble making a decent omelette. 😉
    But seriously, I understand the reason not to share how you keep your calls from being tapped. I certainly would want to keep this information confidential as well.
    But the reality is that in my history in telecom I have never seen a concept so controversial. Even if you are able to pull off what you say — it is obvious based on numerous blog entries and comments on these blog entries that almost no one in the communications industry believes you.
    Some of these people — unfortunately for your company, are the very same ones who get quoted in major publications regarding your technology.
    So if you are looking to have this service go mainstream at some point, you need to tackle this problem.
    I see two ways to do this:
    The first is to get a number of high profile telecom people to sign NDAs and share the information with them. They can comment on what you do without giving away the crown jewels. At least they can verify you are correct.
    The second is to go public with some of what you do and rely on your patents to protect you. I did a quick patent search and don’t see any applications from your company. With the news that Vonage was sued by yet another service provider this past week it likely makes sense to start applying for patents rather quickly to ensure your success does not get sued into oblivion.
    So Jeff, I wish you luck. Any company who can come up with a brand new way to provide VoIP service in a space rife with top engineers and massive amounts of financial resources deserves to be congratulated. I am looking forward to seeing how your company addresses this situation and continues to grow.

  • Onofrio ("Norm") Schillaci
    October 22, 2007 at 11:19 am

    You can easily monitor a POTS line that is undetectable.
    You can use a butt-set (Harris TS-21) and a high impedance tap, or a toner (Speciality Telecom Products) that can amplify the analog wave form.
    Both products are available at Home Depot for less than $100.00

  • skeptical
    August 16, 2010 at 1:02 pm

    Another issue, why is it not theft of the phone company’s service? The phone company is selling the household service for that household, not service to some random individual on the other side of the country. I think the only reason that the phone companies have not sued ooma over this is that they think ooma will fail on their own in short order.

Leave Your Comment