FYI there's like zero authentication built into public phone networks. You are who you say you are.
If you need to validate a caller, use a pre-trusted side channel and agree a rotating set of code words to speak before talking. But if you're at that level of op-sec then you wouldn't be using phone calls anyway.
FYI there's like zero authentication built into public phone networks. You are who you say you are.
If you need to validate a caller, use a pre-trusted side channel and agree a rotating set of code words to speak before talking. But if you're at that level of op-sec then you wouldn't be using phone calls anyway.
what would you be using instead (dm me if secret)
Either PGP encrypted text exchanges (i.e. over email), self-hosted Matrix with E2E, or Signal, in that order.
You still need to trust that the person on the other end remains the same and isn’t compromised. That’s probably the harder problem to solve.