If we told just anyone, it wouldn’t be private!!!
Srsly any phone app is inherently insecure because the phone itself is insecure. And there’s lots of metadata leakage, like the phone broadcasting its location. There is no “go to app”. It all depends on what you are trying to do and who you are trying to communicate with.
If this is for live disks or mirrors (not backup), LUKS is reasonable. Backup is different from mirroring since one of the things it protects you from is accidentally deleting files. If you delete a file from your main drive, it also disappears from the mirror drive, so mirrors are not backup. For encrypted backup, I’ve been using Borg backup which is quite well thought out, though confusing at first. The backups go on a remote server which is ok since they are all encrypted.
The codecs are built into the client (I’m using linphone) and they all sound like crap. Provider is vitelity.net but I have a twilio account so could try that. Also, they only work at all when the phone is online by wifi. Using the phone’s mobile data is total fail. Too many dropouts etc.
This forwards to an (oh the irony) blogspot post, https://articlesgallery8543.blogspot.com/2023/10/lets-decentralize-web-together.html It encourages people to move off sites like facebook towards sites like lemmy. Great but I think we knew that already.
Voip call quality is terrible, it is near unusable over mobile data IME, it adds latency etc.
I guess an intermediate measure might be to make all your phone calls through a forwarding proxy (e.g. implemented with Twilio API) so that all the mobile carrier sees is that your phone calls all go to the same number. Similarly you’d give out a VOIP DID number that forwards to your mobile, so all your incoming calls would appear to come from the same number.
Don’t know about Signal but the way PFS usually works is there is something like a Diffie-Hellman (DH) key exchange. Each person generates a random (private) number, remembers it, crunches it mathematically into a public number, and sends the public number to the other person. Each then combines their private number with the public number that they got from the other person, and this (because of how DH works) cleverly gives both people the same secret number they use for the encryption, but the secret can’t be reconstructed without knowing at least one of the private numbers. Finally, the PFS part is simply that each person permanently deletes both the shared secret and the private number they generated for that exchange (they will create new ones next time they want to communicate). That means there is no way to reconstruct the secret and re-decrypt the message.
Of course, authentication also has to be added to all this.
For more info, probably easiest to look up Diffie-Hellman key exchange online.
No a lot less, twilio is $1/mo, see also VoIP.ms and vitelity.net