It's also possible for a VOIP SIP provider to not proxy the media when it's smart enough to detect that the two call parties are pure digital SIP VOIP endpoints.
Say you subscribe to SIP provider A and I subscribe to SIP provider B. If both SIP providers are running smart enough software to detect that when I dial your phone number 843-123-4567, that number is not a PSTN copper landline, it's actually a DID which is really a SIP address behind the scenes, then my sip provider ought to signal to my endpoint over SIP that it should connect directly to yours for a pure direct digital call. In doing so the call avoids transiting out thru the PSTN and back in again, therefore avoids requiring its media to be decrypted to g711u by my MITM sip provider. My endpoint or pbx would simply connect directly to your direct SIP address eg
[email protected] and the media could remain encrypted as well as the SIP signaling, thus, no man the middle could possibly listen in. Also, a penny saved, due to no PSTN call termination fee.