Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Government Communications Privacy Social Networks Your Rights Online

Microsoft Makes Skype Easier To Monitor 150

In a follow-up to a story earlier this week, derekmead writes "Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users' addresses and credit card numbers, more easily shared with authorities. As we've already seen with Facebook and Twitter, big Internet firms aren't digging their heels in against government requests, which shouldn't come as a shock; angering the authorities is bad business. The lesson then is that, while the Internet will always retain a vestige of its Wild West days, as companies get bigger and bigger, they're either going to play ball with governments or go the way of Kim Dotcom."
This discussion has been archived. No new comments can be posted.

Microsoft Makes Skype Easier To Monitor

Comments Filter:
  • by Anonymous Coward

    sorry, not going to do it.

  • Open Source (Score:5, Interesting)

    by Nerdfest ( 867930 ) on Thursday July 26, 2012 @06:50PM (#40785403)

    Time to switch to something [jitsi.org] where we actually know what the software is doing.

    • Re:Open Source (Score:5, Interesting)

      by cpu6502 ( 1960974 ) on Thursday July 26, 2012 @06:54PM (#40785435)

      Will Jitsi let me call home to my old wired phone?

      Corporations working closely with government, and government working closely with corporations, including exchanges of money through campaign donations & legislative acts. Plus favorable regulations to help the megacorps and block new startups. There's a word for that...... hmmmm, right on the tip of my tongue. Starts with an F. Or a C.

      • Re:Open Source (Score:4, Interesting)

        by Nerdfest ( 867930 ) on Thursday July 26, 2012 @06:58PM (#40785465)

        We're almost at the point that we can drop POTS in favour of something less 'controlled'. I'm sure other measures will be taken to ensure it's not that easy though.

      • Almost Yes. (Score:5, Informative)

        by DrYak ( 748999 ) on Thursday July 26, 2012 @07:56PM (#40785939) Homepage

        Will Jitsi let me call home to my old wired phone?

        Yes:
        Jitzi supports the SIP standard and there are plenty of SIP-to-POTS providers around (for example, I use Switzernet which is based in switzerland and free to/from several european countries. Works with both my SIP sfotwares - Ekiga and Twinkle). ...BUT...

        For obvious reasons there's no easy way to guarantee end-to-end encryption. So you *CAN* call home, but you won't get guaranteed privacy.

        For full end-to-end encryption you need:
        - a digital link from the source to the other end (which is not the case when bridging to POTS)
        - the possibility to audit the software used at both ends that there are no bugs or implementation problems which could leak critical data. (So you need an opensource front-end and an opensource encryption layer, preferably using known and well tested and documented protocols (like ZRTP). And you need enough independent eyeballs looking at said code) (Jitzi is opensource so one can check that everything is properly implemented to avoid leaks).

        • by stms ( 1132653 )

          Are all my friends already on Jitsi or do I need to get into an awkward political discussion with them to get them to switch?

          • Re: (Score:3, Interesting)

            by rtfa-troll ( 1340807 )

            The great thing about VOIP is it doesn't matter. You can install and run both clients at the same time and then just make sure you are visible in Jitsi as much as possible whilst being visible very rarely in Skype, and then only when you want something (sit there invisible, but turn on notifications so you see when friends without Jitsi come on line). From time to time suggest to people that it would be easier to get you if they had Jitsi. When you meet people show them how to set up Jitsi (or whichever

          • Are all my friends already on Jitsi

            As Jitzi just use plain standards, the correct question isn't that, but :
            "Are all my friends already on SIP or XMPP/Jingle ?"

            (The software component itself isn't important. As long as the software supports SIP or XMPP you can communicate with them.
            As long as both software ends support ZRTP/SRTP, you can secure the communication. As long as both software ends support OTR, you can secure the text chat. Whichever software is used isn't relevant.
            Jitzi is just cited because a Tor's developper did recommend it an

          • Why is "I don't like having someone listen in on my private phone calls" a 'political' viewpoint? Surely that's something anyone can relate to? Who actually likes having someone listen to their phone calls?

      • Will Jitsi let me call home to my old wired phone?

        Jitsi uses SIP, so it just might (I haven't looked into it too deeply).

      • Corporations working closely with government, and government working closely with corporations, including exchanges of money through campaign donations & legislative acts. Plus favorable regulations to help the megacorps and block new startups. There's a word for that...... hmmmm, right on the tip of my tongue. Starts with an F. Or a C.

        I'm with you on the F word, but for the C word you'd better mean "corporatism", because you sure as sunshine aren't describing capitalism.

        • There's nothing in the definition of capitalism that precludes colluding with the government, or requires absolutely free markets. If it has private transferrable property on the means of production, it's capitalism.

          • Your definition, perhaps, but most capitalists' definition precludes more than minimal government. Sort of like how just because you have a welfare state doesn't mean you have socialism.

            • Your definition, perhaps

              It's an economics textbook definition.

              most capitalists' definition precludes more than minimal government.

              Who are all those capitalists? Warren Buffet doesn't seem to argue for minimal government - is he a capitalist? Heck, my mom ran a business for 20 years while voting social-democrat - was she a capitalist? Of course, if your definition of "capitalist" is "people who agree with my definition of capitalism", then it kinda works out, but there's the obvious recursion problem

              Sort of like how just because you have a welfare state doesn't mean you have socialism.

              That's actually a very good point. Indeed, welfare state does not mean that you have socialism. That

              • Depends on the economics textbook. Economics (especially macro) isn't a real science where you run actual experiments and learn useful things, it has very little predictive value and with all its contradictory schools of thought seems to me to belong more in the philosophy department than the business school.

                So maybe I have the recursion problem you describe, but "capitalism" in most people's minds is inexorably linked with free markets, and it's in that sense that I use it. And when you have actual free

                • So maybe I have the recursion problem you describe, but "capitalism" in most people's minds is inexorably linked with free markets, and it's in that sense that I use it. And when you have actual free markets, there's no place for corporatism because you don't have a state powerful enough to be worth coopting.

                  It's generally true, because capitalism in the absence of free markets tends to degenerate. But then, for most people, the meaning of the word "free market" is the one that it had since introduced by Adam Smith - to wit, a market with free competition. In other words, without monopolies. In Smith's time most monopolies were government-created, and he covered them in detail, but he also had the foresight to warn about collusion between market players themselves, and the harm it would do by making the market

                  • And by now it probably won't surprise you that I'm libertarian and that the Austrian school economists are the ones that I... well, disregard the least, I suppose. That's why I think the problem of unnatural monopolies in a free market aren't a huge problem, since there's no regulatory barrier for new competitors to undercut the conspirators. Even when a cartel is too big to have to worry about new entrants, like OPEC, they're not that great at staying banded together.

                    • Unnatural monopolies, perhaps. But it's the natural monopolies that are the real killer of the libertarian ideal.
                • in most people's minds is inexorably linked with free markets

                  Where I live that's certainly not my experience, but then again the people I know are not a valid statistical sample of the population.
                  So, on what do you base that?

            • by mcgrew ( 92797 ) *

              Rather than quibbling about the meaning of a word, why not look it up? [wikipedia.org]

              Capitalism is an economic system that is based on private ownership of the means of production and the creation of goods or services for profit. Competitive markets, wage labor, capital accumulation, voluntary exchange, and personal finance are also considered capitalistic.[1] There are multiple variants of capitalism, including laissez-faire and state capitalism. Capitalism is considered to have applied in a variety of historical cases,

              • Rather than quibbling about the meaning of a word, why not look it up? [wikipedia.org]

                If you read further, you'd see that shutdown and I were approaching this from different economists' definitions. So you're adding yet another definition for us, which is fine, but doesn't really resolve anything.

                You're saying dogs aren't mammals because cats are mammals and dogs aren't cats. In short, your definition is incorrect.

                Wow, bold and everything — must be true. That, or maybe my definition seems to be used by some people, but not by others. I think now that I've explained it that reasonable people can figure out where I'm coming from.

                Perhaps you're listening to the wrong drug-addled sex tourist on your radio? You would do well to broaden your horizons.

                Kai Ryssdal [marketplace.org] is a drug-addled sex tourist? Wow, I learn something new eve

        • I was thinking 'corruption.'
    • Re:Open Source (Score:4, Informative)

      by Nerdfest ( 867930 ) on Thursday July 26, 2012 @06:56PM (#40785451)

      ... it does need mobile clients, although an Android client is apparently in the works.

    • Thanks for this link.

      Just uninstalled skype, installed Jitsi and Will advocate / promote the living hell out of it

      Fuck you Microsoft.
    • Re:Open Source (Score:5, Insightful)

      by westlake ( 615356 ) on Thursday July 26, 2012 @07:19PM (#40785667)

      Time to switch to something where we actually know what the software is doing.

      Now all have to do is convince friends, family, business and professional contacts to abandon Skpe. Something which is not going to happen.

      • Why not? Are they in favour of unauthorized government and corporate wiretapping? I would think most could be convinced quite easily.

        • Re: (Score:3, Insightful)

          Most people THINK they do not have anything to hide, such as when they talk about the antics of their 3-year-old grandson or other inane conversations. Therefore most people would not switch or quit using Skype. Anyone who does have deep dark secrets they wish to hide from the KGB, FBI, NSA, Gestapo or other such agencies, would not be using Skype or any other easily intercepted communication system.

          • >Anyone who does have deep dark secrets they wish to hide from the KGB, FBI, NSA, Gestapo or other such agencies, would not be using Skype or any other easily intercepted communication system.

            So they are basically right. The NSA is already listening. Unless you're in a position to do something about it, might as well live your life and not worry about it.

          • by Max_W ( 812974 )
            And if it is a corrupted official who is listening? Who gets an information that one parts for a month for a business trip from home?

            Probably in your country there are no corrupted officials who spend their working days listening to conversations. But the corruption does exist in many places.

            Why not to use both programs? We are often influenced by the magic of the figure 1. But dualism is a good principle, which is also widespread in the nature.
          • Why do we supposedly need "something to hide" in order to find it sucky being watched/eavesdropped all the time? The fact is it just plain SUCKS if you have to live your life knowing that somebody is/can watch what you're doing and listening to what you're saying. This is why we have things like curtains, why we usually close the bathroom door, and why the Panopticon is referred to is conceptually always a "prison". We shouldn't have to justify not being monitored, that notion turns everything about the pri

            • "How many normal honest people actually LIKE being monitored on things like Skype and Facebook, and would they prefer to be monitored if given a choice?" You would be surprised... I know a few.
        • Try it and come back with your results. You'll probably be disappointed by reality.

        • by jimicus ( 737525 )

          IME, most are already quite sure that the government can tap any call they damn well please, regardless of the technology.

          "News: Skype is no longer difficult for government to monitor!" will, by many, be met with a reaction of "What, you mean it used to be difficult? No way!".

          Skype didn't become popular because of the encryption. It became popular because it was the first easy to use software phone that made a couple of simple promises: free calls between Skype users, no complicated setup, works through mos

        • No they would not. People are sheep, all they see is this cool thing, and they want it and want it now, don't care how it works, why it works, consequences or whatever. It is this reason - thees people, why the "Our Government of Corpocracy" are successfully and slowly eroding our privacy, our rights, and our freedoms.
          They say if you put a frog in boiling water, it will jump out. But if you put him in water and slowly raise the temperature, it will slowly cook itself... We are the frogs! When I told a f
      • But if said friends have a Google account, they can already log into a XMPP/Jingle server using any compatible client (like Jitzi) and as long as both end support ZRTP encryption, the communication will be secure.

        Has some tried if Jingle works between people connected on Facebook's XMPP gateway ?

        In both case, you don't need to drag you whole network into a newer system, you only have to convince users to install a software supporting the necessary standard, you already have a network to leverage.

        Now if some

      • Something which is not going to happen.

        They're already looking.

        Call quality, reliabilty an stabilty have all fallen dramatically over the past few months. Just about everybody is pissed off with it.

      • by Trogre ( 513942 )

        Not with *that* attitude.

    • by Trogre ( 513942 )

      I fully agree with your sentence but not necessarily your link.

      Yes, all nerds should abandon Skype as soon as possible. However given its rather unfinished state I'm not sure Jitsi is the realistic alternative at this stage.

    • Time to switch to something [jitsi.org] where we actually know what the software is doing.

      Will Jitsi let me call everyone else I know who uses skype?

      Trying to convince them all to ditch Skype due to the government monitoring them is a waste of time since most people in the world are not that bothered about it. They just the view that since they are noting anything wrong they have nothing to hide or that if government want to monitor them it will find a way anyway.

  • by TWX ( 665546 ) on Thursday July 26, 2012 @06:50PM (#40785405)
    ...will this mean "wiretapping" via traditional warrant methods, or warrantless eavesdropping, either by non-warrant request or by essentially giving them the keys to the castle?

    If it's traditional warrant methods then I'm not really any more concerned than I am for regular phone calls on POTS lines. If it's otherwise then I'm glad that I never set up a Skype account.
    • by Opportunist ( 166417 ) on Thursday July 26, 2012 @07:09PM (#40785547)

      Don't get your hopes up. It's "on the internet". Seems consitutional rights don't apply there.

      • Re: (Score:3, Insightful)

        Seems consitutional rights don't apply there.

        what's that?

        and in a few years, the current generation of its time will ask that, with a full serious face.

      • by Kalriath ( 849904 ) on Thursday July 26, 2012 @10:28PM (#40786837)

        Your government already thinks constitutional rights don't apply when the target is not a US citizen (bonus points if they aren't even in the US)

      • You GEEKS WITH WIRES think you have rights? HAHAHA! Haven't you geeks caused enough trouble already, messing with the profits of our mega corps! Things like sharing and free speech - It's all your fault you brought thees misguided concepts to the masses!
        This will stop and we will choke you with your own WIRES!
    • by yuhong ( 1378501 )

      Yea, this can be a good thing if used properly, or a bad thing if not.

  • People up to something will use a smaller, more secure system, perhaps even rolling their own communications (hey, it's not that hard).

    So the people they really want to monitor is *us*.

    • by Opportunist ( 166417 ) on Thursday July 26, 2012 @07:12PM (#40785575)

      So the people "up to something" will use encryption we cannot monitor, you say? Well, I guess that means that everyone who doesn't use our standard encryption that isn't worth being called encryption is suspicious just for using an encryption method we cannot eavesdrop in.

      Thank you for your input, citizen, it will be considered with the next round of new laws.

  • by benjymouse ( 756774 ) on Thursday July 26, 2012 @07:37PM (#40785817)

    This from the TFA:

    Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a killer report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities.

    The " to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities" is pure speculation.

    And the alleged updates "since it was bought by Microsoft last year" (supernodes hosted in central data centers) was actually started in 2010, well before the Microsoft acquisition:

    http://www.zdnet.com/skype-talks-back-to-critics-on-security-and-privacy-7000001682/ [zdnet.com]

    But this is slashdot. Why let facts get in the way of a good rumor-fueled speculation when it promises for a good Microsoft bashing?

    • The " to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities" is pure speculation.

      I actually suspect there's some substance there, but the practical purpose is different. As anyone using Skype today knows, it's truly P2P, even when it comes to chat history - meaning that your devices will sync your chats between each other, but only when they are both online to share it. If, say, you always log off on the desktop before logging on the smartphone, it won't share them. And if you're offline on all devices, messages can't be sent to you - the sending client will keep showing the spinning ci

      • Both these things are often complained about, but the only other way is to store full chat logs on the server, so that they can be pushed to all clients later when they come online. This would also make history sync always work on all clients. But it, of course, means that your chat logs are now subject to subpoenas, NSA security letters, and whatever else the government has at its disposal.

        You could solve this with public key encryption, if you really wanted to. The chat messages could be stored on the server encrypted with the sender's and the receiver's public keys, separately.

        • Yeah, but it would require some conscious effort. And I don't think any existing IM system with server-side logs does it that way. GTalk sure doesn't.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      When you go to another computer, you can still look up your chat transcripts. How do you suppose that is, if Skype doesn't have them? And if Skype has them, who else do you suppose Skype could share them with?

      How was this modded informative?

  • Architecture that facilities a man in the middle attack (which is essentially what this does) is just asking for trouble. Skype used to have a pretty impressive peer to peer encryption design. No longer, I guess.

    This is bad if law enforcement uses it illicitly. It's worse if some Skype/Microsoft employees go rogue, or if a hacker breaks into the infrastructure. I mean, you're baking insecurity right into the design of the frickin' product. What could go wrong?

    I wonder sometimes if big brother is going

    • Skype used to have a pretty impressive peer to peer encryption design. No longer, I guess.

      Yes it does. Nothing has changed with the peer-to-peer encryption. You have been fed rumors, speculation. Here is what Skype says (but if you *want* to make it into a conspiracy you can of course assume that they are lying):

      Skype software autonomously applies encryption to Skype to Skype calls between computers, smartphones and other mobile devices with the capacity to carry a full version of Skype software as it always has done. This has not changed.

      (from http://blogs.skype.com/en/2012/07/what_does_skypes_architecture_do.html [skype.com])

      This is once again someone irresponsibly reading license terms and trying to twist every phrase and condition into something sinister. Like Skype making sure that you understand that instant messages may be sto

  • by Anonymous Coward on Thursday July 26, 2012 @09:12PM (#40786409)

    I'm posting anonymously because I don't need attention. Here's the chronology and you can find the sources of these claims on your own.

    - NSA issues a billion dollar RFP asking for a solution to wiretapping Skype
    - as years pass, NSA's concerns about Skype keep on growing, they keep on lobbying lawmakers and industry officials
    - out of the blue, MS buys Skype and pays an astronomical price
    - buying Skype at that price makes no sense for MS since it poisons their relationships with carriers and pundits are confused
    - first thing MS does is it kills supernodes and installs THOUSANDS of Linux servers running grsecurity http://grsecurity.net/news.php#Skype
    - that means that ALL Skype traffic now passes through MS servers and can be easily wiretapped since MS holds all the keys and can easily perform a MITM attack
    - NSA starts jumping from joy because their biggest black hole has been plugged.
    - MS is happy because they are now getting regular large checks from NSA

    tl;dr: Skype's a botnet and NSA paid MS to buy Skype

    • by grcumb ( 781340 )

      - first thing MS does is it kills supernodes and installs THOUSANDS of Linux servers running grsecurity http://grsecurity.net/news.php#Skype [grsecurity.net]
      - that means that ALL Skype traffic now passes through MS servers and can be easily wiretapped since MS holds all the keys and can easily perform a MITM attack

      No, it means that SOME Skype traffic (i.e. text messages, but not voice calls) can be easily wiretapped.

      tl;dr: Skype's a botnet and NSA paid MS to buy Skype

      That's not borne out by your data. In fact, the Ars article [arstechnica.com] referenced in your link states that supernodes play no role whatsoever in making calls.

      I don't trust Microsoft at all; in fact, I think they can be relied on to do whatever they think is reasonable to get along with government (and by extension, law enforcement). But this particular issue - the establishment of grSecurity supernodes - doesn't get

      • Re: (Score:2, Informative)

        by Anonymous Coward

        That's not borne out by your data. In fact, the Ars article referenced in your link states that supernodes play no role whatsoever in making calls.

        That's not exactly right. Supernodes (now controlled by Microsoft) provide:

        1) NAT traversal: meaning... if, for some reason, the two people who want to talk can't connect directly (not that rare), the calls themselves _do_ go through a supernode;

        2) rendezvous points/P2P bootstrapping/user location services: this means that Skype/Microsoft, if it wants, can basically "lie" about the location of the person you want to talk to (it has all the keys, after all), allowing them to impersone that user. It then prox

      • by wrook ( 134116 )

        Skype is essentially running SIP under the hood (slight differences, but essentially the same). The supernodes aren't usually involved in signalling because NAT can be traversed using other methods. However, the supernodes will carry voice traffic. I have no idea what the initial poster means by "MiTM attack". Normally when you are talking about man in the middle, you are talking about spoofing one of the ends. I suspect that's not what they meant because why would you want to do that.... I suspect th

    • CALEA's "Second Report & Order" states it's providers that must foot the bill. If our government paid for MS to acquire Skype perhaps there are shady deals afoot, but the US law states providers must pay the costs of snooping: the aforementioned shady deals would be very bad behavior from the US of A government, paying to acquire CALEA compliance.

      The costs of running a couple thousand Linux nodes & paying bandwidth can not be that bad. MS certainly knew they'd have to remake Skype when they bought t

    • by gshegosh ( 1587463 ) on Friday July 27, 2012 @03:53AM (#40788227)
      If you don't need attention, how is that you believe that Slashdot won't forward your IP to authorities?
  • mostly in a bid to improve reliability

    .
    Is this one of those far too numerous grassroots /. articles that try to put a positive spin on a negative situation?

  • ...where the NSA et al would mod "up" and not necessarily only all the Microsoft Trolls.
  • by gshegosh ( 1587463 ) on Friday July 27, 2012 @03:47AM (#40788203)
    I find it quite amusing, that the software that comes from creators of Kazaa, which uses the same P2P methodology that was developed to help people bypass government- and law-restrictions is now being used to spy on people.
  • So, what you're saying is, you've created a giant lollipop for crackers everywhere, where they need only compromise your giant database to get millions and millions of credit cards, passwords, addresses, and more. Were I Loyds, I would not even offer a probability on this happening at some point in the near future.

    *facepalms* It's like they've all been taught anti-security. MS -> "Let's ditch our push to safer, garbage collected, safe strings, randomized memory location languages, and bring back C++ with

The most delightful day after the one on which you buy a cottage in the country is the one on which you resell it. -- J. Brecheux

Working...