Microsoft Makes Skype Easier To Monitor 150
In a follow-up to a story earlier this week, derekmead writes "Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users' addresses and credit card numbers, more easily shared with authorities. As we've already seen with Facebook and Twitter, big Internet firms aren't digging their heels in against government requests, which shouldn't come as a shock; angering the authorities is bad business. The lesson then is that, while the Internet will always retain a vestige of its Wild West days, as companies get bigger and bigger, they're either going to play ball with governments or go the way of Kim Dotcom."
Re:Open Source (Score:4, Informative)
... it does need mobile clients, although an Android client is apparently in the works.
Problem: It is not true (Score:5, Informative)
This from the TFA:
Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a killer report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities.
The " to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities" is pure speculation.
And the alleged updates "since it was bought by Microsoft last year" (supernodes hosted in central data centers) was actually started in 2010, well before the Microsoft acquisition:
http://www.zdnet.com/skype-talks-back-to-critics-on-security-and-privacy-7000001682/ [zdnet.com]
But this is slashdot. Why let facts get in the way of a good rumor-fueled speculation when it promises for a good Microsoft bashing?
Almost Yes. (Score:5, Informative)
Will Jitsi let me call home to my old wired phone?
Yes: ...BUT...
Jitzi supports the SIP standard and there are plenty of SIP-to-POTS providers around (for example, I use Switzernet which is based in switzerland and free to/from several european countries. Works with both my SIP sfotwares - Ekiga and Twinkle).
For obvious reasons there's no easy way to guarantee end-to-end encryption. So you *CAN* call home, but you won't get guaranteed privacy.
For full end-to-end encryption you need:
- a digital link from the source to the other end (which is not the case when bridging to POTS)
- the possibility to audit the software used at both ends that there are no bugs or implementation problems which could leak critical data. (So you need an opensource front-end and an opensource encryption layer, preferably using known and well tested and documented protocols (like ZRTP). And you need enough independent eyeballs looking at said code) (Jitzi is opensource so one can check that everything is properly implemented to avoid leaks).
Re:For me, the real question is... (Score:5, Informative)
Your government already thinks constitutional rights don't apply when the target is not a US citizen (bonus points if they aren't even in the US)
Re:Problem: It is not true (Score:2, Informative)
When you go to another computer, you can still look up your chat transcripts. How do you suppose that is, if Skype doesn't have them? And if Skype has them, who else do you suppose Skype could share them with?
How was this modded informative?
Re:Want to know the truth about Skype? Read on. (Score:2, Informative)
That's not borne out by your data. In fact, the Ars article referenced in your link states that supernodes play no role whatsoever in making calls.
That's not exactly right. Supernodes (now controlled by Microsoft) provide:
1) NAT traversal: meaning... if, for some reason, the two people who want to talk can't connect directly (not that rare), the calls themselves _do_ go through a supernode;
2) rendezvous points/P2P bootstrapping/user location services: this means that Skype/Microsoft, if it wants, can basically "lie" about the location of the person you want to talk to (it has all the keys, after all), allowing them to impersone that user. It then proxies along your connection to the correct IP, but can now perform man-in-the-middle attacks (not hard because, again, it has all the keys); this can be done dynamically, depending on the Skype ID, which makes it easy to auto-wiretap specific people.
So... yeah... them having the keys + them being able to (selectively) put themselves between any connection in the Skype network DOES provide them with MiTM capability.
Seriously, read the patent they got awarded on this.