Microsoft Won't Say If Skype Is Secure Or Not. Time To Change? 237
jetcityorange writes "When asked repeatedly a Microsoft spokesperson refused to confirm or deny that Skype conversations [could be monitored]. Microsoft was granted a patent a month after purchasing Skype that covers 'legal intercept' technology designed to be used with VOIP services. Is it time to consider more secure alternatives like Jitsi like Tor's Jacob Appelbaum suggests?"
Seriously? (Score:5, Insightful)
The more shocking idea is the assumption that any major VOIP service based in a major country does not allow intercepting on their services.
Re:Seriously? (Score:5, Informative)
Re: (Score:3, Insightful)
Yeah, another non-story.
And no, we will not switch to your unheard-of, no-name, pet-fav, video conferencing software. Definitely not because some guy from the tor project said we should.
Our families all use Skype and it works fine.
Re:Seriously? (Score:5, Insightful)
Re: (Score:2)
Our families all use Skype and it works fine.
Skype used to work fine. Lately it drops a lot of calls on me and sound quality seems to be going downhill, lots of stutters and outright strange garbage. And lag on the presence notifications has gone through the roof. Now I really can't trust what I see when Skype tells me somebody is on or offline. And it's not my network, Google talk works just fine including video.
Another thing that's gone downhill on Skype: nobody seems to hang out there any more. It used to be, I'd see all my contacts whenever they a
Re: (Score:2)
When I upgraded to a new computer at home I never bothered reinstalling it and I moved jobs which doesn't make such heavy use of Skype so I hadn't touched it in a long time.
Recently I had a need to use it again while talking my mum though some procedures on her new phone so I installed it again. It crashed when I first try to install, but succeeded the second time without any problems. The applicati
Re: (Score:3)
Speaking of the law as well, let's assume that they actively doing intercepts for law enforcement. They might just be bungling being overly careful.
They say they are secure: Someone finds a way to hack and listen in to a VOIP call. Risk being sued for misrepresenting the security of their system.
They say there are flaws, or even there could be flaws, maybe even acknowledging one day they might be forced to allow the equivalent of a wire tap: Attacked relentlessly even if they don't know if any flaws actu
Re:Seriously? (Score:5, Interesting)
Re: (Score:2)
It seemed as if a dark brown elephant leg was trying to step out of a pink stocking, over and over again
Thanks for that image.
Re: (Score:2)
Have they unbanned you yet bro?
Re: (Score:2)
You must be using a leaking Skype browser
VOIP (Score:2)
Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped
Even when you tunnel your channel, even when you employed all the evading/security technologies that you can think of, if TPTB wants to know what you do, they could find ways to _CAN_ tap you
But of course, we _are_ talking about Microsoft in this case, which makes it even more poignant to understand how frail our security situation really is, online
Re:VOIP (Score:5, Insightful)
Re:VOIP (Score:5, Insightful)
And if we're to the wrench hitting level, breaking into your house and installing a mic bug in your keyboard works a treat for tapping your VOIP conversations.
Min
Re: (Score:2)
And if we're to the wrench hitting level, breaking into your house and installing a mic bug in your keyboard works a treat for tapping your VOIP conversations.
Min
depends on the half life of keyboards in that house hold. (spilled drinks mainly)
Re:VOIP (Score:5, Funny)
IBM Model M FTW!
Halflife of 20 years and it will deafen any bastard listening in to a bug within 10 feet of it!
Re: (Score:3)
When our users connect to their VPN, a script automatically randomizes their keyboard layout.
Have fun wiretapping!
Re:VOIP (Score:4, Insightful)
But of course, we _are_ talking about Microsoft in this case
Which comes with benefits too. Microsoft being a big, publicly traded company with offices in all major countries has to follow consumer protection and privacy laws too, and they can be in for a world of hurt if they don't. Using some 'inherently private' setup runs the risk that somewhere along the line that system both has a bug in it, and that bug is being actively exploited against you - and you have no recourse against the company running it (or the peers).
Re:VOIP (Score:5, Insightful)
That's funny.
What 'world of hurt' would Microsoft be in for?
Don't you remember what the US gov't did to help out their friends at AT&T and the rest of the 'conventional' phone industry when they happened to get caught assisting the gov't in mass recording of phone calls?
Is there any gov't that is not interested in even occasionally listening in some Skype calls? No. Any countries passed a law preventing wiretapping VOIP calls? No. So having a back-door into every call is legal around the world.
All that's left to argue about is how that back-door is used. And surely you can trust Microsoft to do what's right.
And I'm sure they've only occasionally wiretapped calls where neither user is within the borders of the requesting country.
Re:VOIP (Score:4, Informative)
caught assisting the gov't
That is, immediately, a separate problem from one of them just spying on you for their own purposes, selling that information to other people or the like.
Wiretap (and intelligence) are lawfully chartered, you may not like it, but you have to accept that governments can do those things, because they've given themselves the right to. They also tell companies what they can't do, and penalize them for such behaviour if they are so inclined, an entity not attached to country where you have legal standing can basically do whatever the hell it wants to you and you can't do anything about it.
Re:VOIP (Score:5, Insightful)
I like how you phrased that. that the govs *give themselves* the right to wiretap. this was NEVER a right transferred from the people to their rulers.
"but we can catch bad guys!"
yeah, and you can catch good guys, too. is this balance worth it? when we all lose our sacred (imho) right to private comms with each other, as we choose? when we have to wonder 'is someone going to use this out-of-context such and such against me if they tap into my comms?'
chilling effect. its here and its disturbing.
but the govs gave themselves this right. they STOLE this right without due process.
no one seems angry about it as its all explained as 'well, if we catch bad guys, how can you be against this?'
we once used to think that it was more just to let a few bad guys go than to have even one innocent guy be punished. but we have broken this idea with our privacy. we think that trading privacy for security is a 'win'.
we didn't always think this way, though.
every time I hear 'lawful intercept', I throw up a little. it makes me sick what we do to our dignity and personal rights. its NOT a fair trade! and we were NOT asked!!
Re: (Score:3)
USA government can make things legal retroactively IF they get caught pants down. they've done it before and will do it again. moreover they're giving de facto immunity to companies helping them trample on international and domestic law every single day.
Re:VOIP (Score:5, Insightful)
That's a rather defeatist attitude.
Sure, the government could fake an anal probing and install their monitoring infrastructure in my nether cavities, but is it worth all that trouble?
It's not about if you can be tapped, but how much resources were used to do the tapping. ZRTP (endpoint-to-endpoint encryption) mentioned in their alternative Jitsi, would substantially raise the bar for casual automated interception.
That's the idea really. Make it to where everything they intercept is heavily encrypted with well used, well scrutinized encryption methods. If they want to bypass that encryption it will require having direct control over your device, to have direct influence on the platforms and software, or well known backdoors in software. That substantially raises the bar on multiple fronts since it will require specially crafted malware, special legislation (boy will that be unpopular), and maintained secrecy (conspiracy theorists say that have it already) with cooperating companies. As for the secrecy, we are discussing patented technology to help the government automate eavesdropping right? Not like it is a big secret....
The article has the answer already. It is time to move on. Find a newer platform that will not allow eavesdroppers and act only as a middleman to setup heavily encrypted communications. There are plenty of SAAS providers that only store encrypted data so they can turn over that data on demand to law enforcement and not have the keys.
What may help the most, is what is lagging ass... IPv6. I can see a future with DNS records and open source P2P services that will allow us to directly control who can initiate communications with us. Once you get around not requiring a middleman to punch through NAT for VOIP services it becomes substantially easier to perform call setup and tear down.
Re: (Score:3, Informative)
I don't disagree with your comment, but..
ZRTP (endpoint-to-endpoint encryption) mentioned in their alternative Jitsi, would substantially raise the bar for casual automated interception.
I'd say it'd make it nearly impossible (without resorting to active attacks using malware and stuff like that). It uses no PKI, unlike HTTPS, and you can enforce and define which encryption methods to use (public cryptosystem, hash function, cipher). If you're worried about the NSA being able to break AES, you can run your conversations over AES+Blowfish+Serpent or something silly like that.
If they want to bypass that encryption it will require having direct control over your device, to have direct influence on the platforms and software, or well known backdoors in software
True, but in the case of Jitsi (and stuff like Pidgin-OTR), there are no "key
Re:VOIP (Score:5, Insightful)
"Anything transmitted online - whether it be VOIP or cleartext or whatever - can be tapped"
I would dispute this. Or do you mean "They could tap it given several centuries and all the computing power on the earth" ?
Some of encryption is that good, and no I don't believe that the secret, shadowy, magical NSA have backdoors in every encryption library on the planet.
Re: (Score:3)
That's true, and is also why it's a good idea to use an open standard and an implementation in a thoroughly reviewed and actively developed library.
A point-to-point VOIP session over an SSH tunnel set up using pre-shared keys and signatures should do the job nicely. Or via SSL, making sure only to use certificates from an authority you control, and using (EC)DH(E) key exchange protocols, which result in a network stream the nobody can decode after the fact, no matter what server keys they have access to.
I k
They dont have to decrypt it for it to be useful (Score:4, Interesting)
Just knowing who you're talking to can be all the info they need.
Re: (Score:2)
Truem on a well set-up point to point transmission, they can record the encrypted data stream, probably. They may be able to figure out who you're talking to, where both parties are and how long the conversation lasted. Some or all of these things can be hidden with services like Tor, though I'm not sure I'd want to try streaming video via Tor...
Re: (Score:3)
BTW if you are serious about security for voice or video coms make sure you use a constant bitrate system. Otherwise they may be able to infer stuff from the size of your packets.
Re: (Score:3)
I know this is /. and all but come on this has been the case with Skype for years the editor had skimmed the wiki [wikipedia.org] they would know this is not News. Do we really need an anti-Microsoft story everyday?
Re:Seriously? (Score:4, Insightful)
For personal, of interest to no one, type communication your point is valid but if I am communicating with regard to trade secrets it is very important to me to know that my communication is secure. Skype used to be secure and therefore this is an issue.
Re: (Score:2)
seriously? (Score:5, Insightful)
If you are serious about privacy Skype was never even an option! ;)
Re: (Score:2)
Privacy, self esteem, independence... Problem is that video over IP is/was notoriously difficult to make plug and play and every non technical person can only go as far as DLing on program without shopping around so they would just install Skypee and be done with it, which arguably is the `safe` in the "non time consuming" way choice. No matter that centralized communications like these are wrong from inception on they are the wide standard because it made sense to some company and said company invested int
Re: (Score:2)
Problem is that video over IP is/was notoriously difficult to make plug and play
The thing is, it shouldn't be - the "difficulty" is largely down to the shitness of the software. I've got hardware VoIP phones from Grandstream that pretty much "Just Work" (you plug 'em in, enter your SIP login details and they do what they are supposed to). Meanwhile all the softphone software I've tried is pretty much balls: on Linux, Ekiga is "ok" but rather too buggy for every day use. On OS X I've yet to find any SIP software that does video except for Xmeeting, which is buggy as hell (to the poin
Re: (Score:2)
I used Skype for work. I had my Bluetooth earpiece in and was using my laptop. Out of the blue, with no action on my own part, I'm listening to two people talking. It was a conversation held over Skype. I contacted support and told them what had happened and asked for an explanation. In response I got some canned non-answer.
I don't use Skype anymore.
If there is a third party... (Score:5, Insightful)
Re:If there is a third party... (Score:5, Informative)
I would have to disagree. I can insure that my communication is not tapped between me and other parties even going through third parties. This is the basis of public key crypto. The third party can still track who I communicated with but not what was said. Tor and similar systems are meant to take care of that (if your seriously paranoid systems to connect two parties have existed since well before the modern computer).
Re: (Score:2)
Re:If there is a third party... (Score:4, Interesting)
You keep telling yourself that, if it makes you feel better.
What do you mean?
He means he doesn't understand public key cryptography.
Re: (Score:2)
Avoiding a tap requires spy levels of diligence like never using the same end points twice. As monitoring communications becomes more and more prevalent avoiding the tap becomes problematic so insuring they can not decipher the information in a reasonable time frame or track end points becomes more and more important.
Re: (Score:2)
That's totally wrong and everyone who modded that up should go sit in the corner and re-read "Applied Cryptography".
You can build a service providing data exchange between two parties with a server handling the connection without that server (or anyone else) being able to listen in. What we don't know if Skype was built this way or not. And that's the problem.
Re: (Score:2)
If there is a third party running the server in the middle, there can be no trust. Run your own server if you need security. There are lots...
Then now you just have to worry about how reliable the isp of the server is, if they log your activities and will turn it over in a heartbeat.
If all communication to the server is encrypted and you've configured the server not to record your calls then you can be pretty confident that the security services can't find out what you talked about _before_ you became an interest to them. Of course, once you've become an interest to them they can get the ISP to give them physical access to the machine and you're screwed on any future conversations.
I'm actually relieved to hear this (Score:5, Informative)
Re:I'm actually relieved to hear this (Score:5, Funny)
Who know what wonders the rest of 2011 will bring for us!
Re: (Score:2)
Re:I'm actually relieved to hear this (Score:4, Informative)
Is there an OTR for video? (Score:2)
We've used OTR when we want to IM about something sensitive - is there any sort of similar plugin for Skype? It appears there's a text chat OTR plugin... but a video version would be more useful for most people.
Re: (Score:3)
Is Jitsi more secure? (Score:5, Insightful)
I just tried Jitsi while /. was in maintenance mode. It does not work on this very standard Win7 box. Incoming audio is missing; logs are missing. Uninstalled already - not usable. Bria works fine. My VoIP server (3CX) is on the local subnet.
But even beyond that, Jitsi is not a solution; it's a component. The only way to make it into a solution is by selling your soul for cheap to the likes of Google and Facebook. That would be counter-intuitive for a product that sells itself as a secure thing.
The only reasonably secure way is to run Jitsi on your own SIP server. However that is not an exercise for everyone. A geek can deploy a SIP server, but a common man cannot even understand what we are talking about here.
I'd say that 3CX people already have a solution. First, they have a TCP tunnel that you can use to go through firewalls and specifically NAT. Then they support encryption [3cx.com]. And finally, their stuff works. (This is important, despite what some geeks say.) They also have a client for Android (besides the usual suspects.)
However in terms of simplicity Skype leads the pack.
Re: (Score:3, Informative)
I tried Jitsi like you did. I've been looking for an alternative to Skype for a while but could not find one.
I consider myself to have above-average knowledge of computers. However, compared to a pro, I'm just an average person.
I ran in the exact problem you describe: I figured out that while Jitsi lets me use many different services to log in with (e.g. msn, yahoo, etc.), the only really secure ones were SIP and XMPP.
The problem was, I couldn't figure out how to use these (what are they anyway? protocols?)
Re:Is Jitsi more secure? (Score:5, Informative)
I will ask a friend who works in IT if he can help me, but I'm pretty sure he will tell me that he's not familiar enough with SIP to help me out.
Googling for "Asterisk" is a pretty good place to start.
I'm not entirely sure why it's so complicated in this day and age to cut out the middle men and connect with your relatives directly through the Internet, but well, that's the way it is at the moment.
Largely you can blame NAT. Some background on how SIP works when you place a call to someone:
1. The calling phone sends a SIP message to the callee's phone asking it to ring. The SIP message also tells it where (ip address / port) to send the media (audio / video)
2. The callee's phone rings
3. The callee picks up
4. The callee's phone sends a SIP message to the caller's phone telling it that the call has been picked up. The SIP message tells it where (ip address/port) to send the media.
5. Both sides start sending media over RTP to the other, since they have now exchanged media destination address details.
6. The two parties have a conversation.
7. One of the parties hangs up
8. The hanging up phone sends a SIP message to the other phone telling it the call has terminated
9. Both sides stop sending media
This fundamentally does not require any middle-men - you can tell your phone to call someone else's directly if you know its IP address (which you could discover using DNS, for example). However, there are some issues with this simple view on things:
A. In the real world, phones don't have static IP addresses, they move around the internet. This problem is fixable with dynamic DNS, although now you've introduced a third party (the DNS server).
B. People usually have firewalls between them. If the callee's phone isn't directly accessible from the caller's network, the caller can't send the initial "ring" SIP message. This could be fixed by poking a hole in the firewall for port 5060. More usually its fixed by having a SIP registration server somewhere on the internet - your phone connects to that server and that server is responsible for relaying SIP messages to it. So calling phones actually send the SIP packet to the registration server rather than directly to the callee's phone (this also fixes problem (A) without the need to resort to dynamic DNS too, since the callers nw only need to find the registration server rather than the phone itself). Of course, your registration server is a "middle man", but luckilly only carries the signalling traffic - the media still goes directly between the phones, which is good since it takes the shortest network path, therefore inproving the quality of service.
C. This one is the killer - NAT. Remember the phones exchanged addresses to send the media to? Well, the problem is that once you stick NAT in the way, those addresses change... and they change in a way that is completely unpredictable. So now the endpoints have no idea where the hell to send the media. The work around to this is to send the media via a server too. And there you go, the dream of true peer-to-peer VoIP has been completely shot out of the sky.
Once IPv6 is widespread we can go back to just sending the signalling via external servers rather than the entire media stream, but I'm afraid NAT is way too widespread to get away with that on the IPv4 network.
Of course, there's nothing stopping the phones doing end-to-end encryption on the media, which would largely make the existence of a middle-man irrelevant, from a security perspective. On a closed system like Skype, there's no way to know which nodes are able to decrypt/decode the data though, so in that case you're always going to have to trust the vendor to tell you the truth instead of being able to independently confirm the security of the system.
Ip6 will solve the problem? Dream on. (Score:2)
If you think companies are going to let all their systems talk to the internet at large just because they use IP6 then you're off with the pixies. Its almost certain that most corps will limit ip6 devices to link local only addresses and use some form of address translation as a "security" measure. The only thing IP6 will gain us is huge increase in general network complexity.
Re: (Score:2)
If you think companies are going to let all their systems talk to the internet at large just because they use IP6 then you're off with the pixies. Its almost certain that most corps will limit ip6 devices to link local only addresses and use some form of address translation as a "security" measure. The only thing IP6 will gain us is huge increase in general network complexity.
Ok, who said anything about "companies" here? The discussion was a general "why can't we do VoIP without any middle-men?", not a specific "why can't we do VoIP without any middle men in a highly restricted corporate network?".
So lets divide this up into the three markets:
Home users:
Currently these usually have an RFC1918 network and do NAT and ingress firewalling at the point they connect to the ISP. Usually there is no egress firewalling. These people want devices they plug into their network to Just Wo
Re: (Score:3)
they have a TCP tunnel that you can use to go through firewalls and specifically NAT.
Sending voice/video over TCP is a monumentally silly idea, (and doesn't really offer an advantage over UDP for NAT traversal)
Re: (Score:3)
Perhaps, but you need to tell that to 3CX developers. It was them, not me, who added the tunnel. As they say themselves [3cx.com], there is a reason for the madness:
We are pleased to announce a new release of 3CXPhone for Android, build 1.3.1, which includes the 3CX Tunnel. With the 3CX Tunnel feature, you can proxy all SIP and RTP traffic over a single port and bypass any restrictions that telecom providers implement to block VoIP calls. Often telecom providers will block common VoIP ports.
I have it configured on my Android tablet, and it works fine when I connect from a remote location. A TCP connection is a tad more reliable than a bunch of hacks upon hacks (also known as NAT, STUN and other stuff.) At least proper routing of packets of an established connection is a required and supported function of every router, very much unlike han
Re: (Score:2)
it's not silly if it gets the job done.
routing tcp over upd is silly only until it's the only way to route data from the app you want to where you want, then it becomes just a question of if it's fast enough or not.
Re: (Score:2)
it's not silly if it gets the job done.
The thing is, it won't get the job done reliably. Google "head of line blocking" - if you drop a voice packet you want to make do without it (phones usually try and predict what would've been in the packet to fill the gap - that tends to be "good enough" to make your brain think there wasn't much disruption most of the time). Holding up the entire media stream until you arrange for a packet that's already too late to be retransmitted (thereby making a lot more of the packets too late) is the worst thing y
Re: (Score:2)
Sending voice/video over TCP is a monumentally silly idea, (and doesn't really offer an advantage over UDP for NAT traversal)
Yes, in fact, it does offer an advantage. It can work if one party doesn't have any ability to open incoming ports. That is significant.
Re: (Score:2)
If I understand the technologies it's using correctly, I think that 3CX may allow the PBX to intercept voice communications and it doesn't appear to be designed to ensure communication that goes outside the PBX is encrypted. So it's probably less secure than using Jitsi which - even if it does require you to sell your soul to Google - doesn't trust the server you're using and gives you a way to detect if someone's trying to MITM you.
Re: (Score:2)
I think that 3CX may allow the PBX to intercept voice communications
Normally the media streams bypass the PBX, so it cannot intercept the voice even if it wants to. The call setup can be intercepted, of course, because that's what the server does.
One exception is common to all PBXes that implement it. If your configuration warrants that, you can configure the system so that media streams go through the PBX, for one reason or another. This however is not scalable. But then you can record. Some businesse
Like any of my conversations . . . (Score:5, Insightful)
. . . with my Family are of interest to any government. Come on, Skype is for keeping in touch with the old folks at home. For anything serious you would use something more peer to peer without any 3rd party involved. And even then . . .
Re: (Score:3)
there are a famous set of videos (search on YT) called 'dont talk to cops'. they outline the very real issue that, even if you have done nothing wrong, info can still be MISUSED against you.
this is why we need to be careful about just 'opening up' our privacy. too much is at stake and even just one mistake on their part can be hazzardous to you.
no, I don't think its the gov's business to listen in on ANYTHING. absolutely. yes, even if you godwin this thread, I don't think that tapping peoples' messages
Ok... (Score:2)
Here we go: Microsoft is a major multinational corporation, with a substantial base, substantial assets, most of their higher-ups, and a fat load of juicy contracts within the jurisdiction of the United States(and a number of other countries that have less clout; but are no more savory)...
Now, according to the feds [fcc.gov]"CALEA Compliance for Packet Equipment, And Equipment for Facilities-Based Broadband Internet Access Providers and Providers of Interconnected VoIP
All facilities-based broadband Internet access pr
Re:Ok... (Score:5, Informative)
As someone involved with engineering a CALEA intercept appliance, I can offer a practical answer to your question. If you operate a network under jurisdiction of the United States and you receive a court-ordered request to intercept packets transiting that network to or from an IP address or a person as identified in that court order, you must intercept those packets and only those packets, and you must make them available for retrieval by the law enforcement agency identified in the order. If you fail to do so, you're subject to a substantial fine for each day of non-compliance.
It doesn't matter what data the packets may be carrying, or whether the LEA knows how to interpret them. Your responsibility is simply to perform the packet capture and make the data available. What Microsoft thinks about this has absolutely no bearing on the problem.
Re: (Score:2)
since you have some experience in calea, I'm curious about this: suppose the user is employing end to end encryption. is that not 'obstruction of justice' by the 2 end users, then? afterall, the gov is giving itself the right to tap you. if you 'hinder them', aren't you obstructing?
and if so, then how is end to end encryption legal in the US?
it seems like an arms race with the population. we users want privacy and are prepared (some of us) to use it. the gov, otoh, wants every single fucking line to be
Re: (Score:2)
Not the GP, but as far as I know (not a lawyer) at least in the US "obstruction of justice" has a specific meaning and requires your knowledge that there is justice (in the form of an ongoing investigation or trial) to obstruct. Now the govt could say, "hey we're investigating you, so you better not be hiding evidence from us in that encrypted data" and you could say, "I'm not hiding anything from you, that's just standard procedure". They could respond with, "alright then, give us the key" and you could re
Re: (Score:3)
Mea
Could a 3rd party wrap Skype? (Score:4, Interesting)
On equal footing. (Score:2)
Microsoft Won't Say If Skype Is Secure Or Not. Time To Change?
Can all the alternatives solemnly promise me that they're secure too? And to jump to the end of the ensuing discussion, where do I gain the expertise to be a subject matter expert (in several areas) and length of time in which to review all relevant code?
Interception has likely be present for a long time (Score:4, Insightful)
If you are getting concerned _now_, then you have been asleep at the wheel.
Re: (Score:3)
stands to reason (Score:2, Insightful)
When I heard Microsoft had purchased Skype, my first thought was "Skype is dead". It only remained to find out in what way it met it's demise.
Re:stands to reason (Score:5, Funny)
When I heard Microsoft had purchased Skype, my first thought was "Skype is dead". It only remained to find out in what way it met it's demise.
Yes its back to using my Nokia ... oh wait!
Do you trust Phil Zimmermann? (Score:5, Informative)
Then check out his latest venture
https://silentcircle.com/
Microsoft is on your side (Score:5, Funny)
*The term "anyone" does not include government agencies, Microsoft business partners, affiliates or Microsoft itself.
Huh? (Score:2)
Perhaps it's not the intention of the Slashdot editor who titled this story, but you know the saying where if a news title is phrased as a question the answer is always "No"? Well this is the case here as well.
You should always have been aware that Skype might be monitoring your calls, since you don't control the network. Nothing has changed ever since Microsoft took over, so what makes it the case that NOW it's time to change? Besides, change to what? There's nothing else out there which is accessible to m
Skype has never been secure (Score:2)
One thing that really peeves me about Skype is their assignment of a gener
Re: (Score:2)
Other security considerations (Score:3)
My mom's Skype account was recently hacked. Apparently the hackers were able to abuse the Skype Manager [skype.com] system to gain control of her account without her authorization, transfer her account balance, and reset her password. Skype's customer service has acknowledged the problem but has not been able to restore access to the account yet.
(I don't know any more details than that, as I haven't been involved.)
Skype is insecure. (Score:5, Insightful)
"When asked repeatedly a Microsoft spokesperson refused to confirm or deny that Skype conversations [could be monitored]
Then it's not. When you have to guess, in this case, whether skype is secure, assume the worst. Absence of proof of security is proof of no security.
--
BMO
Re: (Score:2, Insightful)
Can you confirm for me your heterosexuality? If you cannot prove then I shall have to assume the worst.
Way to go asshole, here you've implied that being homosexual is a bad thing.
Re: (Score:2)
Security? (Score:2)
Is it time? What? (Score:2)
Why now? How does Microsoft change anything? It was time to consider more secure alternatives from day zero!
Change? (Score:2)
What do you mean, change? I never used Skype in the first place, _because_ it's an obscure binary blackbox.
Still fresh (Score:2)
When asked repeatedly a Microsoft spokesperson refused to confirm or deny that Skype conversations [could be monitored]
Skype was just purchased by Microsoft. This is a wild guess, but the software may not be well written, and MS may still have some hard time to figure out what it does exactly, and where. The MS guy may just have answered out of incompetence.
Re: (Score:2)
The MS guy may just have answered out of incompetence.
You are very quick throwing around big words like "incompetence". "Incompetence" means not doing his job well. His job, as a PR person, is to tell the press (and bloggers) exactly what Microsoft wants him to tell them - so not answering the question can mean that he is actually very competent. His job is most definitely not to make up answers on the spot if he doesn't know the answer - so at worst, this is lack of knowledge, but not incompetence. And of course he gave a prepared statement as an answer. It i
Of course it isn't secure in that sense (Score:2)
If that is not the case then Microsoft are in breach of US laws regarding telecommunications (some brought in over recent years under the banner of national security, some that have been around longer).
If calls could not be monitored when they bought Skype, they will have changed that soon after, or if they still haven't sorted that yet they will be actively working towards that goal as we speak. Whether the la
How do they work w/ IPv6? (Score:3)
Skype PR person (Score:3)
Well, what do you expect? He is a PR person. He can't answer that question, unless the legal department has told him what answer to give. And we haven't actually seen the exact question that was asked and the devil could very well be in the details. Slight difference in questioning might give completely different answer.
Just as an example: The headline here says "Microsoft won't say if Skype is secure or not". The summary asks whether Skype conversations [could be monitored]. The article headline asks whether Skype can eavesdrop on your conversations. These are three different questions within five minutes, so we cannot possibly know question the PR man refused to answer. My guess: None of those three.
I don't think they are reinviting the audio ... (Score:2)
I don't use Skype, but I assume they are not happily wasting bandwidth. I'm pretty sure the audio is being reinvited whenever possible (meaning it's just signalling going between you and the skype server, and it just tells you the IP of your peer, and you send your media straight over there through RTP.
Time to change? (Score:2)
Last time i looked for an alternative, the only thing I could find was a crappy HP knockoff.
Clearly a ploy (Score:2)
Re: (Score:3)
Re: (Score:2, Insightful)
Because it is a voice service, not a data service. The system compresses the "sound" going across the line, and sometimes even drops bits to keep the latency bearable. You could use some sort of analog device which can survive through such things, but then we are right back in the early 1980's.
Sometimes the best move forward is a brief step backward.
Re: (Score:3)
But if you're calling someone else who's also using the internet, it shouldn't require anything more than software running on the two end machines, with strong end to end encryption
That works well right up until someone wants to set up a firewall and/or NAT between the two end machines...
Re: (Score:2)
You don't need a third party. For some reason we have gotten away from the very sensible solution of direct connections. We're not talking adhoc peer-to-peer in the Gnutella sense, we're talking about "I open a port and you connect to me". The only thing you need the cloud for is a way for two people to exchange IP addresses.
Re: (Score:2)
Re: (Score:2)
4 8 15 16 23 42