Skype Is Working To Defeat the Reverse Engineering

ndogg writes "Michael Larabel of Phoronix was emailed a response to the reverse engineering of the Skype protocol from the VP of Skype's PR company, who said that the reverse engineering was done for the use of spam/phishing, and that it's an infringement of their IP, and that they are working to defeat it."

Skype on Linux

Perhaps if Skype's Linux client had been better maintained and offered a feature parity to the Windows and Mac OS X clients, there wouldn't be people spending time on reverse-engineering the protocol so that they could write their own client.

Or, maybe, there are just a lot of Linux users who hate proprietary software, and don't trust Skype. Skype uses a lot of anti-debugging techniques. What are they hiding?

Re:Skype on Linux

[calzakk]

Maybe they're not hiding anything, maybe they're just trying to protect their proprietary software. After all, they are a business just trying to make money.

Re:Skype on Linux

[Bizzeh]

hes free to do with his program as he pleases, but not free to use the skype protocol as he pleases. skype own the protocol and the network that app connects too and its their protocol and network to do with as they wish. if they want to keep it closed, that is their own choice.

Re:Skype on Linux

[Intron]

imagine that the first telecom company kept their protocols private, locking everybody in!

Umm. They did. You never heard of A. G. Bell's little company? Subject of an antitrust suit back in the 70's? Name of AT&T?

Of course, like the T-1000, the Baby Bells are slowly coalescing back into the monster.

Re:Skype on Linux

[djlowe]

hes free to do with his program as he pleases, but not free to use the skype protocol as he pleases. skype own the protocol and the network that app connects too and its their protocol and network to do with as they wish. if they want to keep it closed, that is their own choice.

1. So long as he reverse-engineered Skype's protocol cleanly (i.e. he didn't have access to Skype source code directly, nor was given it by third parties), then he is, in the US at least, free to do with his implementation as he wishes.

In the US, this has historical precedent, going back to Compaq's original "clean room" reverse-engineering of IBM's BIOS for the original IBM PC, which was, for those that don't remember, what made IBM-compatible computers possible in the first place.

2. Skype is, of course, free to alter their protocol, so as to prevent his implementation from working in the future.

3. Skype's "network" isn't theirs: It leverages the Internet, after all, and so there's *no* way that they could possibly claim it to be a discrete network. In order for it to be so, they'd have to implement a completely separate world-spanning network that was physically isolated from the Internet.

Since we all know that such isn't the case now, your point in that regard is completely invalid.

Certainly, they own their servers, but those are also connected to the Internet at large. However, given the fact that they also leverage users' computers in a "P2P way", this reinforces my point that it isn't "their" network.

Yes, they are free to try keep their protocol closed, but in light of this, their best approach in my opinion is to open it: They have sufficient presence on the Internet now that doing so would only benefit them, I think.

They could become a permanent standard by doing so and have a permanent presence/place on the Internet, now and in the future and probably would, if they chose to do so.

Regards,

dj

Re:Skype on Linux

Only obvious if you're a retarded lunatic. What is it with you idiots and conspiracy theories?

Re:Skype on Linux

[AliasMarlowe]

Maybe they're not hiding anything, maybe they're just trying to protect their proprietary software. After all, they are a business just trying to make money.

They've been hiding their protocols. These are not protected by patent (which would involve publishing them, assuming they were patentable). Their implementation is probably protected by copyright, but a competing implementation is unlikely to infringe that copyright, unless it is a "slavish" copy. There does not seem to be a trademark issue in play. Conclusion: it looks like they are merely trying to protect a trade secret which has been uncovered by reverse engineering. Note that reverse engineering to uncover secret methods is entirely legitimate.

So yes, Skype is trying to preserve its revenue stream, which is secured only by secrecy of the protocols used by the proprietary Skype software. These protocols have now been made rather less secret, and apparently by legally acceptable means. So let's all say to Skype: "good luck with that".

Spam/phishing is just an excuse

[MtHuurne]

If a spammer or phisher would reverse engineer a protocol, it's very unlikely they would publish about it, since that would help their competition. It is possible that spammers or phishers will use the results of reverse engineering of course, but if your protection against malicious activities consists of a secret protocol then you should consider implementing real security instead of blaming the reverse engineering.

In any case it's clear that Skype doesn't want third party clients to interoperate with their own, so instead of getting into a cat and mouse game it would be more useful to improve existing open source VOIP clients so Skype can be replaced altogether.

Re:Spam/phishing is just an excuse

[StripedCow]

it would be more useful to improve existing open source VOIP clients so Skype can be replaced altogether.

As you know, for performing a telephone call, you need 2 ends. Try convincing the other end to install your open-source VOIP client of choice!

That's the problem!

IMHO, a much better approach against such lock-in would be to first develop an open-source binary compatibility layer inside web-browsers, like google is doing with native client (NaCl). That way, you could make a phone call by asking the other party to visit a website (assuming you have written your phone client software for that binary compatibility layer of course).

If Skype really cared about spam or phishing...

[Dr.+Spork]

Why do I keep getting the same inane message from "Natalia", posted from various temporary accounts? I've blocked every account it's come from; I'm sure many have. Is Skype really too slow to get the hint? Jesus, make the spammers work a bit to change a word here and there! It's shocking to me how little Skype cares about spam and phishing in their network. My point is, you can do all the spam and phishing you want with the native client, because Skype apparently does nothing to stop even the clumsiest of spammers who know how to solve a capcha. So their alleged interest to protect their users was conveniently discovered when the possibility of competition suddenly arose.

Re:Bad business

[Kalriath]

I believe the problem they face is that if the client protocol is understood, any monkey can implement that client protocol in a program which dials millions of Skype users per second offering to sell them half-off auto warranties or telling them about that $15,000,000 they need to smuggle out of Zambia, effectively destroying the trust in Skype, potentially resulting in an exodus of customers. Their perspective is not entirely unjustified.

However, they don't appear to be spending much time working on a mitigation technique for when some jerk-off in the middle of nowhere (i.e. Nigeria) manages to achieve the same goal - because no legal threat will work on those fuckers.