Microsoft Makes Skype Easier To Monitor

← Back to Stories (view on slashdot.org)

Microsoft Makes Skype Easier To Monitor

Posted by samzenpus on Thursday July 26, 2012 @11:47AM from the lets-have-a-look dept.

In a follow-up to a story earlier this week, derekmead writes "Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users' addresses and credit card numbers, more easily shared with authorities. As we've already seen with Facebook and Twitter, big Internet firms aren't digging their heels in against government requests, which shouldn't come as a shock; angering the authorities is bad business. The lesson then is that, while the Internet will always retain a vestige of its Wild West days, as companies get bigger and bigger, they're either going to play ball with governments or go the way of Kim Dotcom."

35 of 150 comments (clear)

Min score:

Reason:

Sort:

i just don't use microsoft products by Anonymous Coward · 2012-07-26 11:49 · Score: 2, Insightful

sorry, not going to do it.
1. Re:i just don't use microsoft products by ozmanjusri · 2012-07-26 15:54 · Score: 2, Insightful
  
  Agreed.
  That's the only sensible and ethical response to a company with such a long history of abuse of its customers.
  
  --
  "I've got more toys than Teruhisa Kitahara."
2. Re:i just don't use microsoft products by Anonymous Coward · 2012-07-26 16:52 · Score: 2, Insightful
  
  Didn't we discuss this exact same thing 2 days ago with even more accusing title: http://tech.slashdot.org/story/12/07/24/0039205/microsoft-wont-say-if-skype-is-secure-or-not-time-to-change ?
Open Source by Nerdfest · 2012-07-26 11:50 · Score: 5, Interesting

Time to switch to something where we actually know what the software is doing.
1. Re:Open Source by cpu6502 · 2012-07-26 11:54 · Score: 4, Interesting
  
  Will Jitsi let me call home to my old wired phone?
  Corporations working closely with government, and government working closely with corporations, including exchanges of money through campaign donations & legislative acts. Plus favorable regulations to help the megacorps and block new startups. There's a word for that...... hmmmm, right on the tip of my tongue. Starts with an F. Or a C.
  
  --
  My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
2. Re:Open Source by Nerdfest · 2012-07-26 11:56 · Score: 3, Informative
  
  ... it does need mobile clients, although an Android client is apparently in the works.
3. Re:Open Source by Nerdfest · 2012-07-26 11:58 · Score: 3, Interesting
  
  We're almost at the point that we can drop POTS in favour of something less 'controlled'. I'm sure other measures will be taken to ensure it's not that easy though.
4. Re:Open Source by westlake · 2012-07-26 12:19 · Score: 4, Insightful
  
  Time to switch to something where we actually know what the software is doing.
  Now all have to do is convince friends, family, business and professional contacts to abandon Skpe. Something which is not going to happen.
5. Re:Open Source by Nerdfest · 2012-07-26 12:28 · Score: 2
  
  Why not? Are they in favour of unauthorized government and corporate wiretapping? I would think most could be convinced quite easily.
6. Re:Open Source by grantspassalan · 2012-07-26 12:51 · Score: 3, Insightful
  
  Most people THINK they do not have anything to hide, such as when they talk about the antics of their 3-year-old grandson or other inane conversations. Therefore most people would not switch or quit using Skype. Anyone who does have deep dark secrets they wish to hide from the KGB, FBI, NSA, Gestapo or other such agencies, would not be using Skype or any other easily intercepted communication system.
  
  --
  A sufficiently advanced simulation is indistinguishable from reality.
7. Re:Open Source by Sir_Sri · 2012-07-26 12:59 · Score: 3, Insightful
  
  Once you do that the government will move in an legislate something else. That is what governments do.
8. Re:Open Source by MyFirstNameIsPaul · 2012-07-26 13:00 · Score: 2
  
  Will Jitsi let me call home to my old wired phone?
  Jitsi uses SIP, so it just might (I haven't looked into it too deeply).
  
  --
  I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
9. Re:Open Source by shutdown+-p+now · 2012-07-26 15:08 · Score: 2
  
  We are. My grandmother, on the other hand...
10. Re:Open Source by shutdown+-p+now · 2012-07-26 15:09 · Score: 2
  
  There's nothing in the definition of capitalism that precludes colluding with the government, or requires absolutely free markets. If it has private transferrable property on the means of production, it's capitalism.
11. Re:Open Source by shutdown+-p+now · 2012-07-26 16:31 · Score: 2
  
  So maybe I have the recursion problem you describe, but "capitalism" in most people's minds is inexorably linked with free markets, and it's in that sense that I use it. And when you have actual free markets, there's no place for corporatism because you don't have a state powerful enough to be worth coopting.
  It's generally true, because capitalism in the absence of free markets tends to degenerate. But then, for most people, the meaning of the word "free market" is the one that it had since introduced by Adam Smith - to wit, a market with free competition. In other words, without monopolies. In Smith's time most monopolies were government-created, and he covered them in detail, but he also had the foresight to warn about collusion between market players themselves, and the harm it would do by making the market non-free. He also argued that the government should intervene and prevent such collusion from monopolizing the market to keep it free. So a free market in that sense, ironically, requires a strong (but not corrupt) government.
  On the other hand, there's the other definition of "free market", used mainly by Austrian economists and associated political movements (such as libertarians), which is really an adaptation of what was previously called "laissez-faire" - a government free from any outside intervention, but not necessarily the one where competition is possible, since a privately monopolized market is still laissez-faire. That definition is not that popular outside of those circles, and in any case is evidently not required for capitalism since historically pretty much all European states were and are considered capitalist despite considerable economic intervention for the sake of the Smithian free market. I don't think you'll find many people seriously arguing that, say, Germany or UK aren't capitalist.
12. Re:Open Source by SuricouRaven · 2012-07-26 18:05 · Score: 2
  
  Unnatural monopolies, perhaps. But it's the natural monopolies that are the real killer of the libertarian ideal.
For me, the real question is... by TWX · 2012-07-26 11:50 · Score: 2

...will this mean "wiretapping" via traditional warrant methods, or warrantless eavesdropping, either by non-warrant request or by essentially giving them the keys to the castle?

If it's traditional warrant methods then I'm not really any more concerned than I am for regular phone calls on POTS lines. If it's otherwise then I'm glad that I never set up a Skype account.

--
Do not look into laser with remaining eye.
1. Re:For me, the real question is... by Opportunist · 2012-07-26 12:09 · Score: 4, Insightful
  
  Don't get your hopes up. It's "on the internet". Seems consitutional rights don't apply there.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
2. Re:For me, the real question is... by TheGratefulNet · 2012-07-26 13:09 · Score: 2, Insightful
  
  Seems consitutional rights don't apply there.
  what's that?
  and in a few years, the current generation of its time will ask that, with a full serious face.
  
  --
  
  --
  "It is now safe to switch off your computer."
3. Re:For me, the real question is... by Kalriath · 2012-07-26 15:28 · Score: 5, Informative
  
  Your government already thinks constitutional rights don't apply when the target is not a US citizen (bonus points if they aren't even in the US)
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
Re:The thing to keep in mind is by Opportunist · 2012-07-26 12:12 · Score: 3, Insightful

So the people "up to something" will use encryption we cannot monitor, you say? Well, I guess that means that everyone who doesn't use our standard encryption that isn't worth being called encryption is suspicious just for using an encryption method we cannot eavesdrop in.
Thank you for your input, citizen, it will be considered with the next round of new laws.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Re:time to bypass the middlemen by vux984 · 2012-07-26 12:19 · Score: 4, Insightful

Umm, how about no thanks? It's time for the programmer community to develop easy to use, robust, strongly encrypted, point to point programs.
And that will happen right after ipv6 becomes standard and NAT goes away. point to point is pretty tricky to make 'just' work in our currented "ipv4 nearly everyone is behind a NAT system".
Realistically, a middle man is going to be here for a long while yet.
Problem: It is not true by benjymouse · 2012-07-26 12:37 · Score: 5, Informative

This from the TFA:

Skype has gone under a number of updates and upgrades since it was bought by Microsoft last year, mostly in a bid to improve reliability. But according to a killer report by the Washington Post, Skype has also changed its system to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities.
The " to make chat transcripts, as well as users’ addresses and credit card numbers, more easily shared with authorities" is pure speculation.
And the alleged updates "since it was bought by Microsoft last year" (supernodes hosted in central data centers) was actually started in 2010, well before the Microsoft acquisition:
http://www.zdnet.com/skype-talks-back-to-critics-on-security-and-privacy-7000001682/
But this is slashdot. Why let facts get in the way of a good rumor-fueled speculation when it promises for a good Microsoft bashing?

--
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
1. Re:Problem: It is not true by Anonymous Coward · 2012-07-26 16:11 · Score: 2, Informative
  
  When you go to another computer, you can still look up your chat transcripts. How do you suppose that is, if Skype doesn't have them? And if Skype has them, who else do you suppose Skype could share them with?
  How was this modded informative?
Re:time to bypass the middlemen by Teresita · 2012-07-26 12:45 · Score: 4, Insightful

That will work until the alternative solution crosses a certain threshold of users, the founders sell out to Microsoft or Apple or Google and the new technology is monetized and put under monitoring, just like Skype and Vonage and Napster and Lindows before them. Lather, rinse, repeat.
Almost Yes. by DrYak · 2012-07-26 12:56 · Score: 5, Informative

Will Jitsi let me call home to my old wired phone?
Yes:
Jitzi supports the SIP standard and there are plenty of SIP-to-POTS providers around (for example, I use Switzernet which is based in switzerland and free to/from several european countries. Works with both my SIP sfotwares - Ekiga and Twinkle). ...BUT...
For obvious reasons there's no easy way to guarantee end-to-end encryption. So you *CAN* call home, but you won't get guaranteed privacy.
For full end-to-end encryption you need:
- a digital link from the source to the other end (which is not the case when bridging to POTS)
- the possibility to audit the software used at both ends that there are no bugs or implementation problems which could leak critical data. (So you need an opensource front-end and an opensource encryption layer, preferably using known and well tested and documented protocols (like ZRTP). And you need enough independent eyeballs looking at said code) (Jitzi is opensource so one can check that everything is properly implemented to avoid leaks).

--
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
1. Re:Almost Yes. by rtfa-troll · 2012-07-26 17:36 · Score: 3, Interesting
  
  The great thing about VOIP is it doesn't matter. You can install and run both clients at the same time and then just make sure you are visible in Jitsi as much as possible whilst being visible very rarely in Skype, and then only when you want something (sit there invisible, but turn on notifications so you see when friends without Jitsi come on line). From time to time suggest to people that it would be easier to get you if they had Jitsi. When you meet people show them how to set up Jitsi (or whichever other client you prefer) to work better than Skype.
  No need to get political. The simple phrase "I want to have something I can rely on; I don't trust Microsoft not to mess me about later; remember how they killed off KIN / Windows Mobile 6 / Windows Mobile 7 / the desktop PC / efficient working in Office / flight simulator / plays for sure / etc. etc.". Preferably choose a Microsoft betrayal that cost you personally There are so many simple technical betrayals by Microsoft that you can start with those before going into the political. Even there, you should start with things like "because Microsoft chooses to support Chinese censorship" which are simple and clear to understand.
  
  --
  =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
2. Re:Almost Yes. by FireFury03 · 2012-07-26 18:58 · Score: 3, Funny
  
  And, Failing that, you can always have the conversation converted to text and then ROT13 it. Oh, wait...
  ROT-13 is insecure these days, better to use double-ROT-13
  
  --
  http://blog.nexusuk.org
Re:time to bypass the middlemen by bill_mcgonigle · 2012-07-26 13:03 · Score: 2

You dumped your ISP?
I've never tried a ZRTP connection through Tor, but in theory that's most of the necessary parts.
If governments didn't attack Tor exit nodes there would be plenty of bandwidth available for everybody to have this level of privacy.

--
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Re:What could go wrong? by benjymouse · 2012-07-26 13:21 · Score: 2

Skype used to have a pretty impressive peer to peer encryption design. No longer, I guess.
Yes it does. Nothing has changed with the peer-to-peer encryption. You have been fed rumors, speculation. Here is what Skype says (but if you *want* to make it into a conspiracy you can of course assume that they are lying):

Skype software autonomously applies encryption to Skype to Skype calls between computers, smartphones and other mobile devices with the capacity to carry a full version of Skype software as it always has done. This has not changed.

(from http://blogs.skype.com/en/2012/07/what_does_skypes_architecture_do.html)
This is once again someone irresponsibly reading license terms and trying to twist every phrase and condition into something sinister. Like Skype making sure that you understand that instant messages may be stored on the servers because they need to be synchronized with multiple devices which are not all on-line. Like Skype saving voice-messages - because they are (d-oh!) *voice* *messages* (as opposed to peer to peer communication).
For a real take on this read: http://www.zdnet.com/skype-talks-back-to-critics-on-security-and-privacy-7000001682/

--
Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
Want to know the truth about Skype? Read on. by Anonymous Coward · 2012-07-26 14:12 · Score: 5, Interesting

I'm posting anonymously because I don't need attention. Here's the chronology and you can find the sources of these claims on your own.
- NSA issues a billion dollar RFP asking for a solution to wiretapping Skype
- as years pass, NSA's concerns about Skype keep on growing, they keep on lobbying lawmakers and industry officials
- out of the blue, MS buys Skype and pays an astronomical price
- buying Skype at that price makes no sense for MS since it poisons their relationships with carriers and pundits are confused
- first thing MS does is it kills supernodes and installs THOUSANDS of Linux servers running grsecurity http://grsecurity.net/news.php#Skype
- that means that ALL Skype traffic now passes through MS servers and can be easily wiretapped since MS holds all the keys and can easily perform a MITM attack
- NSA starts jumping from joy because their biggest black hole has been plugged.
- MS is happy because they are now getting regular large checks from NSA
tl;dr: Skype's a botnet and NSA paid MS to buy Skype
1. Re:Want to know the truth about Skype? Read on. by Anonymous Coward · 2012-07-26 20:38 · Score: 2, Informative
  
  That's not borne out by your data. In fact, the Ars article referenced in your link states that supernodes play no role whatsoever in making calls.
  That's not exactly right. Supernodes (now controlled by Microsoft) provide:
  1) NAT traversal: meaning... if, for some reason, the two people who want to talk can't connect directly (not that rare), the calls themselves _do_ go through a supernode;
  2) rendezvous points/P2P bootstrapping/user location services: this means that Skype/Microsoft, if it wants, can basically "lie" about the location of the person you want to talk to (it has all the keys, after all), allowing them to impersone that user. It then proxies along your connection to the correct IP, but can now perform man-in-the-middle attacks (not hard because, again, it has all the keys); this can be done dynamically, depending on the Skype ID, which makes it easy to auto-wiretap specific people.
  So... yeah... them having the keys + them being able to (selectively) put themselves between any connection in the Skype network DOES provide them with MiTM capability.
  Seriously, read the patent they got awarded on this.
2. Re:Want to know the truth about Skype? Read on. by gshegosh · 2012-07-26 20:53 · Score: 4, Funny
  
  If you don't need attention, how is that you believe that Slashdot won't forward your IP to authorities?
From "stealing" mp3s to citizen surveillance by gshegosh · 2012-07-26 20:47 · Score: 3, Interesting

I find it quite amusing, that the software that comes from creators of Kazaa, which uses the same P2P methodology that was developed to help people bypass government- and law-restrictions is now being used to spy on people.
Re:If you still want to chat securely over Skype by gshegosh · 2012-07-26 20:51 · Score: 2

If you're going to used Pidgin and custom plugins, what's stopping you from using XMPP instead of Skype?
You're missing the point here, the problem with Skype is that it's perceived as easy to use and it was the first popular one on the market, so it's crazily widespread. I use Jabber with my family, employees and other people whose computers I can control. I use Jabber with some technical people whose computers I do not control. But I gotta use Skype with non-technical people I can't influence about software they use.