Slashdot Mirror
Privacy Advocates Demand Transparency From Skype
tsamsoniw writes "Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally get around to being clear and transparent as to who has access to Skype user data and how that data is secured. 'Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place,' reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation."
How about opening their protocol? It's a pain to have to always use their crappy client.
"First they came for the slanderers and i said nothing."
Time to create an open source skype alternative. We have the technology, knowhow and codecs necessary to make this happen.
Yea. Good luck with those demands.
When last I checked, Microsoft doesn't have to respond to any such "demands". Nor should they have to. They are providing a service, as is. If you don't like/trust it then don't use it.
If I were Microsoft, I'd make a public statement explaining which orifice those demands should be inserted into.
It is transparent... for the government
All. Any. Yes.
Use Jitsi or Retroshare instead. Both support VOIP, and both are free an open source. Jitsi does XMPP and SIP. Retroshare is a darknet application with the PGP web of trust model with a voip plugin.
There are good alternatives today that aren't beholden to any corporate interest. Use them.
Give me Classic Slashdot or give me death!
All kinds can be intercepted.
Any that somebody in government thinks is important.
And anytime somebody in power wants to do so.
With the Skype/MSN merge coming up, is it not really suprising they do not want to disclose anything. That and the fact that Skype provides a full history log from whereever you connect gives a good idea...
Apart from that Skype PTT (push to talk) is not available in Linux and options are not even the same! Boooo
I don't really know about skype restrictions but do you think there can be some good alternative clients?
Why not just trust Microsoft?
What could possibly go wrong?
How about the "close application" button close the fucking application?
That would be a start.
Skype is almost malware.
I quite like XMPP for this reason, its open ( or can be closed too ). And communicates with a major one ( Google Talk ) . I have managed to convince a few friends and family to use either pure XMPP or Google talk, i honestly don't have anyone i consider important or that i would have an important conversation with in either text or voice or video in Skype.
Facebook for all its sins at least tells those interested enough to look what they do with their private data. Microsoft doesn't.
Say no more: https://www.youtube.com/watch?v=qc8i7C659FU&feature=endscreen&NR=1 ...Wink wink, nudge nudge ;)
THEY DEMANDED IT!!!!!
rofl
I just love the irony of this statement.
You can learn a lot by reading the privacy policy
I'm sure that alternatives like jitsi, Retroshare and other open source options work just as well or better, but, unfortunately, the network effect creates a huge barrier.
Are *you* able to convince your family, friends, co-workers, colleagues, classmates, acquaintances ... all to use some other VOIP solution because it's open source and can better guarantee privacy? Do you think they even give a crap when they'll gladly sign away their privacy for Facebook?
nuf said
XMPP (aka Jabber), as an open protocol, has been implemented in a gigantic amount of both client & server software, in both free/libre and proprietary projects, and on many platforms. Google accounts (meaning every single Gmail, Youtube accounts, and almost all Android users) all have 100% standards compliant XMPP accounts as well, meaning they can use any client they choose. You don't need to hear it from me, read what Google themselves have to say on the matter:
In addition to the Google Talk client, there are many other clients out there that provide a great communications experience. We believe users should have choice in which clients they use to connect to the Google Talk service and we want to encourage the developer community to create new and innovative applications that leverage our service. To enable this, Google Talk uses the standard XMPP protocol for authentication, presence, and messaging.
What does this mean for those who care about security? For one, you can choose software that includes Off-the-Record end-to-end encryption (OTR) such as Pidgin with the OTR plugin on GNU+Linux or Windows, or Adium (which has OTR built-in and enabled by default) on Mac OS X. On Android you can use Beem or Gibberbot, although I personally recommend Beem (and if you are using iOS you obviously don't give a shit about security anyway). By using OTR, Google has no idea what you are typing, even as you use their servers to send & receive XMPP data. As a bonus, you can proxy any of these applications over Tor, so Google has no idea where you are even connecting from, anonymising your IP address.
Because of the benefits of an open protocol, the fact that Google is in the US is far less of a problem than Microsoft being in the US because Skype by design restricts your ability to know how it communicates with Microsoft's supernodes and other Skype clients. This is the very nature of proprietary software: to subjugate you, keep you ignorant, and wield power over you. Google may not be perfect, but at least they are committed to using open standards as the base level of their communication networks, and explicitely encourage people to use what software they want, allow proxied and/or Torified connections to their services, & allow you to use end-to-end encryption with crypto keys that YOU control.
TL,DR:
I am very happy to find out a friend has a Google account, so that as soon as they use it with OTR encryption, I can communicate with them safely & securely from my own XMPP server with end-to-end encryption using an standard, open protocol. Incomparably better than Skype.
As a user and part of the community, I think everyone deserves and has the right to demand what they think is good for them.
1. any government entity that asks
2. on windows servers
The old Skype use to use the quickest nodes, Skype users whose connections where fast enough and open enough to route calls. The new Microsoft enhanced version routes all calls through their US servers. Which for me (other side of world) means incredible lag.
I always thought this was the reason Microsoft bought it:
http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/
It would be an instant profit center to let the NSA watch Skype calls.
"Counter Terror Expo News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic."
"Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. "
Except it's not P2P now, once Microsoft bought it, they stopped the direct routing.
I created a Skype account long before it was bought by Microsoft, and I used a secret and unique email address for this purpose.
After Microsoft acquired Skype, I started receiving emails from Facebook to this email address.
I also started receiving emails from Skype saying that they have suspended my credit "temporarily" in Skype because I haven't used it in a while, but that I can "reactivate" it any time I want in their website. To me this sounds like "its just the tip".
Microsoft business practices at its best.
The NSA *did* tap the net at ATnT's hub in San Fransisco, Congress did give them immunity after the fact.
The article is from a trusted source.
It does quote an industry insider.
There is profit to be made from selling access.
It is legal for NSA to pay for that access as long as they believe one party to the conversation is outside the USA.
Microsoft did change the routing so that all comms travels through servers in the USA ending the P2P behaviour.
So the NSA has been tasked with a job of intercepting comms, they were paying ATnT interception charged. Skype was a problem due to it's P2P nature, Microsoft bought it, and it's P2P nature was killed. I don't think it's a conspiracy to imagine that Microsoft charges intercept fees for Skype and that's why it's a potential profit center and why they bought it.
Do you imagine NSA intercepts *other* comms, but not Skype?
Do you imagine Microsoft provides intercept for free??
Are you crazy?
http://www.slate.com/blogs/future_tense/2012/11/29/facebook_likes_skype_used_to_build_fbi_case_against_california_terrorism.html
"Other sections of the complaint detail how the FBI was somehow able to obtain audio and video recordings of Skype conversations in which their confidential informant participated. "
Slate says it possible they installed software on the persons PC that intercepted Skype. (yet it didn't record video outside the skype call??? or audio outside the skype call??? Not likely).
No, Microsoft controls the supernodes now, it hands out the keys, it can simply intercept any conversation at any time and that's most likely what happened here.
That's why the FBI didn't have video or audio outside the skype conversation.
"Everything we see has some hidden message. A lot of awful messages are coming in under the radar - subliminal consumer messages, all kinds of politically incorrect messages..." - Harold Ramis
"RFID in School Shirts must be trial run"
The trial runs began a LONG time ago!
We're way past that process.
Now we're in the portion of the game where they will try and BRAINWASH us into accepting these things because not everyone BROADCASTS themselves on and offline, so RFID tracking will NEED to be EVERYWHERE, eventually.
RFID is employed in MANY areas of society. RFID is used to TRACK their livestock (humans) in:
* 1. A lot of BANK's ATM & DEBIT cards (easily cloned and tracked)
* 2. Subway, rail, bus, other mass transit passes (all of your daily
activities, where you go, are being recorded in many ways)
* 3. A lot of RETAIL stores' goods
* 4. Corporate slaves (in badges, tags, etc)
and many more ways!
Search the web about RFID and look at the pictures of various RFID devices, they're not all the same in form or function! When you see how tiny some of them are, you'll be amazed! Search for GPS tracking and devices, too along with the more obscured:
- FM Fingerprinting &
- Writeprint
- Stylometry
tracking methods! Let's not forget the LIQUIDS at their disposal which can be sprayed on you and/or your devices/clothing and TRACKED, similar to STASI methods of tracking their livestock (humans).
Visit David Icke's and Prison Planet's discussion forums and VC's discussion forums and READ the threads about RFID and electronic tagging, PARTICIPATE in discussions. SHARE what you know with others!
These TRACKING technologies, on and off the net are being THROWN at us by the MEDIA, just as cigarettes and alcohol have and continue to be, though the former less than they used to. The effort to get you to join FACEBOOK and TWITTER, for example, is EVERYWHERE.
Maybe, you think, you'll join FACEBOOK or TWITTER with an innocent reason, in part perhaps because your family, friends, business parters, college ties want or need you. Then it'll start with one photo of yourself or you in a group, then another, then another, and pretty soon you are telling STRANGERS as far away as NIGERIA with scammers reading and archiving your PERSONAL LIFE and many of these CRIMINALS have the MEANS and MOTIVES to use it how they please.
One family was astonished to discover a photo of theirs was being used in an ADVERTISEMENT (on one of those BILLBOARDS you pass by on the road) in ANOTHER COUNTRY! There are other stories. I've witnessed people posting their photo in social networking sites, only to have others who dis/like them COPY the photo and use it for THEIR photo! It's a complete mess.
The whole GAME stretches much farther than the simple RFID device(s), but how far are you willing to READ about these types of instrusive technologies? If you've heard, Wikileaks exposed corporations selling SPYWARE in software and hardware form to GOVERNMENTS!
You have to wonder, "Will my anti-malware program actually DISCOVER government controlled malware? Or has it been WHITELISTED? or obscured to the point where it cannot be detected? Does it carve a nest for itself in your hardware devices' FIRMWARE, what about your BIOS?
Has your graphics card been poisoned, too?" No anti virus programs scan your FIRMWARE on your devices, especially not your ROUTERS which often contain commercially rubber stamped approval of BACKDOORS for certain organizations which hackers may be exploiting right now! Search on the web for CISCO routers and BACKDOORS. That is one of many examples.
Some struggle for privacy, some argue about it, some take preventitive measures, but those who are wise know:
Privacy is DEAD. You've just never seen the tombstone.
Remember how there were big articles in the news that Skype was a problem for law enforcement and criminals were avoiding police investigations by using it. The complaints by law enforcement have stopped, which says enough to me.
The Virtual Bookcase: book reviews
"Internet Privacy" is an oxymoron, anyway. Anything you do/say has a good chance of being logged or recorded. Don't do illegal stuff or look at sheep porn, and you have a lot less to worry about, unless you're in business and worried about trade secrets getting out.
All of it, all of it, hell yes.
Assume anything else about a closed client using a closed protocol running on a black box P2P network, regardless of what anyone says, and you're a moron.
"When information is power, privacy is freedom" - Jah-Wren Ryel
I hate MS as much as the next guy but Skype was exactly just like that before MS bought 'em too. We never really knew how the key exchange works, and being locked into a single implementation of the protocol meant that one implementation could be doing other things independent of the protocol, so nobody has ever had any reason to suspect that it might be secure. It's got nothing to do with Microsoft or the change of ownership. Skype didn't get worse; it simply didn't get better.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
That's what you think when you buy into skype's hype.
But what you have to realise that skype is closed (not only the source, but even the protocole is kept secret).
There are industry standards already out there. Not as in some technical document written by a master student. But as in currently widely deployed and used by lots of companies/users/etc.
XMPP (started by Jabber) is an open standard with wide adoption for internet messaging. And it allows federation (users on any server can chat with users of any other server. For exemple between @gmail.com and @jabber.org).
Jingle is a layer developed by Google which adds audio/video capabilities to the XMPP infrastructure.
Among other:
- Google uses XMPP for its Google Talk chat (and allows federation).
- MSN and Facebook offer XMPP gateway to their chat system. (Although with a few limitation: no federation, so only chat with users on the same network, and both use some proprietary skype web-plugin technology for audio/video).
SIP is an industry standard for VoIP (and chat, thanks to the SIMPLE extension). As in virtually everybody else beside skype is using it.
- It allows some federation (@iptel.org user can chat and call @ekiga.net users)
- it's the absolute standard. If you here of a non-slype VoIP-to-landline, chance are they are accessed using SIP.
And now come the best part of using open technologies:
OTR (for of the record) is an end-to-end encryption layer which can be stacked above any chat system. It's included by default in some popular chat software (Adium, Jitsi, etc)
That means you can also run it above XMPP, so Google can't read your messages.
As long as both ends use OTR, you can encrypt your messages no matter the chat system underneath.
(That means it could be even theoretically implemented above Skype)
Both XMPP/Jingle and SIP use RTP for their media channels which *is* peer-2-peer (unless a TURN server is required, and even then the user can chose a trusted server). Due to the way this work (Jingle and SIP are signaling protocols: they are used to get point to agree to open an audio/video session, but the actual session happens over RTP), its very easy to add security here too. And it's been done: its called SRTP and ZRTP and they are standards too.
As long as both ends support SRTP/ZRTP its possible to encrypt any audio/video RTP session no matter the signaling used (so even for users of Google Talk).
What we don't have are 660+ million registered users.
Well if you think about creating your own new chat system, there's indeed a network effect in favour of skype.
BUT remember those standard mentioned above?
XMPP is already used by Google. That means there are already hundreds of million registered users there too.
(you could also count Facebook in, if you consider the limitations - they can only chat with other facebook users, and use a proprietary fomat for audio/video chat)
Suddenly Skype is "just another player in the field".
Landline and mobile access.
Are you kidding? This is just plain uninformed.
SkypeIn/SkypeOut is far from the only VoIP-2-Phone access provider.
There are hundreds of such providers out there.
And virtually all of them are using the SIP standard (some are also offering the older H323 standard) (and I think google's own voice system is also available as XMPP/Jingle).
In fact, they are much more interesting: as they use an open standard, you can pick any of your choosing. It's a free open market with a real pressure to keep the prices low.
If you use Skype, you're limited to only using their SkypeIn/SkypeOut service and their prices.
If you use another software based on open standard, not only can you chat with all the people you already have from Google (or Facebook) but you can also make calls using the landline provider you choose which has the best prices for you (my SIP-to-landline provider is cheaper than skype)
A
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Well as Skype doesn't inter-operate nicely with any standard, that indeed makes thing a little bit more complicated.
But you can still use your own SIP-to-landline provider to call their SkypeIn number and vice-versa.
You lose quality and latency because of the extra hop through landlines (the nearest Skype server and SIP provider communicate) and no ability to form a direct peer-2-peer channel.
But at least in most combination this should involve free calls and thus no extra costs.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I'm sure that alternatives like jitsi, Retroshare and other open source options work just as well or better, but, unfortunately, the network effect creates a huge barrier.
But the network effect stop being a barrier once you realise that Jitsi support XMPP among other standards and Google Talk use it too.
Just enter you google account and you can as of today chat and call any of your friends who also has a google account.
(The other could even be using Google's web interface, so you are the only one installing the software - though by doing so you accept some limitation, mostly security, like unable to run an encryption and avoiding the possibility that Google eavesdrop).
No need to convince anybody. Just use what they already have.
Do you think they even give a crap when they'll gladly sign away their privacy for Facebook?
The fact that they signed the privacy for facebook is also interesting: that mean that they HAVE a facebook account.
And facebook provides also a XMPP gateway to their chat system.
That mean that, without any convince work to do, you can also chat with all the friends you have on facebook.
Although again with some limitations:
- Facebook users can only chat with other facebook users (forget about using your @gmail.com account to chat to someone @facebook.com. They don't support federation.)
- The audio/video isn't available in XMPP/Jingle standard, only as a derivative of skype webplugin technology.
(And the same limitations as above: if only one end is using jitsi/pidgin/whatever and the other end is using the web interface, no encryption is possible everything ends up in facebook's archives).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Ekiga is a good replacement for SkypeIn/SkypeOut, as there are hundred of VoIP-to-landline SIP providers, all competing on prices, to choose from.
(And also, this gives a possibility to communicate with Skype users through their SkypeIn number)
But Ekiga only supports SIP (and H323), but not XMPP/Jingle yet.
Thus you're still a victim of Skype's network effect, and can't leverage all your Google and Facebook friends to chat with them.
My solution is using a combo of both Ekiga (for call to landlines) and Pidgin (to chat with my friends through XMPP)
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]