Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Advocates Demand Transparency From Skype

Posted by samzenpus on from the pay-no-attention-to-the-man-behind-the-curtain dept.

tsamsoniw writes "Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally get around to being clear and transparent as to who has access to Skype user data and how that data is secured. 'Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place,' reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation."

3 of 95 comments (clear)

  1. Just stop using Skype by Hatta · · Score: 5, Informative

    Use Jitsi or Retroshare instead. Both support VOIP, and both are free an open source. Jitsi does XMPP and SIP. Retroshare is a darknet application with the PGP web of trust model with a voip plugin.

    There are good alternatives today that aren't beholden to any corporate interest. Use them.

    --
    Give me Classic Slashdot or give me death!
  2. Do Microsoft exploit private communications? by Anonymous Coward · · Score: 5, Informative
    I know a person who developed a product which Microsoft had an interest in. They were communicating with their programmers about changes to their product through Hotmail. They noticed when they discussed a weakness in Microsoft's web services that Microsoft's product it would be mysteriously patched a few days later. After it happened several times, they decided to stop using Hotmail just in case. It would be bad publicity if they caught Microsoft, but catching employees doing something "wrong" in someone else's company is practically impossible. Companies which handle our private data need to tell us how our data is being used, but while Europe has many privacy laws America has practically none. The probability of being caught is next to zero and if they were Microsoft would circle their wagons. People do things like that because they don't think they will be caught. It would be foolish to trust Microsoft with Skype in the absence of an assurance they won't.

    Facebook for all its sins at least tells those interested enough to look what they do with their private data. Microsoft doesn't.

  3. The point is that Google uses XMPP.... by ornia · · Score: 5, Informative
    The fact that Google is based in the US is far less important than the fact that the backbone of their communications infrastructure uses a protocol with an open specification (RFCs included). Google Talk (also including Gmail Chat) provides every single person with a Google account a connection to the macrocosm of every federated XMPP server on the Internet, which also happens to be a benefit for those who want secure, end-to-end encryption on a service not controlled by a single company.

    XMPP (aka Jabber), as an open protocol, has been implemented in a gigantic amount of both client & server software, in both free/libre and proprietary projects, and on many platforms. Google accounts (meaning every single Gmail, Youtube accounts, and almost all Android users) all have 100% standards compliant XMPP accounts as well, meaning they can use any client they choose. You don't need to hear it from me, read what Google themselves have to say on the matter:

    In addition to the Google Talk client, there are many other clients out there that provide a great communications experience. We believe users should have choice in which clients they use to connect to the Google Talk service and we want to encourage the developer community to create new and innovative applications that leverage our service. To enable this, Google Talk uses the standard XMPP protocol for authentication, presence, and messaging.

    What does this mean for those who care about security? For one, you can choose software that includes Off-the-Record end-to-end encryption (OTR) such as Pidgin with the OTR plugin on GNU+Linux or Windows, or Adium (which has OTR built-in and enabled by default) on Mac OS X. On Android you can use Beem or Gibberbot, although I personally recommend Beem (and if you are using iOS you obviously don't give a shit about security anyway). By using OTR, Google has no idea what you are typing, even as you use their servers to send & receive XMPP data. As a bonus, you can proxy any of these applications over Tor, so Google has no idea where you are even connecting from, anonymising your IP address.

    Because of the benefits of an open protocol, the fact that Google is in the US is far less of a problem than Microsoft being in the US because Skype by design restricts your ability to know how it communicates with Microsoft's supernodes and other Skype clients. This is the very nature of proprietary software: to subjugate you, keep you ignorant, and wield power over you. Google may not be perfect, but at least they are committed to using open standards as the base level of their communication networks, and explicitely encourage people to use what software they want, allow proxied and/or Torified connections to their services, & allow you to use end-to-end encryption with crypto keys that YOU control.

    TL,DR:

    I am very happy to find out a friend has a Google account, so that as soon as they use it with OTR encryption, I can communicate with them safely & securely from my own XMPP server with end-to-end encryption using an standard, open protocol. Incomparably better than Skype.