Slashdot Mirror

← Back to Stories (view on slashdot.org)

Privacy Advocates Demand Transparency From Skype

Posted by samzenpus on from the pay-no-attention-to-the-man-behind-the-curtain dept.

tsamsoniw writes "Dozens of privacy advocates, Internet activists, and journalists have issued an open letter to Skype and Microsoft, calling on the companies to finally get around to being clear and transparent as to who has access to Skype user data and how that data is secured. 'Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place,' reads the letter, signed by such groups as the Digital Rights Foundation and the Electronic Frontier Foundation."

7 of 95 comments (clear)

  1. We need a skype alternative by Anonymous Coward · · Score: 5, Insightful

    Time to create an open source skype alternative. We have the technology, knowhow and codecs necessary to make this happen.

  2. Just stop using Skype by Hatta · · Score: 5, Informative

    Use Jitsi or Retroshare instead. Both support VOIP, and both are free an open source. Jitsi does XMPP and SIP. Retroshare is a darknet application with the PGP web of trust model with a voip plugin.

    There are good alternatives today that aren't beholden to any corporate interest. Use them.

    --
    Give me Classic Slashdot or give me death!
  3. Where's the trust? by OhANameWhatName · · Score: 5, Funny

    Why not just trust Microsoft?

    What could possibly go wrong?

  4. Do Microsoft exploit private communications? by Anonymous Coward · · Score: 5, Informative
    I know a person who developed a product which Microsoft had an interest in. They were communicating with their programmers about changes to their product through Hotmail. They noticed when they discussed a weakness in Microsoft's web services that Microsoft's product it would be mysteriously patched a few days later. After it happened several times, they decided to stop using Hotmail just in case. It would be bad publicity if they caught Microsoft, but catching employees doing something "wrong" in someone else's company is practically impossible. Companies which handle our private data need to tell us how our data is being used, but while Europe has many privacy laws America has practically none. The probability of being caught is next to zero and if they were Microsoft would circle their wagons. People do things like that because they don't think they will be caught. It would be foolish to trust Microsoft with Skype in the absence of an assurance they won't.

    Facebook for all its sins at least tells those interested enough to look what they do with their private data. Microsoft doesn't.

  5. The point is that Google uses XMPP.... by ornia · · Score: 5, Informative
    The fact that Google is based in the US is far less important than the fact that the backbone of their communications infrastructure uses a protocol with an open specification (RFCs included). Google Talk (also including Gmail Chat) provides every single person with a Google account a connection to the macrocosm of every federated XMPP server on the Internet, which also happens to be a benefit for those who want secure, end-to-end encryption on a service not controlled by a single company.

    XMPP (aka Jabber), as an open protocol, has been implemented in a gigantic amount of both client & server software, in both free/libre and proprietary projects, and on many platforms. Google accounts (meaning every single Gmail, Youtube accounts, and almost all Android users) all have 100% standards compliant XMPP accounts as well, meaning they can use any client they choose. You don't need to hear it from me, read what Google themselves have to say on the matter:

    In addition to the Google Talk client, there are many other clients out there that provide a great communications experience. We believe users should have choice in which clients they use to connect to the Google Talk service and we want to encourage the developer community to create new and innovative applications that leverage our service. To enable this, Google Talk uses the standard XMPP protocol for authentication, presence, and messaging.

    What does this mean for those who care about security? For one, you can choose software that includes Off-the-Record end-to-end encryption (OTR) such as Pidgin with the OTR plugin on GNU+Linux or Windows, or Adium (which has OTR built-in and enabled by default) on Mac OS X. On Android you can use Beem or Gibberbot, although I personally recommend Beem (and if you are using iOS you obviously don't give a shit about security anyway). By using OTR, Google has no idea what you are typing, even as you use their servers to send & receive XMPP data. As a bonus, you can proxy any of these applications over Tor, so Google has no idea where you are even connecting from, anonymising your IP address.

    Because of the benefits of an open protocol, the fact that Google is in the US is far less of a problem than Microsoft being in the US because Skype by design restricts your ability to know how it communicates with Microsoft's supernodes and other Skype clients. This is the very nature of proprietary software: to subjugate you, keep you ignorant, and wield power over you. Google may not be perfect, but at least they are committed to using open standards as the base level of their communication networks, and explicitely encourage people to use what software they want, allow proxied and/or Torified connections to their services, & allow you to use end-to-end encryption with crypto keys that YOU control.

    TL,DR:

    I am very happy to find out a friend has a Google account, so that as soon as they use it with OTR encryption, I can communicate with them safely & securely from my own XMPP server with end-to-end encryption using an standard, open protocol. Incomparably better than Skype.

  6. NSA Offers Billions for Skype Hack (2009) by Anonymous Coward · · Score: 5, Interesting

    The old Skype use to use the quickest nodes, Skype users whose connections where fast enough and open enough to route calls. The new Microsoft enhanced version routes all calls through their US servers. Which for me (other side of world) means incredible lag.

    I always thought this was the reason Microsoft bought it:
    http://www.theregister.co.uk/2009/02/12/nsa_offers_billions_for_skype_pwnage/

    It would be an instant profit center to let the NSA watch Skype calls.

    "Counter Terror Expo News of a possible viable business model for P2P VoIP network Skype emerged today, at the Counter Terror Expo in London. An industry source disclosed that America's supersecret National Security Agency (NSA) is offering "billions" to any firm which can offer reliable eavesdropping on Skype IM and voice traffic."

    "Skype in particular is a serious problem for spooks and cops. Being P2P, the network can't be accessed by the company providing it and the authorities can't gain access by that route. "

    Except it's not P2P now, once Microsoft bought it, they stopped the direct routing.

  7. Facebook in bed with MS by alantus · · Score: 5, Interesting

    I created a Skype account long before it was bought by Microsoft, and I used a secret and unique email address for this purpose.
    After Microsoft acquired Skype, I started receiving emails from Facebook to this email address.
    I also started receiving emails from Skype saying that they have suspended my credit "temporarily" in Skype because I haven't used it in a while, but that I can "reactivate" it any time I want in their website. To me this sounds like "its just the tip".

    Microsoft business practices at its best.