

Why Skype is Evil (2007) - rl1987
http://ultraparanoid.wordpress.com/2007/06/19/why-skype-is-evil/

======
nikcub
Article is from 2007 and most of it turned out to not be true . When Skype is
served a subpoena, they can only return account information, they are unable
to intercept or log voice or video calls[1] [2].

This is a big deal in China and Russia[3] where they block the service since
they have no way of intercepting it (ie. it is secure enough for two very
large governments to have no way of dealing with it).

Further proof is that there are no publicly known cases where skype call or
chat logs have been submitted as evidence, while you see google, microsoft,
ebay, craigslist etc. appear all the time.

Skype is an independent company again - and the reason why eBay bought it back
then is revenue ($850M pa last year), not some conspiracy theory

outside of the odd client exploit, skype is safe. I would trust it if I was a
dissident in an unfriendly foreign country and needed to communicate securely.

[1] [http://www.voiptechchat.com/tech/34/skype-says-no-to-wire-
ta...](http://www.voiptechchat.com/tech/34/skype-says-no-to-wire-tapping/)

[2] <http://news.cnet.com/8301-13578_3-9962106-38.html> \- see skype only IM
company that does not comply with wiretap requests

[3] [http://arstechnica.com/telecom/news/2009/07/russia-not-
the-f...](http://arstechnica.com/telecom/news/2009/07/russia-not-the-first-to-
see-skype-as-a-security-threat.ars)

~~~
vabole
1\. Skype is not blocked in Russia. Federal security officials voice their
concerns about Skype every once in a while, which causes rumors about possible
blockage in media. Although nothing came out of it yet.

2\. In China all skype servers redirect to their Chinese partner
<http://skype.tom.com/> Tom Skype has everything that you would expect in QQ
or other Chinese IM's, namely intrusive ads and content filtering. There is
research showing how much data is leaked by the Tom Skype and how insecurely
it is stored. <http://www.nartv.org/mirror/breachingtrust.pdf>

It is quite worrying that Skype has a such partner. Although it makes me think
that Google would have more success in China if it found a Chinese partner
like Tom Google.

~~~
nikcub
In a previous startup I spent a long time talking to TOM about taking our
product into the Chinese market. It comes down to them knowing people, and
they are very very good at what they do and very reasonable. I have no doubt
that because of the culture in the country and the way that business is done
that having somebody like TOM would be a huge gain for Google. Kai Fu-Lee was
supposed to be that, but he left. You can't really send Americans out there to
establish a business

------
muuh-gnu
I'm so tired of articles how bad/evil/insecure Skype is, while not suggesting
any usable alternative. Skype, whether you like it or not, has no viable
competition, almost 8 years after its initial release. By "usable" I have the
following requirements in mind:

* Cross platform: It has to offer clients for Linux, Win, OSX.

* It has to support voice and video.

* Easy to install: Even grandparents in Australia have to bee able to install it. No NAT and other configuration bullshit, just enter a name, a password and ready to go.

Skype has helped connect my all over the world scattered family for more than
half a decade now. I am absolutely willing to give up any kind of privacy and
security in order to be able to video-phone my family living thousands of
miles apart whenever I want at absolutely no cost. No, absolutely no free
software system has yet been able to provide the above 3 minimum requirements
for me to consider ever leaving skype.

P.S. Thanks for the immediate downvotes.

~~~
gniv
<http://www.google.com/chat/video>

~~~
muuh-gnu
No free software. Theres no point in replacing one closed system by another,
especially when the first one works much better. Googles system is only
accessible through Gmail, is very awkward to use and has the "irrelevant
addon" feel. Had Google _ever_ intended to offer widescale Voice&Video, they'd
have built video into Gtalk when they had the chance.

~~~
sabat
Actually, Google's video/audio calls work in the browser. Not only is the
software free, but you already have it.

~~~
codeup
You mean that only the browser is software, but not what runs in the browser?

------
nck4222
"Do I know that NSA helped fund eBay’s purchase of Skype? No, I certainly do
not."

It then links to an April Fools article
([http://www.oreillynet.com/etel/blog/2007/04/skype_revenue_fr...](http://www.oreillynet.com/etel/blog/2007/04/skype_revenue_from_national_se_1.html))
to help support that there's a link between the NSA and Ebay anyway.

EDIT: Maybe I missed the joke, since the name of the blog is ultra paranoid,
but that article was garbage.

------
trotsky
The NSA (and FBI et al.) have a pretty workable solution for strong encryption
on the wire - they attack the client. The client computer (or mobile) is
pretty much full of holes, if someone wants in they'll get in, and sooner
rather than later.

Related, the Germans seemed to have commissioned a trojan to monitor skype and
tls traffic on the endpoint: <http://www.wired.com/threatlevel/2008/01/leaked-
document/>

Somewhat related, the FBI routinely uses flaws to install CIPAV:
<http://www.wired.com/politics/law/news/2007/07/fbi_spyware>

Granted, none of this enables the wholesale monitoring of skype
communications. Practically, even if the NSA had access to individual signing
keys or some kind of side channel leakage it probably wouldn't be getting used
en masse. The computation requirements of decrypting all traffic are likely
significant, and operational security would discourage the wide use of a
closely held leakage bug in fear of disclosure like happened with the domestic
wiretapping scandal.

As an aside, I found it quite amusing to read _"For example, a person in
Germany, talking to a person in Russia using land-line phones would previously
have been out of reach for NSA"_ \- ultraparanoid? Pshaw.

------
sigzero
If we continue to label everything "Evil" when it is clearly not the word will
lose its meaning.

------
mfjordvald
This was posted in 2007, worth keeping in mind before jumping to conclusions.

~~~
crocowhile
Well, the main message still holds true though: if you need to make sure
nobody can eavesdrop your communications, you'd better off with open source
software.

~~~
weego
As long as you understand the code line by line and as an overall entity,
otherwise you are no better off. Just because you can read the source doesn't
mean you actually can.

~~~
vabole
Even if you can not read and understand the code you are still better off with
the open source. Due to the fact that independent researchers or programmers
unaffiliated with developers will be able to audit the code. While with the
closed source software, the only information you have about the inner workings
of the software is provided by the developing company.

------
dspillett
The word "evil" if much overused these days.

Slipping a little of topic: my main reason for distrusting Skype is that it is
currently owned by eBay. eBay are a very good company, in that they are very
good at being a company that does good for itself with little care elsewhere
while occasionally pretending otherwise (like every now and then they have a
"no PayPal feeds on donations to charity X" run).

------
rubyrescue
i spent a half hour reading that skype reverse engineering pdf a week ago and
just for kicks took a look at <http://en.wikipedia.org/wiki/Skype_protocol>
and it doesn't appear to me that the private keys are shared nor that they're
generated in an insecure manner... so how would skype be eavesdropping? the
article makes the case that skype is evil due to an intentionally weak
protocol but doesn't back it up with a technical argument as to what's wrong
with it. i'm not defending skype, just confused.

------
nextparadigms
I wonder if this has anything to do with that "bug" that gives root access to
Macs.

