

Security Flaw Links BitTorrent Users to Skype Accounts  - stfu
http://torrentfreak.com/security-flaw-links-bittorrent-users-to-skype-accounts-111020/

======
bri3d
No; it links Skype Accounts to IPs, which then can be _correlated_ with
BitTorrent swarm peers.

IPs are not people - this is a fundamental misunderstanding that both
MPAA/RIAA lawyers, and, for a long time, misinformed courts liked to
propagate, although it seems the tide is turning in this department. Nothing
says an IP assigned to an account I owned was used by me, and nothing says the
same person using a Skype account from any given IP is also the person who
told BitTorrent to join a swarm from that IP.

This is a really obvious, but also relatively serious issue with the P2P
nature of Skype, as that account -> IP correlation really is powerful - but I
hate the way this article was written.

~~~
ajross
The core flaw seems to be that it allows remote, undetectable (via the Skype
client, anyway) determination of the user's IP. And it works independently of
the privacy settings. All you need to know is someone's skype ID and you can
find them on the internet.

While you're right that the article is misleading, I think you're interpreting
it in the wrong direction: this flaw is _much worse_ than the ability to track
torrent downloads.

------
Zash
Summary: It's easy to find out the IP address of an arbitrary Skype user from
their username, which can be found in the Skype global directory. This is done
by calling the user, but without the UI notifying user. Nor able is the user
able to block this and it can be done by someone not in your contact list. And
it works even if the target user is off-line. So it's super easy to track
someones movements.

~~~
acqq
Yes, you are not safe even if you are logged off from Skype!

PDF here:

<http://news.ycombinator.com/item?id=3137303>

"When the caller calls a Skype user who is currently off-line, the Skype
application will still provide to the caller the user’s most recent IP
address, as long as the user was running Skype in the past 72 hours. For this
reason, we are able to retrieve the IP address of a Skype user that used Skype
within the past 72 hours" (!)

------
aw3c2
Sensationalist fear-mongering spread by a tabloid filesharing blog. If you
want to take something from this, just make it "You can find out a person's IP
if you know the Skype username and said person is online with Skype by making
a hidden call (which Skype should probably prevent)". Skip this, move on.

~~~
Zash
Or has been online sometime during the last 72 hours.

But yes, not the best article.

------
rabidsnail
"Scribd is down as of 19:45 PDT for maintenance."

