(1) Microsoft is a US Corporation
(2) With the Skype acquisition, Microsoft (arguably) becomes a telecommunications carrier.
(3) CALEA passed in 1994, "requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time." [a]
My (unfounded, optimistic) speculation is the skype acquisition was strategic positioning in the mobile market: seamless cutover to skype when your phone has WiFi.
a - http://en.wikipedia.org/wiki/Communications_Assistance_for_L...
Whether it's for or against our interest was never addressed.
For services hosted in other countries the law in those countries might well have something it can say/do, but even if they do successfully put their feet down MS could just pull the services out (costing the country if the investment in equipment/services/employees is significant) and move them elsewhere. They might be able to add the protection needed under those non-US laws the nodes in the affected areas, it depends on the exact wording and enforcement of the law, but even if they did you lose that protection as soon as you hit a node elsewhere anyway.
Practically speaking if this is a concern for you (and it might legitimately be: contrary to what governments seem to think people and companies that are not criminal, not just the criminals/terrorists, have good reasons to want some privacy generally and more specifically those in competition with MS (amongst others) would not want to trust them as the gate-keepers) then your only option is to find an alternative to Skype. That isn't going to be easy though: any commercial provider is going to comply with the same regulations otherwise they'll find it difficult to operate in the US market (or the Chinese market which is growing much faster and is even more spy-y than the US) and even if you find something you then need to convince other to use it too.
The actual hosting country does not always matter. In the Netherlands for instance (i can't speak for other countries) -where- a service is hosted is irrelevant. If you market your service to Dutch citizens (you have a Dutch language version of the site, or a Dutch contact number for instance) you are assumed to abide by Dutch law and can be prosecuted in a Dutch court if you don't.
But they were still legally required to have done so, and the DOJ could have sent them up shit creek if doing so ever became a priority.
What's changed now? Probably just that Microsoft's legal division wasn't comfortable having that kind of regulatory non-compliance under their watch. Microsoft gets a lot of scrutiny from the DOJ and probably aren't particularly keen on being hauled up on new charges over this issue.
It is possible that after receiving a wiretap request Skype will route your calls differently. But they could have rolled this out by just upgrading the supernode code and keeping supernodes distributed.
It seems far more likely that they made this change for stability/reliability. Particularly after the Skype network crashes that have happened in the past.
Would it be too much of a stretch to assume the clients can be directed to use one of the new Linux super nodes at will?
^Unless you can predict the translated source port
If they get a wiretap order and your client can normally achieve a direct connection with a particular user, they could just emulate connection failure and the clients would revert to using the proxy without informing the user (after all, they are designed to do that for the sake of resilience of the user experience). You can probably see where the traffic is going, the client may even tell you without you having to dig far, but you won't know if you are going via the middle-man server(s) because of a general network issue that is stopping a direct connection being possible or if it is because of a wire-tap.
I have a sideband connection to a server, and I tell it to route my negotiation packets to my peer's sideband connection. I literally never even touch a UDP port or connection, and the library I uses establishes a connection using STUN(-light). And from having read the source, it doesn't explicitly determine or set the mapping (using uPNP) either.
Right, that's why TURN is part of ICE.
"This has not changed the underlying nature of Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes)."
Now obviously this could be a lie, but it should be fairly simple to prove one way or another - simply force a call between 2 NAT'd clients, and trace where the voice packets go, it'll either be to one of these newly centralised supernodes, or somewhere else?
1 - http://arstechnica.com/business/2012/05/skype-replaces-p2p-s...
To keep OT:
Perhaps they will be soon required to be able to wiretap
It will also bring benefits to end users if the client's machines won't become supernodes. And perhaps avoid the problems from last December
Why do HN mods change perfectly good titles seemingly at a whim, and then when there's a linkbait title screaming to be changed, then don't touch it?
This way you would get a quick indicator of whether or not you were likely being monitored.
Wow. Does it make it the first, large scale, internal(¹) deployment of non-Windows infrastructure by Microsoft? The question is: why? Do their engineers managed to convince the company that Windows is ill-suited to the task? I am quite stupefied.
(¹) "Internal" as opposed to situations where Microsoft inherited non-Windows infrastructure from external acquisitions, such as when they acquired Hotmail in 1997 and their 5000 FreeBSD servers (eventually migrated to Windows.)
They acquired skype. So the question would be, Is it worth rewriting a ton of working code just so we can say it runs on our platform.
I'm pretty sure Hotmail ran Linux or BSD for quite a while after Microsoft bought them (though probably not any more)
Skype may yet transition to Windows servers, but MS are hardly going to insist they make it their first and only priority. That would be insane.
Moving an entire service to a different OS isn't quite that simple, so the simplest thing was to just add capacity using whatever was running at the moment.
While they obviously don't publicise it I think they've probably used Linux where it's appropriate for some time now.
I've seen Skype being used a lot in businesses both centralized and decentralized.
If you have a distributed system but want to wiretap some calls, I think it would be easier to have some back door for instructing clients "whenever you make a call/get a call from one of these numbers, CC us".
In the long term, I hope the WebRTC protocol will disrupt both of them.
What's gonna be from now on? Stay put, and watch it.
Good luck getting your non-techie friends to use that though. Skype became popular because it just worked, which at that point had not reliably been achieved even for plain voice calls, much less video.
No, what we're dealing with here is a dragnet cast upon the comms of users around the world, who aren't protected by US Constitution and thus can be tapped at will by US agencies and even private corporations without any warrants or oversight.
For instance, if Microsoft wanted to learn about technical or trade secrets of competitors communicating through Skype (say, a couple of start-up founders), now they're free to do it.
Also, if a US agency wanted to put on a no-fly list some people who casually converse about what morons those TSA people are or how all US administrations support the Israeli regime that commits war crimes against Palestinians, now it's very easy to do.
Is that any different from using, say, Gmail or Google Apps? Not saying that Google is looking at that data but this is a problem with essentially every web-based communication tool. People shouldn't have an expectation of privacy or security just because it's a company they know/like or it's a popular tool.
- location and contact history (cell phones)
- message history and address book (email, social network)
- interests/activities (calendars, event tools, feed
- browsing history
As an engineer, think about the evil fun you could have with that data. You could really mess somebody up if you didn't like them.
None of this is legal, and if discovered there would be a legal case to answer.
What? No they're not.
You knew this was a batshit claim when you saw someone trying to map the Constitution to Microsoft in the first place, since the Constitution doesn't regulate private businesses at all.
Come on. We're smarter than this.
(To your first question: ask Robert Metcalfe (3com), Charles H. Ferguson etc. To your second question: drones. -- Welcome to the real world)
But true, this has little to do with skype.
The root comment in this thread suggests that Microsoft might be centralizing Skype so that it can scrape trade secrets out of phone calls. That sentiment is based on a preposterous misapprehension about how international law works.
There isn't really anything that is called "international law", as such. There are agreements between nations, and those agreements are what they are.
I really wonder how much espionage is going on. Does MS have a mole at Google, and vice versa?
You aren't very specific though. I'm not familiar with transnational tort claim and I doubt it as popular to others here in HN either. Is it as solid as you seem to make it? Google has little (easily accessible material) on it. It doesn't sound like something that is illegal by itself; only that they could be sued by those startups if/when they find out (and decide to saddle up for an international case against a huge company... yeah that probably isn't very likely).
All of the sudden the outrageous $8.5 billion price Microsoft paid for Skype (and twice as much as any other competing bid) starts to make sense.