Even if the sensational headline is accurate, it's not worth the conspiracy theories:
(1) Microsoft is a US Corporation
(2) With the Skype acquisition, Microsoft (arguably) becomes a telecommunications carrier.
(3) CALEA passed in 1994, "requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time." [a]
My (unfounded, optimistic) speculation is the skype acquisition was strategic positioning in the mobile market: seamless cutover to skype when your phone has WiFi.
Your comment seems to be built on the assumption that if the government has passed laws to make what it does legal, then we shouldn't worry— nothing conspiratorial or against our interests is occurring.
He's just saying it's not conspiratorial, it's blatantly part of the U.S. Code. Microsoft isn't colluding with the government behind closed doors, they're complying with the laws necessary to move into a slightly different market.
Whether it's for or against our interest was never addressed.
As a fine upstanding non-US citizen you are simply not considered by that law, and so can't be considered as much as you might like by the companies implementing systems that have to comply with that law. Microsoft's options are move to another country (not going to happen), ignore the law (not going to happen as it could cost them dear), or implement the law even though it might cause problems in markets outside the US.
For services hosted in other countries the law in those countries might well have something it can say/do, but even if they do successfully put their feet down MS could just pull the services out (costing the country if the investment in equipment/services/employees is significant) and move them elsewhere. They might be able to add the protection needed under those non-US laws the nodes in the affected areas, it depends on the exact wording and enforcement of the law, but even if they did you lose that protection as soon as you hit a node elsewhere anyway.
Practically speaking if this is a concern for you (and it might legitimately be: contrary to what governments seem to think people and companies that are not criminal, not just the criminals/terrorists, have good reasons to want some privacy generally and more specifically those in competition with MS (amongst others) would not want to trust them as the gate-keepers) then your only option is to find an alternative to Skype. That isn't going to be easy though: any commercial provider is going to comply with the same regulations otherwise they'll find it difficult to operate in the US market (or the Chinese market which is growing much faster and is even more spy-y than the US) and even if you find something you then need to convince other to use it too.
"For services hosted in other countries the law in those countries might well have something it can say/do"
The actual hosting country does not always matter. In the Netherlands for instance (i can't speak for other countries) -where- a service is hosted is irrelevant. If you market your service to Dutch citizens (you have a Dutch language version of the site, or a Dutch contact number for instance) you are assumed to abide by Dutch law and can be prosecuted in a Dutch court if you don't.
After CALEA was extended to online services in 2006, Skype was legally required to implement wiretapping. They didn't, and stated they had no intention of complying with CALEA publicly, but never seemed to have been targeted by the DOJ over their non-compliance.
But they were still legally required to have done so, and the DOJ could have sent them up shit creek if doing so ever became a priority.
What's changed now? Probably just that Microsoft's legal division wasn't comfortable having that kind of regulatory non-compliance under their watch. Microsoft gets a lot of scrutiny from the DOJ and probably aren't particularly keen on being hauled up on new charges over this issue.
Contrary to the article, Skype didn't previously use supernodes for traffic between NATed clients. They were just used for NAT hole punching and then the traffic was direct between the clients.
It is possible that after receiving a wiretap request Skype will route your calls differently. But they could have rolled this out by just upgrading the supernode code and keeping supernodes distributed.
It seems far more likely that they made this change for stability/reliability. Particularly after the Skype network crashes that have happened in the past.
Well, you need a 3rd machine to route traffic between two machines if both are behind NAT^. It was my understanding that supernodes were (also) used for this.
^Unless you can predict the translated source port
No hole punching method will work for all combinations of firewall at each end of the intended communications channel. If connecting the clients directly in either direction after the initial negotiation fails then Skype (and tools like it) will instead send the data via a 3rd host (which sits in the middle and acts as a bridge between the two TCP streams).
If they get a wiretap order and your client can normally achieve a direct connection with a particular user, they could just emulate connection failure and the clients would revert to using the proxy without informing the user (after all, they are designed to do that for the sake of resilience of the user experience). You can probably see where the traffic is going, the client may even tell you without you having to dig far, but you won't know if you are going via the middle-man server(s) because of a general network issue that is stopping a direct connection being possible or if it is because of a wire-tap.
Doesn't contradict the parent post. For hole punching you need to know the source (host+port) your peer sends traffic from. If the source port is randomised (or already used by someone for udp if nat prevents sharing), hole punching will fail.
If you're natted, the source port seen by supernode doesn't have to be the same as the one seen by others. Someone on your network may be talking to the same supernode already, so the conflict has to be resolved by some remapping in the nat.
No. I don't know why you're not listening to what he's saying. I can tell you, from currently writing code that does STUN negotiation, unless you have two peers behind full-cone NAT (which is rather rare actually), you do not need to know what the port mapping/translation is.
I have a sideband connection to a server, and I tell it to route my negotiation packets to my peer's sideband connection. I literally never even touch a UDP port or connection, and the library I uses establishes a connection using STUN(-light). And from having read the source, it doesn't explicitly determine or set the mapping (using uPNP) either.
In my work with VoIP that situation was pretty much the default assumption. I agree that it's only the double NATed situation that's hard to handle, but stay by my opinion that sometimes it's just impossible to resolve without a middle man. But it depends on many things - clients, routes, number of people in local network using the same application, etc. Sometimes you just have to fall back to proxying everything.
The change is interesting (though not that new it seems), but Microsoft flatly state that calls do not go over supernodes [1]:
"This has not changed the underlying nature of Skype’s peer-to-peer (P2P) architecture, in which supernodes simply allow users to find one another (calls do not pass through supernodes)."
Now obviously this could be a lie, but it should be fairly simple to prove one way or another - simply force a call between 2 NAT'd clients, and trace where the voice packets go, it'll either be to one of these newly centralised supernodes, or somewhere else?
Calls don't go over supernodes: I frequently call people on Skype for a conference, with my brother participating on the same network, and when the call drops, my brother and me can still talk. Might be that this is an exception for extremely local connections, but I've had similar experiences in other situations as well.
I don't think so. They wouldn't be able to target the ads without a lot of effort.... That's a LOT of voice recognition going on in a setting where people are not trying to dictate.
Most companies these days are hoarding data with no current abilities to analyze it for profit. They're rightly predicting that analytical capabilities will improve and they don't want to be the ones living in that world without massive amounts of customer data.
Right. That way I can send you the ads I would have targetted to you if you were still in college! That you are now 40 and have 3 kids is no matter. You still want all the cool college stuff, right?
They're not necessarily storing the data now to analyze later. They're building the capacity to acquire that data so that when the time comes all they have to do is flip a switch.
I'm not saying it'll ever pan out, I'm saying it's a much more likely explanation for Microsoft centralizing certain types of Skype communication than some shady back-alley deal with the NSA.
Just thinking out loud, but wouldn't it be possible to build a simple skype-addon that would look at your network traffic and be able to tell if your voice conversations were going through a supernode and not p2p.
This way you would get a quick indicator of whether or not you were likely being monitored.
Wow. Does it make it the first, large scale, internal(¹) deployment of non-Windows infrastructure by Microsoft? The question is: why? Do their engineers managed to convince the company that Windows is ill-suited to the task? I am quite stupefied.
(¹) "Internal" as opposed to situations where Microsoft inherited non-Windows infrastructure from external acquisitions, such as when they acquired Hotmail in 1997 and their 5000 FreeBSD servers (eventually migrated to Windows.)
But no code needed to be rewritten. Skype supernodes were working on Windows before (on Windows machines in the P2P network.) Microsoft effectively stopped supporting Windows!
I think rdl made that point well when he posted 4 hours before you did. You are both correct- my memory was faulty. But the main point about Hotmail running on a non-MS OS still stands.
Windows Server powers Messenger and the upcoming notification service, which do exactly the same thing as Skype: messaging and video.
Moving an entire service to a different OS isn't quite that simple, so the simplest thing was to just add capacity using whatever was running at the moment.
I was under the impression that they've used Linux in the past effectively as a firewall for their internet sites. Whether this was a temporary response to a specific situation or a semi-permanent thing I don't know but I recall reading that there was a period where Microsoft.com was returning non-Windows header information.
While they obviously don't publicise it I think they've probably used Linux where it's appropriate for some time now.
MSFT used Linux for DNS servers for a while, its unclear why they did that since they had so many other FreeBSD acquisitions anyways. Some loadbalancers returned BSD/Linux fingerprints when scanned, but its unlikely that MSFT actually used Linux in the direct path anywhere.
The implication with wiretapping (and the NSA acronym) is that it is about security and safety against criminals and terrorists. I've always wondered how much of a business advantage it is to be able to tap into the world's biggest VoIP network?
I've seen Skype being used a lot in businesses both centralized and decentralized.
I admit I don't know much about the internals of this, but maybe it's because, by serving as a node to forward other transmissions, the former Skype client drained people's mobile broadband data budgets. In this way they avoid this.
I think it is more likely because they want to build a social network for collaboration around Office 365, Yammer and Skype, and maybe, be able to give some uptime/quality guarantees to customers (things would not necessarily be better, but more under control of Microsoft)
If you have a distributed system but want to wiretap some calls, I think it would be easier to have some back door for instructing clients "whenever you make a call/get a call from one of these numbers, CC us".
The evidence on this one is rather thin. It takes a speculation in a comment on HN about what Microsoft could be doing - without any proof that they are actually doing it, adds some code that proves something Microsoft claims they do not do could be done if they wanted to do it - and the conclusion is Microsoft definitely has sold everybody to the Man. I think a jump from "they could be doing it" to "they did it" requires more proof than that.
This is the kind of thing that makes it annoying that just about all interesting internet companies are in the US. Why can't Europe step up with some competition?
Entrepreneurship is far more difficult in much of Europe. It's much more difficult to set up a corporation, access capital, especially speculative capital (i.e. VC money) as well as some fairly strict taxation and regulatory schemes. This article: http://buswk.co/Hltv5F explains a few if those factors.
The National Security Agency put out an RFP for Skype decrypting/intercepting awhile back and this was the first thing that popped back into my mind when Microsoft bought Skype. Then, when M announced they were replacing the supernodes, it only re-confirmed what was going on, in my mind.
first, make yourself familiar with WebRTC. it will require server side signaling. demo by google: http://www.webrtc.org/running-the-demos#TOC-Demos
sending srtp session keys over that signaling server sounds interesting
VSee (http://vsee.com/) doesn't look bad, but it's also closed sourced. Something built on open standards (SIP/XMPP) like Jitsi is likely to be more transparent because you won't have to guess what some mysterious supernode does and doesn't do with your data.
Good luck getting your non-techie friends to use that though. Skype became popular because it just worked, which at that point had not reliably been achieved even for plain voice calls, much less video.
Remember Microsoft has major contracts and relationships with the Chinese and Korean government, among others. This stuff is the dark underside of a Microsoft aquisition. Of course, they have relationships with the US govt as well, but Americans are obstensibly protected by the Constitution -- those protections (as well as due process) don't French exist in many countries with whom Microsoft does business.
You used to trust a shady Europe-based private corporation; now you have to trust a shady US-based private corporation. Regardless of their specific track records, there is nothing intrinsically different between the two.
Wiretapping sounds so innocent. Of course, all US comms must be available for lawful wiretaps in fight against crime.
No, what we're dealing with here is a dragnet cast upon the comms of users around the world, who aren't protected by US Constitution and thus can be tapped at will by US agencies and even private corporations without any warrants or oversight.
For instance, if Microsoft wanted to learn about technical or trade secrets of competitors communicating through Skype (say, a couple of start-up founders), now they're free to do it.
Also, if a US agency wanted to put on a no-fly list some people who casually converse about what morons those TSA people are or how all US administrations support the Israeli regime that commits war crimes against Palestinians, now it's very easy to do.
For instance, if Microsoft wanted to learn about technical or trade secrets of competitors communicating through Skype (say, a couple of start-up founders), now they're free to do it.
Is that any different from using, say, Gmail or Google Apps? Not saying that Google is looking at that data but this is a problem with essentially every web-based communication tool. People shouldn't have an expectation of privacy or security just because it's a company they know/like or it's a popular tool.
I've long thought that Google's ability to track searches from Microsoft IP addresses was one of the reasons for the development of Bing - i.e. Bing's value is, in part, that it plugs an information leak and siphons other leaks into Microsoft's data mine.
For instance, if Microsoft wanted to learn about technical or trade secrets of competitors communicating through Skype (say, a couple of start-up founders), now they're free to do it.
Do you seriously think trade secrets aren't enforceable outside US borders? That there's no such thing as a transnational tort claim? Do you also think that because the "Constitution doesn't protect" stuff that Microsoft can randomly steal from people? Can they murder people too?
You knew this was a batshit claim when you saw someone trying to map the Constitution to Microsoft in the first place, since the Constitution doesn't regulate private businesses at all.
What does ECHELON and military drones have to do with civil liability?
The root comment in this thread suggests that Microsoft might be centralizing Skype so that it can scrape trade secrets out of phone calls. That sentiment is based on a preposterous misapprehension about how international law works.
(I'm pretty sure you are directing all of your "you"s mostly to others in the thread so I will ignore the impatient and condescending tone)
You aren't very specific though. I'm not familiar with transnational tort claim and I doubt it as popular to others here in HN either. Is it as solid as you seem to make it? Google has little (easily accessible material) on it. It doesn't sound like something that is illegal by itself; only that they could be sued by those startups if/when they find out (and decide to saddle up for an international case against a huge company... yeah that probably isn't very likely).
Good luck finding a lawyer who has the skills to perform an international tort offense who charges less than six figures for it. Only a company like Microsoft has the cash to pull that off.
(1) Microsoft is a US Corporation
(2) With the Skype acquisition, Microsoft (arguably) becomes a telecommunications carrier.
(3) CALEA passed in 1994, "requiring telecommunications carriers and manufacturers of telecommunications equipment modify and design their equipment, facilities, and services to ensure they have built-in surveillance capabilities, allowing federal agencies to monitor all telephone, broadband internet, and VoIP traffic in real-time." [a]
My (unfounded, optimistic) speculation is the skype acquisition was strategic positioning in the mobile market: seamless cutover to skype when your phone has WiFi.
a - http://en.wikipedia.org/wiki/Communications_Assistance_for_L...