Hacker News new | comments | ask | show | jobs | submit login
Who Does Skype Let Spy? (schneier.com)
117 points by mikegerwitz on Jan 30, 2013 | hide | past | web | favorite | 65 comments

Do not expect any privacy by using any commercial communication platform or solution.

Consider yourself entering fullbody see-through scanner every time you conveniently send email, chat or do video call with Skype.

For total privacy use Tor-based communications channels, such as tormail.org (instead of any other email provider) and similar Tor-based solutions. The price for better privacy is usually less convenience and slower speeds.

I completely agree with you except for one thing. Tor isn't necessarily for privacy. It has more to do with anonymity by taking steps so people can't see who you are. By using Tormail there is still a chance that you can leak information about yourself and your contacts. Same goes for logging in to sites that carry your personal information.

If someone wants privacy then I would suggest using gpg/openpgp encryption for email/documents/etc., make sure https everywhere plugin is installed on your browser, noscript, adblock, etc. I suppose you get the same type of protection using the Tor Browser, also.

The problem is encryption. For the average user it's a bit a pain to understand and use. Then again, I'm sure if people want it enough they will learn.

Encryption is hard enough for developers and IT people to understand.

You have , for example websites that say "your data is protected by 256 bit encryption!". What does that even mean? Is just encrypted in transit? Is it only stored in an encrypted form on the other end? What is the key and who has to know it?

There is also a pretty big disadvantage to using good crypto, mainly if you lose/forget the key (or password used to derive it) you are completely fucked.

It's not that you have to understand the details of the math of encryption or write your own library, you need to understand the processes required to use it. It's easier figure how to use GPG/PGP than use Mercurial or git.

And almost all users, and most IT folks and developers are too lazy to follow processes. Plus management and shareholders don't want to invest the time and money for training or implementation.

I guess what we're seeing is basically, when it comes straight down to it: We are all pretty damn lazy.

It's a fair point, but I think from a users point of view they should really need to get bogged down with the tchnical details.

It can feel a bit "advanced" for the average user to setup, but if that is the case and they NEED privacy then they could use something like http://www.hushmail.com/ which will encrypt the emails (but only with other users with encryption keys). It's web based to there's the whole use from anywhere thing... Of course, just use Thunderbird and get the whole things for free :)

Don't use PGP! It's cumbersome and difficult to use with other people easily. It doesn't give you forward secrecy or deniability. Use OTR and have it always on, any client that has implemented OTR will turn it on automatically. Use passworded archives to encrypt file sets, it's something most computers and users understand.

Do chat clients fall back to non-OTR when the other client doesn't support it? As I recall there are some chat clients that have an "OTR" feature that really just turns off logging. I imagine it being quite the hassle getting the other person working with it.

Adium does this, optionally. It is configurable. It is occasionally a PITA, but usually "just works"

Tor is not for privacy, it provides pseudo-anonymity. This is a pretty dangerous misunderstanding if you require privacy.

Intelligence agencies still use olde skool techniques for a very good reasons. No electronic coms method is 100% secure, Tor included. In fact, the sense of security it provides is a problem in its self. Want privacy? First strike out electronic coms.

I have to wonder if nowadays its safer to simply pick up an analogue telephone, call up your terrorist cell, gun runner, drug dealer, politician, prosecutor, whatever, and simply tell them what to do. Or just write an old fashioned letter. Would the NSA even see that coming? Yeah, I know.....

Sorry, more...

Who is being "spied" on. I find it odd that uber evil people would even begin to use the internet for communicating. We "geeks" are paranoid enough, how paranoid are the evil doers? Would they not just assume that what ever electronics they are using, some government agency will have a way in? I would. Most here seem to have that feeling. But international terrorists and bankers don't? (I include bankers because they have damaged me and every one I know more so than any terrorist could ever hope to. They are so much better at terrorising me than AQ could ever have hoped to.)

Well, law enforcement must surely know this, so what is all the data they are collecting and back doors for? Not big evil crime, so it must be for us, the "plebs".

How useful is all this data for politicians and power people? Business, politics and people control. That what it is for. We get blinded by scare stories, while a mass of benign data is used to help those in power remain there. What else is there?

Or is that paranoid tin foil hat stuff?

This is why dropbox communications are preferred to point-to-point protocols, where a dropbox might be a physical box, but is more likely to be a classified posting in a newspaper (old school), online classifieds (hello, Craigslist), radio "numbers station", a posting on a community bulletin board, flyers on telephone poles (or other public property), etc. Often the overt message will be putatively legitimate (an item for sale, a job offer, services offering, business advert), but coded within it will be a ciphertext message of interest to the designated target.

In a recent discussion (which I can't track down at the moment) of Wikileaks and Julian Assange somone noted the juxtiposition of photos of Wikileaks' own dataceter, and the paper-based filing system of the FBI during the 1950s. Whilst computers make accessing, analyzing, and searching through large record dumps much more efficient, they also make disclosure of those same documents to others, including unauthorized others, more efficient.

It's sort of depressing that you offer "total privacy" and then go to a magic bullet solution.

Total privacy is not found by having a go-to technology. It's found by having a vast understanding of information tech in general, knowing the current state of defeating security protocols, and assuming that anyone interested in your data is one step beyond that.

Sometimes that means Tor is enough. But not always.

So you trust an anonymous individual that does not need to abide to any laws more than a commercial company located in the US (or another country)? I wouldn't expect any privacy at all when using tormail.org. If you want to have secure communication I'd suggest RetroShare. Or if you want to use more traditional means of communication PGP and OTR.

"Do not expect any privacy by using any commercial communication platform or solution."

I'd say don't expect privacy - end of story. Commercial platforms as well as "secure" ones that use encryption are still liable to surveillance and confiscation of data. I think, when you're on the net, your data is always being saved somewhere (since that's usually a big revenue model, and also simply a software development practice for analyzing users/software bugs, etc), even if your connection is secure. The only way I could see that anything could purport to be "truly" absolute on your privacy would be that they - like DuckDuckGo for example - simply would not save any data, period. If you have that plus encryption, you still have the problem of your ISP, which is semi-mitigated by Tor-based solutions.

It depends on the type of "privacy" you need, but your ISP isn't a threat if you're using good crypto, unless you're just worried about connecting to marked IPs, in which case a proxy, VPN, or asking your collaborator to open up a new IP are all viable resolutions.

I would not recommend Tormail. Or do you know who it runs?

The point is, as it's a hidden service, you don't know. It would defeat the purpose if you knew who was running it. I know there are concerns with that, "It could be a honeypot!!" etc. Though it's also the reason why you would use GPG/PGP to encrypt your messages with the people you are conversing with. So, even if it is a honeypot, they wouldn't see your data.

So why is it better to use tormail.org than to use crypto and send from your real mail server? You don't want the ISP to see your SMTP headers? You don't want the address you're mailing to recorded on your typical SMTP server (probably Gmail and therefore subject to uninformed subpoena and/or warrant)? It seems in most cases, unless you're trying to mail osama.bin.laden@alqaeda.org, it wouldn't be a problem to use conventional SMTP headers.

i.e. the long and short of this issue is, if there's a problem with someone seeing the SMTP headers on your mails, you're doing it wrong. If tormail is a honey pot, it's a much more concentrated source of suspicious data than the inconspicuous mail sent through Gmail or another typical route, and therefore those routes may in fact be much safer, because your mail is not likely to come under any scrutiny there unless you try really hard to call attention to yourself (by sending mail to the recipient listed above, for example).

As far as I can tell, the advantage of using tormail (the hidden service) coupled with GPG/PGP is simply the added layer of security (which is anonymity). Like I stated before, Tor isn't necessarily for privacy. It is all about anonymity. So if a person doesn't encrypt their messages there is a (slight?) chance of their messages being read. This could lead to compromising your anonymity and privacy.

With GPG/PGP encrypted messages, you will not have this problem as much.

If a person is only seeking privacy then GPG/PGP is more than enough to secure their messages (while keeping in mind the headers are visible - just alter it).

It think tormail is great for journalists etc. who need anonymity to protect themselves from dangerous times. That's about the only thing I would use it for.

So, basically, the only benefit is that your IP is not exposed. I think there are much better alternatives than Tor for that, and I definitely don't think it really justifies using a custom "private" mail service that easily could be a honey pot.

I use PGP for as much mail as I can on my normal server. Even if you use PGP, it's still not a good idea to use a honeypot unless the risks at play have been carefully calculated aforehand. We want the available attack surface to be as small as possible, for lots of potential reasons: PGP mails can be encrypted incorrectly either by operator error or a bug in your crypto stack, recipients may be able to be divined from the crypted message, the government may have a secret weapon capable of decrypting certain messages, the government definitely can make an educated attempt if they determine your content is high-value, etc. etc.

Basically I think a good privacy setup shouldn't need to include anonymously-run services like tormail that are just as likely (if not more likely) to be honeypots as honestly run by a kind-hearted security enthusiast with impenetrable integrity.

That's a good point. Tormail is 'produced independently from the TorĀ® anonymity software and carries no guarantee from The Tor Project about quality, suitability or anything else.' Further information is not available.

Privacybox.de is a good open source alternative if you need people to email you encrypted and they have no idea about encryption. You can forward it to a nym server or tormail, or just retrieve it from their i2p or tor hidden service though I don't trust tormail whatsoever it could disappear or go down at anytime and lose all your emails.

As for Jitsi from riseup.net "In the past, we have recommended that people avoid Jitsi. It had a flaw that made it easy for an attacker to force Jitsi to use unencrypted connections. Supposedly, this has been fixed, but we are not sure in what version."

According to jitsi-dev mailing list it doesn't work so well with a VPN either.

Please encrypt your communications whenever it's possible. Not because you have something to hide, but because there are many entities handling our private data that do not necessarily have their interests aligned with our personal privacy (probably an understatement).

For text messaging (Android only) I use the excellent 'TextSecure' app, which is an open source drop-in replacement for the standard messaging app on your phone. You can read more about it at http://www.whispersystems.org/

The aforementioned Whisper Systems also has an app called 'RedPhone' for secure voice, but I have yet to try it. If anyone uses it, I would be very glad to hear your opinion.

I use Redphone almost everyday. They now have global coverage except for most of the Middle East and some parts of Eastern Europe. The Egyptian server apparently doesn't relay so well either last I heard on the mailing list.

Works as advertised in China which is great success for businesses worried about their blackberries or iphones being exploited by industrial espionage.

Another bonus is moxie is considering moving everything over to voip so you won't even need a cell contract (since google voice numbers don't work worldwide). Move around the city like a ninja using wifi

Skype has encryption, same for cell phones.

The problem is that it's not end-to-end crypto, which means the provider can betray you.

It's also possible for skype to run arbitrary stuff on your system at any time, by design, from Skype HQ: http://www.kyrus-tech.com/go-skype-go/

during that incident it was excellent, because Skype admins told complaining users that they were infected with malware.

They've also been very happy to give data away even without warrants, about some Wikileaks supporters:


Several game publishers I have worked for have banned Skype and made it a fireable offense to use it. And that's just games...

Heh, several of my clients, most of whom have more sensitive data than a game company would have, mandate the use of Skype for IM. It really is a good IM platform, with the ability to edit/remove last message sent, easily build chats/conferences, the "send file" functionality actually works, and of course, it's simple to launch into a voice or video call right from the client. It's a shame that no other IM protocol even comes close to that.

On the other hand, Skype does keep logs of all your conversations on their servers, seemingly indefinitely. There's no easy crypto drop-in like OTR that I know of, and there's no easily evident way to delete those logs. I refuse to use it for non-mandated chats for these reasons.

Google, Facebook, Apple and Amazon are all US companies. Who do they let spy?

Concerns about Microsoft are not unique to Microsoft. They are just a popular vessel for the internet's unease.

In their defense, Google does try to be as transparent about these legal obligations as possible: http://www.google.com/transparencyreport/userdatarequests/

Google do in the context of law enforcement.

Very little information on the security services (e.g. NSA).

Skype's primary business is (video) telephony and IMs. In most cases, these are far more likely to contain sensitive data than the others you've listed. Google rivals it with Gmail of course, but Google also has very transparent privacy controls and makes it simple to know if you've cleared your chat logs, disabled things like Web History and Search History, removed certain emails, etc. Skype is completely opaque on such matters.

Honestly I'm uncomfortable using anything except a local Mumble server for VoIP telephony. Been using Google Hangouts recently for video calling, but would be interested in a Mumble equivalent for video.

Given Microsoft's track record for security, questioning the competence of any of their offerings is just good sense and due diligence. Given Microsoft's track record for honesty, questioning their motives is also good sense.

Microsoft doesn't exactly have a good reputation to begin with in this field.

Some years ago it was common that your messages through Live Messenger (and Windows Messenger when it was still called so) got censored in real time. In one case any message containing the string "download.php" never reached the receiver and another time the same was true if your message contained a link to the piratebay or simply the phrase "live messenger". I can't remember any more concrete examples but there were many times you could easily figure out the pattern.

citation desired? I'm curious.

I hate to be "that guy" and I hope this isn't unbearably naive, but why doesn't free software seem to even be mentioned in this discussion?

It is, although you have to read between the lines (and perhaps know a bit of Schneier's previous writings): when Schneier talks about locked down devices, it's helpful to know that previously he has talked about open source as necessary for good security (http://www.schneier.com/crypto-gram-9909.html), therefore locked down systems where you can't get the source (or run your own software) cannot be fully vetted for trustworthiness. This applies on two counts: if you cannot get source, you have to have faith in the competence of those providing the software, as well as trust that the motives of those offering it are in your best interest. With open source software, you don't have to make either one of these (dangerous) assumptions.

Note that free software alone does not solve the problem. See:


Even if the software was free, Microsoft could still spy on you. (I'm planning on writing a much more detailed response about how this relates to free software and SaaS later today; I'm stuck at work for now.)

Skype is "free software." I take it you mean /open source/ software?

Frankly it is because there is NO open source software in the VoIP/IM/etc space that is worth five minutes of your time, let alone full usage of.

Every time this point comes up the OSS apologists start naming some convoluted solution involving stringing five different software packages (and a SIP provider!) together to get even then a barely workable solution.

In general this is one of the least competitive sectors that exists. Right now we have Google+ and Skype, and even Google+ barely implements 1/8th of Skype's feature set.

>Skype is "free software." I take it you mean /open source/ software?

No, he means free software. [0] [1]

[0]: https://en.wikipedia.org/wiki/Free_software

[1]: This confusion is why the term "open source" was invented.

The term "open source" was coined to sell free software to business/the masses, ignoring the core of RMS' philosophy (with which not everyone agreed). The terms are different.

I do not understand where was this noise over security when Skype was under another American company, the Ebay?

It's because Microsoft has centralised Skype's network. Previously node discovery and other services where essentially Peer-to-peer and thus more difficult to monitor.

See: http://arstechnica.com/business/2012/05/skype-replaces-p2p-s...

They've also recently declared Skype to be the replacement for Messenger.


I think now it is being force fed to all windows users so it is a bit different.

FTA: "That's security in today's world. We have no choice but to trust Microsoft. Microsoft has reasons to be trustworthy, but they also have reasons to betray our trust in favor of other interests. And all we can do is ask them nicely to tell us first."

Schneier's opinion on security is generally held in high regard, however, in this instance, his fallacious reasoning is somewhat surprising.

IOW, it's highly unlikely that 'trusting Microsoft', is the only option we have.

Are there any encrypted alternatives to Skype?

For video-calling there aren't that many except Jitsi, but I suspect there will be more encrypted WebRTC web apps soon.

For mobile there's SilentCircle, but it's $20 a month or something.

Would it be possible to dll inject skype and automatically encrypt all text / video between you and another person running the same injected dll?

I imagine that's against TOS or something though. I've just always wondered if it was possible.

I'm sure it is possible, but keeping it from breaking with every release is going to be tricky.

Plus one of Skype's benefits is that it works on "everything" (Windows, Linux, Mac, Android, iOS, etc); so your solution is only as good as the platforms you can tag.

You could as well use an external tool to en/decrypt your text with for example blowfish + base64 encoding and use Skype just as the transportation layer of the encrypted messages.

Jitsi is one.

silent circle

I put together a more detailed comment on this:


The NSA, of course.

The sound of silence is really an admission of guilt.

Don't forget ZRTP, and solutions like zfone.

"You can't stop the signal" -- Mr. Universe

We have no choice but to trust Microsoft. Microsoft has reasons to be trustworthy, but they also have reasons to betray our trust in favor of other interests.

Interests are US Federal laws not to mention other countries. When the FBI knocks with a warrant or whatever is needed, Microsoft (Google, or Apple, or FB, or Twitter, or AT&T...) can't do much. Do not trust them for super-sensitive info: if you're gossiping about your in laws, maybe it's safe...drug dealing, assassinations and Al Qaeda stuff probably not so much.

>> if you're gossiping about your in laws, maybe it's safe...drug dealing, assassinations and Al Qaeda stuff probably not so much.

There are more kinds of private conversations than frivolous and evil.

>> Do not trust them for super-sensitive info

Yes, that's the takeaway. We need an easier end-to-end encrypted VOIP method, so you don't have to trust the pipes you're using.

The EFF has some useful information regarding trust and government action (warrants, subpoenas, etc):


so let's say i want to drop skype , what soft can i use which has instant messaging and video communication ?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact