question asked in good faith: does it really matter to a given user exactly how adversaries are successfully attacking Skype? shouldn't some of the things that we've already seen disclosed--e.g. that NSA gained significant, at-scale capabilities against Skype right after it was acquired by Microsoft--be enough to invalidate essentially any crypto-related promises the company may assert, or even those that an audit might support? if not, i think it's at least worth making a distinction between products with known backdoors and products without them. today's TAO attack is tomorrow's phd thesis, etc.
